This article contains information on deploying and managing Mimecast Mobile using EMM solutions, including prerequisites, configuration steps, supported iOS and Android capabilities, and security features like app encryption, remote data wipe, and disabling copy-paste.
Prerequisites
- Ensure you have read Mimecast Mobile - Prerequisites.
Overview
You can deploy Mimecast Mobile via leading EMM solutions that support the AppConfig standards.
This applies to Mimecast Mobile v4 onwards, and Customers with the required EMM infrastructure in place.
This provides the following benefits:
- You can apply security policies that are supported by the AppConfig standards.
- You can manage access to Mimecast Mobile on managed devices, including remote data wipe and removal.
- The application can be deployed directly to managed devices via EMM infrastructure.
- A separate set of Application Settings controls end-user access to the application, allowing you to prevent access to the public version.
Accessing the Application
The application is available from:
Configuring Mimecast
It is best practice to allow access to managed devices only. This ensures employees can't access Mimecast Mobile on devices not under the control of the MDM/EMM.
You can do this by using the following steps:
- Log in to the Mimecast Administration Console.
- Navigate to Users & Groups | Applications.
- Either click on the:
-
- Application Settings to be amended.
- New Application Settings button to create a new application setting.
- Expand the Mobile section.
- Select the Managed Only option from the drop-down.
- Configure the other settings as required.
- Click on Save and Exit.
Deploying
To deploy Mimecast Mobile in Managed mode, refer to the guidance provided by your EMM solution vendor. A list of AppConfig EMM members can be found on the AppConfig Community.
Android
Devices need to be configured for Android Enterprise. Depending on your EMM/MDM solution, you may need to set the below App Configuration.
| Name | Description |
|---|---|
| Manage in Android Enterprise | To manage this app in Android Enterprise, enter any value (e.g. yes). Otherwise, leave the box blank. |
Supported Capabilities
iOS
| Capability | Details |
|---|---|
| App Tunnel | Leverage the Per-app VPN capability available in most commercial VPN solutions, and available in iOS 9+. |
| Single Sign-On | Implement a standard single sign-on protocol (e.g. SAML) and invoke the identity provider log-on page in a web view. Currently not supported by iOS 11. |
| Passcode / TouchID | Set the pincode or TouchID settings on the application. |
| Managed Open-In | Set the managed open in control available by the EMM provider, to restrict the native open in capability. |
| Prevent App Backup | Set the prevent app backup security control available by the EMM provider, to prevent app data backup in iTunes. |
| Disable Screen Capture | Set the prevent screen capture security control available by the EMM provider with iOS 9+, to restrict the native screenshot capability. |
| Enforce App Encryption | Set the device passcode security control available by the EMM provider, to enforce the native iOS data protection encryption. |
| Remotely Wipe App | Distribute the app to the device as a managed application, using the EMM tool, to have the ability to remotely wipe the app from the device. |
| Disable Copy-Paste | Set the copy/paste policy on the application. KEY VALUE = "allowExternalCopyPaste" |
For Azure MDM, Mimecast Mobile uses the com.microsoft.azureauthenticator extension, not com.microsoft.azureauthenticator.ssoextension
Android
| Capability | Details |
|---|---|
| App Tunnel / Per-App VPN | Leverage the Per-App VPN capability available in most commercial VPN solutions. Available in Android 5.0+. |
| Single Sign-On Login Hint | Provide a standardized log-on hint needed to implement tenant discovery for any standard single sign-on protocol (e.g. OAuth or OpenID Connect) and invoke the identity provider logon page for that identity. |
| Passcode | For Android N devices, supported EMM vendors can enforce a passcode to apply only for Work Profile-managed applications. |
| Document Sharing | Use to enforce files to open only in managed applications. |
| Prevent App Backup | Any app deployed under Android 5.0+ managed profiles will not participate in any backup infrastructure. |
| Disable Screen Capture | Use to prevent screenshots. |
| Enforce App Encryption | Enroll your device, and the device will be encrypted as part of the enrollment process. |
| Remotely Wipe App | Distribute the app to the device as a managed application using the EMM tool, to have the ability to remotely wipe the app from the device. |
| Disable Copy-Paste | Containerize copy and pasting to only managed applications. |
Comments
Please sign in to leave a comment.