Deploying Secure Mail
To deploy Secure Mail with Citrix Endpoint Management (formerly, XenMobile), follow these general steps:
You can integrate Secure Mail with an Exchange Server or IBM Notes Traveler Server to keep Secure Mail in sync with Microsoft Exchange or IBM Notes. If you use IBM Notes, configure the IBM Notes Traveler server. The configuration uses Active Directory credentials to authenticate to Exchange or the IBM Notes Traveler server. For details, see Integrating Exchange Server or IBM Notes Traveler Server.
You cannot sync mail from Secure Mail with IBM Notes Traveler (formerly IBM Lotus Notes Traveler). This Lotus Notes third-party capability is not currently supported. As a result, when you delete a responded meeting mail from Secure Mail, the mail is not deleted on the IBM Notes Traveler server. If users accept a calendar event, and then they decline the event with a comment or they act on a comment, the comment is missing. [CXM-47936] To learn about known limitations with IBM/Lotus Notes, see this Citrix blog post.
You can optionally enable SSO from Secure Hub. To do so, you configure Citrix Files account information in the Endpoint Management console to enable Endpoint Management as a SAML identity provider for Citrix Files. The configuration uses Active Directory credentials to authenticate to Citrix Files.
Configuring the Citrix Files account information in Endpoint Management console is a one-time setup used for all Citrix clients, Citrix Files clients, and non-MDX Citrix Files clients. For details, see To configure Citrix Files account information in Endpoint Management console for SSO.
Download the Secure Mail .mdx file from the Citrix Downloads site.
Add Secure Mail to Endpoint Management and configure MDX policies. For details, see Add apps.
As of Secure Mail version 10.6.5, you can configure a new MDX analytics policy for Secure Mail for iOS and Android. Citrix collects analytics data to improve product quality. The Google Analytics level of detail policy lets you specify whether the data is associated with your company domain or is collected anonymously. Selecting Anonymous opts users out of including the company domain with the data that is collected. This new policy replaces an earlier Google analytics policy.
When the policy is set to anonymous, we collect the following types of data. We have absolutely no way to link this data to an individual user or company because we do not request user identifiable information. No personally identifiable information is sent to Google.
- Device statistics, such as the operating system version, app version, and device model
- Platform information, such as ActiveSync version and Secure Mail server version
- Failure points for product quality, such as APNs registrations, mail sync and send, and attachment download and calendar sync.
Other than company domain, no other identifiable information is collected when the policy is set to Complete. Default is Complete.