How to configure App Configuration Policies
Introduction
Nine Work is a full-fledged email application for Android based on Direct Push technology to synchronize with Microsoft Exchange Server using Microsoft Exchange ActiveSync, and also designed for entrepreneurs or ordinary people who want to have efficient communication with their colleagues, friends, and family members at anytime, anywhere. You may already have good experience with other E-Mail apps for Android. Regardless of your existing experience, we will give you a superb experience more than anything else. Leveraging E-Mail, Contacts, Calendar, Tasks and Notes on your mobile devices through wireless networks enhances your user experience and dramatically reduces your time.
Android Package Name: com.ninefolders.hd3.work.airwatch
1. Airwatch Concole Settings
- Console>Apps & Books>Applications>List View>Internal>ADD APPLICATION
- Select APK to Upload
- Details>Name>Change Application Name (eg, Nine Work)
- More>SDK>Select SDK Profile and Application Profil
- Save & Assign
- ADD ASSIGNMENT
- Smart Group>ADVANCED>APPLICATION CONFIGURATION>Set Configuration
The followings are mandatory fields.- AppServiceHost
- AppServicePublisher
- UserEmail
- UserName
Note: https://apidev.awmdm.com/AirWatch/HelpSystem/en/Content/Online_Help_Topics/MAM_Internal_Apps_Overview.htm
2. Client Certificate Settings
- Apps & Books>All Apps & Books Settings>Apps>Settings And Policies>Profiles>Add Profile
- Select Application Profile
- Select Android and add Credentials
- Apps & Books>List View>Nine Work>Edit>More>SDK>Application Profile
- Set AppUseLoginCertificate as True on Application Configuration
- Select Client Certificate on Nine Work
3. Install Nine Work
- Airwatch Agent>AppCatalog>Install Nine Work
- If it is not installed automatically, please install Nine Work in Airwatch Agent.
- Airwatch Agent>Managed Apps
Nine supports the following types of configurations.
- App service configuration: Host, Port, UseSSL, DeviceIdPrefix, DeviceType
- User configuration: Username, Email, Domain, DisplayName, Signature, LicenseNumber
- Branding configuration: Company name, Colors, Logo
- Security (or Custom) Settings: Sync settings, Print, Share contents
The following values are able to be used.
- {EmailAddress}
- {EmailDomain}
- {EmailUserName}
- {EmailPassword}
- {EasDeviceIdentifier}
- {DeviceAssetNumber}
Note: If Type is Boolean, Value Type item should be set as String Type.
Nine Configuration Settings Values
* App Service Configuration allows the application to connect to the appropriate app web services for an organization.
Key | Required | Type | Example | Default | Description |
---|---|---|---|---|---|
AppServicePublisher | Y | String | (e.g. Airwatch) | MDM service provider | |
AppServiceHost | Y | String | (e.g. appserver.com) | Hostname used to communicate with the application’s primary server (e.g. myserver.com). Application should implement its own default value. | |
AppServiceHosts | N | String | (e.g. appserver.com;example.com) | If multiple hosts can be configured in the application, they will be sent as a string array. The first host in the list will be used as the default. | |
AppServiceSecondaryHost | N | String | (e.g. appserver.com) | Server address for the subordinate accounts | |
AppServiceSecondaryHosts | N | String | (e.g. appserver.com;example.com) | Server addresses for the subordinate accounts. | |
AppSecondaryEmailDomains | N | String | (e.g. appserver.com;example.com) | Email domains for the subordinate accounts. | |
AppServicePort | N | Integer | (e.g. 443) | 443 | Port number used to communicate with the application’s primary server (e.g. 443). Application should implement its own default value. |
AppServiceUseSSL | N | String | (e.g. True, False) | True | Determines if the application should use SSL when communicating to the applications’ server. Application should implement a default value. |
AppServiceSSLTrustAll | N | String | (e.g. True, False) | True | Accept all SSL certificates |
AppDeviceIdPrefix | N | String | (e.g. MSFT, YHOO) | Nine | Prefix for distinguishing DeviceID, (4 alphabetic letters) |
AppUserAgent | N | String | (e.g. Nine, MDM) | App name which is used in User Agent | |
AppUserAgentPrefix | N | String | Full text which is used in User Agent | ||
AppDeviceId | N | String | (e.g. {EasDeviceIdentifier}) | Device ID that the ActiveSync server uses for the device. AirWatch SEG (Secure Email Gateway): {EasDeviceIdentifier} | |
AppDeviceType | N | String | (e.g. Android) | Android | Device Type |
AppUseLoginCertificate | N | String | (e.g. True, False) | False | Client CA |
AppReqParamPlaintext | N | String | (e.g. True, False) | False | "The query value format in the URI contains all of the ActiveSync URI parameters. e.g.) Base64: POST /Microsoft-Server-ActiveSync?jAAJBAp2MTQwRGV2aWNlAApTbWFydFBob25l HTTP/1.1 Plain text: POST /Microsoft-Server- ActiveSync?Cmd=Sync&User=rmjones&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1" |
AppPasswordEnable | N | Integer | (e.g, -1, 0, 1) | -1 | App password Enable -1 : Use Exchange Policy 0 : Disabled 1 : Enabled |
AppPasswordComplexity | N | Integer | (e.g. 0) | 0 | App password complexity (0 : Simple, 1: Alphanumeric) |
AppPasswordMinLength | N | Integer | (e.g. 4) | 0 | App Password Minimum length |
AppPasswordExpirationDays | N | Integer | (e.g. 90) | 0 | App Password expiration date |
AppPasswordHistory | N | Integer | (e.g. 9) | 0 | App Password History counts |
AppPasswordMaxFailed | N | Integer | (e.g. 10) | 0 | App Password Maximum failure counts |
AppPasswordLockTime | N | Integer | (e.g. 60) | 0 | App Password Maximum Lock Time (Min.) |
AppPasswordComplexChar | N | Integer | (e.g. 0) | 0 | App Password complex characters 0 : none 1,2 : letter + digit 3 : letter + digit + symbol 4 : letter (upper & lower) + digit + symbol |
AppConfigRefreshInterval | N | Integer | (e.g. 24) | 24 | App Config Refresh (hour) |
AppUseModernAuthentication | N | String | (e.g. True, False) | False | Modern Authentication (ADAL) |
AppCustomerServiceEmail | N | String | Default: support@9folders.com | ||
AppLauncherShortcuts | N | String | [ "Mail", "Calendar", "Contacts", "Tasks", "Notes" ] | eg) Add Calendar and Tasks shortcuts as default. [ "Calendar", "Tasks" ] | |
AppPreemptivePushScheduling | N | Integer | (e.g. -1, 0, 1) | -1 | -1: User can select the option 0: Admin disables the option forcibly. User can't change the option. 1: Admin enables the option forcibly. User can't change the option. |
AppEWSURL | N | String | https://outlook.office365.com:443/EWS/Exchange.asmx | ||
AppSecureMailLoadRemoteImages | N | Integer | (e.g. -1, 0, 1, 2) | -1 | -1: User can select the option 0: Do not load 1: Ask before displaying remote images 2: Always display remote images |
AppStrings | N | String (JSON) | { "compliance_changed_ticker_fmt": "Account $account_name changed its compliance settings; no user action is required.", "compliance_notification_content_change_title": "Compliance have changed" } | "" | DO NOT remove $account_name in the string |
AppDisableURLRedirection | N | String | (e.g. True, False) | False | |
AppLDAPConfigurations | N | String (JSON) | e.g. [ { "Description": "Default", "ServerAddress": "ldap.example.com", "ServerPort": "389", "TransportSecurity": 1, "SearchBase": "dc=mkt,dc=mainstore,dc=com", "BindDN": "", "BindPassword": "" } ] | Description : Title of the configuration (mandatory, unique) ServerAddress : LDAP server address or IP address (mandatory) ServerPort : LDAP server port (mandatory) TransportSecurity : 0: None, 1: SSL, 2: StartTLS SearchBase : LDAP Naming base DN (mandatory) BindDN : Leave empty for anonymous BindPassword : Leave empty for anonymous | |
AppSelectiveAuthentication | N | String | (e.g. True, False) | false |
* User Configuration allows the application to detect the user of the application, however does not authenticate the user.
Key | Required | Type | Example | Default | Description |
---|---|---|---|---|---|
UserName | Y | String | (e.g. wtillman) |
| Username of the user who is using the device. Value to be used by application to authenticate user. |
UserEmail | Y | String | (e.g. will@company.com) |
| Email address of the user who is using the application |
UserPassword | N | String | (e.g. ****) | Password for the user who is using the application | |
UserDomain | N | String | (e.g. NADOMAIN) |
| Domain of the user who is using the application Multiple domains are able to be set with semicolon. (eg. NADOMAIN1;NADOMAIN2) |
UserDisplayName | N | String | (e.g. James) |
| User name which is displayed in Nine app |
UserSignature | N | String | (e.g. ABC Company, James, CIO, +4081234567) |
| Email signature. If empty, use "Sent from Nine" |
UserLicenseNumber | N | String | (e.g. 123456781234) |
| License key which is purchased in 9Folders web site |
UserEmailSyncRange | N | Integer | 0: All | ||
UserEmailDownloadSize | N | Integer | 0: All | ||
UserDefaultCalendar | N | String | (e.g. com.google.android.calendar) | Package name of the Calendar app which is used as the default Calendar. If it is empty, Nine Calendar is used as default. | |
UserFontFamily | N | String | (e.g. Calibri, Arial, Helvetica, sans-serif) | Default font family for outgoing email. | |
UserFontSize | N | String | (e.g. 11.5) | Default font size for outgoing email. | |
UserFontColor | N | String | (e.g. #000000) | Default font color for outgoing new email. | |
UserReplyFontColor | N | String | (e.g. #1F497D) | Default font color for reply email. | |
UserInAppCalendarNotification | N | String | (e.g. True, False) | True | Calendar notification settings |
UserDefaultEditor | N | Integer | (e.g. 0, 1) | 0 | 0: Rich Text Editor 1: Text Editor |
UserMessageFormat | N | Integer | (eg, 0, 1, 2) | 1 | 0: Text format 1: Html format 2: MIME format |
UserContactsFieldsLevel | N | Integer | (eg, 0, 1, 2) | 0 | 0: All Fields 1: Minimum Fields (Name Fields, Phone Fields, Photo Field, 2: All fields except Email address) |
PolicyMaxEmailLookback | N | Integer | -1 |
0: All 1: 1 Day 2: 3 days 3: 1 week 4: 2 weeks 5: 1 month | |
UserSyncSystemCalendarStorage | N | String | (e.g. True, False) | FALSE | Default value for syncing to the system Calendar storage |
UserSyncSystemContactsStorage | N | String | (e.g. True, False) | FALSE | Default value for syncing to the system Contacts storage |
UserDownloadableAttachmentsMaxSize | N | Integer | 0 | xx: xxMB Limited 0 Unlimited (Default) eg) 10: 10MB Limited 25: 25MB Limited | |
UserReportDiagnosticInfo | N | String | (e.g. True, False) | TRUE | |
UserBiometricUnlock | N | String | (e.g. True, False) | FALSE | |
UserNotesTemplate | N | String | Ex) "UserNotesTemplate": { "Title": "Memo", "Template": "To: \nFrom: \nDate: \nSubject: \n\n" } | ||
UserLoadRemoteImages | N | String | (e.g. True, False) | FALSE | |
EnforceExternalBrowsers | N | String | (e.g. com.microsoft.emmx, com.android.chrome) | "" | The package names of the Browser app which is used as the default Browser. |
* Branding Configuration allows an application to customize the look and feel for a specific organization.
Key | Required | Type | Example | Default | Description |
---|---|---|---|---|---|
BrandingLogo | N | String | (e.g.. http://myserver/image.png) |
| String representing HTTP URL of the image to download and display as the main wallpaper within the application. Each application could implement the visual representation differently. - Recommend format: PNG (Other formats are applicable) - Background color: #ff009688 - Recommend resolution: 720x264 (Max 1024x1024) |
BrandingSplashLogo | N | String | (e.g.. http://myserver/image.png) | String representing HTTP URL of the image to download and display as the logo image in the splash screen. Images recommended to be in PNG format. Size: 720x264 | |
BrandingName | N | String | (e.g. Company Name) |
| String representing the company name which could be displayed in the application. |
BrandingColor | N | String | (e.g. #1F497D) | RGB(31, 73, 125) |
* Security (or Custom) Settings allows an application to enable or disable certain security features
Key | Required | Type | Example | Default | Description |
---|---|---|---|---|---|
AllowEmailSync | N | String | (e.g. True, False) | True | Allow Email sync |
AllowCalendarSync | N | String | (e.g. True, False) | True | Allow Calendar sync |
AllowContactsSync | N | String | (e.g. True, False) | True | Allow Contacts sync |
AllowTasksSync | N | String | (e.g. True, False) | True | Allow Tasks sync |
AllowNotesSync | N | String | (e.g. True, False) | True | Allow Notes sync |
AllowPrint | N | String | (e.g. True, False) | True | Allow print |
AllowShareContents | N | String | (e.g. True, False) | True | Allow to share the contents of Email/Tasks/Notes |
AllowShareAttachment | N | String | (e.g. True, False) | False | Allow to share the attachments to 3rd party app |
AllowSaveAttachment | N | String | (e.g. True, False) | False | Allow to save attachments into external storage |
AllowGalShare | N | String | (e.g. True, False) | False | Allow to deliver the GAL search results to 3rd party app |
IgnoreExchangePolicy | N | String | (e.g. True, False) | False | Disregard Exchange Policy. Instead, MDM controls the policy. |
AllowDeleteOwnAccount | N | String | (e.g. True, False) | True | |
AllowMultipleAccount | N | String | (e.g. True, False) | False | Allow to set up multiple accounts |
AllowReFwdFromDA | N | String | (e.g. True, False) | True | Allow to forward or reply from a different account than the message originated from. |
AllowAutoConfig | N | String | (e.g. True, False) | False | |
AllowSyncSystemCalendarStorage | N | String | (e.g. True, False) | False | Allow for Nine Calendar data to sync to system calendar storage. Users can see Nine Calendar data on the stock Calendar app. |
AllowSyncSystemContactsStorage | N | String | (e.g. True, False) | False | Allow for Nine Contacts data to sync to system contacts storage. Users can see Nine Contacts data on the stock Contacts app. |
AllowManualUserConfig | N | String | (e.g. True, False) | False | Allow to set up UserName and UserEmail manually. |
AllowSecondaryAccountEmailSync | N | String | (e.g. True, False) | True | Allow to sync Email for the secondary accounts |
AllowSecondaryAccountCalendarSync | N | String | (e.g. True, False) | True | Allow to sync Calendar for the secondary accounts |
AllowSecondaryAccountContactsSync | N | String | (e.g. True, False) | True | Allow to sync Contacts for the secondary accounts |
AllowSecondaryAccountTasksSync | N | String | (e.g. True, False) | True | Allow to sync Tasks for the secondary accounts |
AllowSecondaryAccountNotesSync | N | String | (e.g. True, False) | True | Allow to sync Notes for the secondary accounts |
AllowScreenShot | N | String | (e.g. True, False) | True | If set to False, users can’t save a screenshot of the display and are prevented from capturing a screen recording as well. |
AllowCamera | N | String | (e.g. True, False) | True | Allow to use Camera |
AllowCopyPaste | N | String | (e.g. True, False) | True | Allow Copy/Paste |
AllowExportMessage | N | String | (e.g. True, False) | False | Allow to export Message |
AllowEWSConnectivity | N | String | (e.g. True, False) | True | Allow EWS connectivity for the features such as Shared Calendar features. |
AllowBiometricUnlock | N | String | (e.g. True, False) | True | Allow Biometric authentication such as Fingerprint to unlock screen. |
ActiveSync server synchronization due to app configuration
Nine Work synchronizes all emails, tasks, notes, contacts and calendar items with the ActiveSync server when the device user first launches Nine Work. It also does a full synchronization or delete account if you change the values of the following keys in the app configuration:
• AppDeviceId (Full synchronization)
• AppDeviceIdPrefix (Full synchronization)
• AppDeviceType (Full synchronization)
• AppUserAgentPrefix (Full synchronization)
• AppUserAgent (Full synchronization)
• UserEmail (Delete account)
The full synchronization or delete account occurs the next time the device checks in after you have changed the app configuration.