Implementation Recommendations in Workspace ONE

In this section, the suitable deployment sizes are listed and the features supported by Workspace ONE UEM:

Attachment Encryption

Without hindering the end users’ experience, Workspace ONE UEM can help keep the email attachments secure, with enforced attachment encryption on mobile devices.

iOS and Android support native browsers but do not support Traveller and Workspace One Boxer.

Attachment encryption is supported by SEG and hyperlink transformation on Workspace ONE Boxer, only if these features for the Boxer app configuration are enabled on the UEM console. With office 365 and Exchange 2010/2013/2016/2019, SEG supports attachment encryption. DLP can be imposed at the application level, but SEG does not encrypt attachments for Workspace ONE Boxer.

Email Management

The easiest deployment and management with the greatest level of security is provided in the following list:

Gmail

Cloud Mail Infrastructure:

  • Office 365: Not Available
  • Gmail: Available

On-premise infrastructure:

  • HCL Notes: Not Available
  • Exchange 2019: Available
  • Exchange 2016: Available
  • Exchange 2013: Available
  • Exchange 2010: Available

 

Powershell

Cloud Mail Infrastructure:

  • Office 365: Available
  • Gmail: Not available

On-premise infrastructure:

  • HCL Notes: Not available
  • Exchange 2019: Available
  • Exchange 2016: Available
  • Exchange 2013: Available
  • Exchange 2010: Available

 

Secure Email Gateway

Cloud Mail Infrastructure:

  • Office 365: Available
  • Gmail: Available

On-premise infrastructure:

  • HCL Notes: Available
  • Exchange 2019: Available
  • Exchange 2016: Available
  • Exchange 2013: Available
  • Exchange 2010: Available

With deployments greater than 100,000 devices, the Secure Email Gateway is used to secure Email Gateway (SEG) for all on-premises email infrastructures. PowerShell is another alternative for your email management that can be used for deployments of less than 100,000 devices.

Depending on the most recent set of completed performance tests, the threshold for PowerShell implementations is based and can change on a release by release basis. Reasonably faster sync and run compliance time frames (less than three hours) can be expected for deployments up to 50,000 devices. The administrators can expect the sync and run compliance processes to continue to increase in the 3–7 hour time frame as the deployment size expands closer to 100,000 devices.

Secure Email Gateway vs PowerShell Decision Matrix

Secure Email Gateway

The deployment model Proxy model with configuration mode Secure Email Gateway (Proxy) for mail infrastructures Novel GroupWise (with EAS)Google Apps for Work Microsoft Exchange 2010, 2013, 2016 IBM Domino with Lotus Notes. Additional configuration for the SEG proxy model is required for Office 365.

Pros:

Transformation of hyperlink

Compliance in real-time

Attachment encryption

Cons:

To prohibit end-users from directly connecting to Office 365 (around SEG), ADFS must be customized. Additional servers are required.

All on-premises email infrastructures with deployments of greater than 100,000 devices, AirWatch recommends using the Secure Email Gateway (SEG).

Powershell

The deployment model Direct model with configuration mode Google model for mail infrastructures Google Apps for Work. With cloud-based email servers, AirWatch recommends the Direct model of Integration.

Pros:

Before being routed to Office 365, Mail traffic does not route to on-premises servers, so AFS is not required. For email management, no additional on-premises servers are required.

Cons:

Real-time compliance sync is not required.

For larger deployments (greater than 100,000 devices), this deployment is not recommended.

To containerize attachments and hyperlinks, AirWatch Inbox must be used in AirWatch Content Locker and AirWatch Browser.

PowerShell is another option for email management for deployments of less than 100,000 devices or cloud-based Email. The PowerShell model will be utilized, and the AirWatch Inbox will be used for mail because this design includes Office 365-based Email. The best protection available against data leakage of corporate information is offered while this decision restricts employee choice of mail client and removes native email access in the mobile productivity service.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.