How to restrict end-users to configure email settings on personal profile?

How to restrict end-users to configure email settings on personal profile?

Hi guys,

Target Devices: BYOD

Work-email should not be used/configured on personal profile. Is there a workaround via SOTI Mobicontrol that we can restrict the end-user to use email-app on their personal profile?

Here are my ideas if it is possible, maybe you can enlighten me how to do it:

  1. Admin will not broadcast Mail Server settings to end-users
  • Admin will push email app/client
  • Admin will preconfigure the mail settings
  • Work-Profile Email app does hide mail settings so that user can’t copy and configured it to their personal mail client
  1. Configure mail server to only be accessible via SOTI Surf

 

Or if you have any suggestions, appreciate if you could share

Thanks!

  • 25 June 2018
  • SOTI MobiControl
  • 8 Answers
  • 0 Upvote
  • 1 Follower
  • 1.8K Views
    • 8 Answers
    • 0 Upvote
    • 1 Follower

8 Answers

Order By:   Standard | Newest | Votes
Raymond, Chan | posted this 25 June 2018

No MDM policy can be imposed on personal profile in BYOD.  That is exactly the expected behavior for BYOD by definition.

 

  • 0
  • 0
Benedict Lumabi | posted this 25 June 2018

Can we do a workaround or alternative way on the scenario?

  • 0
  • 0
Raymond, Chan | posted this 25 June 2018

If your corporate email server supports required security features  (such as AD/LDAP authentication, certificates, etc.), you can push the required certificate for use by the email client within the work profile.  Any email client installed by the end-user in the personal profile should not be able to access his/her corporate email account content due to the lack of the required certificate.

 

 

 

 

  • 0
  • 0
Jon Bustos | posted this 25 June 2018

Thanks Raymond. I'd like to clarify, where in MobiControl can we set this up? Is this applicable for both Android and iOS?

  • 0
  • 0
Raymond, Chan | posted this 25 June 2018

Certificate payload in either Android or iOS profiles is used for certificate deployment.

 

However, the more crucial part is the actual configuration of your e-mail server, which has basically nothing to do with MoibControl.

 

If your email server has been set up to use AD/LDAP to authenticate your email end-user on non-shared mobile devices,  you might also set up AD/LDAP integration in the Servers tab of MobiControl.

 

  

  • 0
  • 0
Benedict Lumabi | posted this 26 June 2018

Hi Raymond,

If we push certificates onto devices, how can we separate certificates on personal-email-client and work-email-client? If we deploy certificates via Mobicontrol or Mail server, can this certificate be only used on Work-email-client? I'm new to stuffs regarding certificates.

Thanks

  • 0
  • 0
Raymond, Chan | posted this 26 June 2018

When you mentioned BYOD, I assumed that you are using containerization (Android Enterprise device-owner mode, Samsung Knox, etc.).  So certificate payload only targets email client app in the container, which is a totally separate memory space not accessible by personal apps in the personal profile (i.e. outside the container).

 

 

  • 0
  • 0
Support Staff | posted this 20 July 2018

Hi Benedict, 

 

Have you tried configuring the email application yet in your BYOD environment on these devices?  If so, are you having difficulty theoretically in how this would be applied or have you already tested in the Enterprise work spaces and have found the containerization does allow for them to install the work profile in the personal space using the certificates that have been deployed VIA MobiControl.

 

I would like to think the intention of separate work spaces has has always been to have the separation you require by default and to allow the admin to configure corporate settings to only be accessible in that container. 

 

Let me know if you are having a different experience. 

 

I am including a link for both iOS, Android and Android Enterprise e-mail setup for anyone else that may be looking for configuration info below.

 

https://www.soti.net/mc/help/v13/en/default.htm#Web/Devices/WindowsMobile/WebDeviceExchangeActiveSync.htm?Highlight=Email

 

https://www.soti.net/mc/help/v13/en/default.htm#Web/Profiles/AndroidPlus/AndroidWork/Email.html?Highlight=Email

 

https://www.soti.net/mc/help/v13/en/default.htm#Web/Profiles/AndroidPlus/Email-Configuration.htm?Highlight=Email

 

 

Cheers,

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | soti.net |

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback