Notifications and synchronization

This article discusses notification and email synchronization functionality and configurations for Secure Mail.

Secure Mail for iOS background app refresh

If Secure Mail for iOS is configured to provide notifications through iOS background app refresh (and not APNs), Secure Mail email refresh works in the following ways:

  • When users enable Background App Refresh on the device from the Settings menu and Secure Mail is running in the background, mail is synced with the server. The sync frequency depends on various factors.
  • If the user disables Background App Refresh, the app never receives email while running in the background.
  • When users move Secure Mail to the background, the app continues to run within a grace period before the app is suspended.
  • While running in the foreground, Secure Mail shows real-time email activity, regardless of the Background App Refresh setting.

Secure Mail and ActiveSync

Secure Mail syncs with Exchange Server via the ActiveSync messaging protocol. This functionality gives users real-time access to their Outlook mail, contacts, calendar events, automatically generated mailboxes, and user-created folders.

Note:

ActiveSync doesn’t support the synchronization of Exchange public folders. In Exchange Server 2013, ActiveSync doesn’t sync the Drafts folder.

To sync user-created folders, follow these steps:

iOS

  1. Go to Settings > Auto Refresh.
  2. Set Auto Refresh to On.
  3. Tap On. A list of all mailboxes appears.
  4. Tap the folders you want to sync.

Android

  1. Go to the Mailboxes list.
  2. Tap the mailbox you want to sync.
  3. Tap the More icon in the lower-right corner.
  4. Tap Sync options.
  5. Under Check frequency, select how often you want the folder to sync.

Exporting contacts in Secure Mail

Secure Mail users can continuously sync their contacts with the phone address book, do a one-time export of an individual contact to the phone address book, or share a contact as a vCard attachment.

To allow these features, set the Export Contacts policy for Secure Mail in the Endpoint Management console to ON.

When the policy is ON, the following options are enabled in Secure Mail:

  • Sync with Local Contacts in Settings
  • Exporting individual contacts
  • Share contacts as vCard attachments

When the Export Contacts policy is OFF, those options do not appear in the app.

When the policy is enabled, to sync contacts from the mail server to the phone address book continuously, users need to set Sync with Local Contacts to ON. As long as Sync with Local Contacts is ON, any updates to contacts in Exchange or Secure Mail triggers an update to local contacts.

Due to Android limitations, if any Exchange or Hotmail account is already set to sync with local contacts, Secure Mail is unable to sync contacts.

On iOS, Secure Mail contacts can be exported and synced with the phone contacts even if users have Hotmail or Exchange set up on the device. You configure this feature in Endpoint Management through the Override Native Contacts Check policy for Secure Mail. This policy determines if Secure Mail should override the check for contacts from an Exchange/Hotmail Account configured in the native Contacts app. If On, the app syncs contacts to the device even if the native Contacts app is configured with Exchange/Hotmail Account. If Off, the app continues to block contacts sync. Default is On.

Secure Mail notifications

The following table summarizes how notifications are handled for supported mobile devices when Secure Mail is running in the foreground or background.

With Secure Mail running in the foreground or background: Notifications are handled for iOS Notifications are handled for Android
Foreground Secure Mail maintains a persistent ActiveSync connection to sync email and calendar activity. Secure Mail maintains a persistent ActiveSync connection to sync email and calendar activity.
Background (or terminated) Secure Mail receives notifications through the iOS background app refresh functionality or, if configured, APNs. Secure Mail maintains a persistent ActiveSync connection.

For configuration details, see Push notifications for Secure Mail for iOS.

Rich push notifications

Secure Mail for iOS supports rich push notifications. Rich notifications ensure that you receive lock screen notifications for your inbox even when Secure Mail is not running in the background. This feature is supported on password-based authentication and client-based authentication setups.

Note:

Due to the change in architecture to support this feature, the VIP Only mail notifications feature is no longer available.

To enable the rich push notifications feature, ensure that the following prerequisites are met:

  • In the Endpoint Management console, set Push notifications to ON.
  • Network access policy is set to Unrestricted or Tunnel to internal network. If your Network access policy is set to Tunnel to internal network, ensure that Exchange Web Services (EWS) host is configured in the Background network services policy. If EWS and ActiveSync hosts are the same, then ensure that the ActiveSync host is configured in the Background network services policy.
  • The Control locked screen notifications policy is set to Allow or Email sender or event title.
  • Navigate to Secure Mail > Settings > Notifications and then enable Mail Notifications.

This feature is not supported if you are running any of the following setups:

  • Modern authentication with Microsoft Office 365 (Oauth)
  • Apps managed by Endpoint Management integration with Microsoft InTune/EMS
  • Devices enrolled by using derived credentials

Reasons for the “You have new mail” notification to appear on iOS devices

The “You have new mail” notification appears on iOS devices when Secure Mail does not receive a response from Exchange Web Services (EWS) within the specified time of 30 seconds required to fetch the message details.

Image of the generic iOS new email notification

You may also experience this behavior on your device based on poor Wi-Fi or data connectivity.

Other than the delayed EWS response, Secure Mail displays the “You have new mail” notification in the following situations as well:

  • When Secure Mail fails to read the required information from secure container. This scenario generally occurs after you restart your device and before you unlock the device.
  • When Secure Mail fails to connect to or set up a secure channel with Citrix Gateway or EWS.
  • When your credentials have expired or you have modified the credentials, but they are not updated in Secure Mail yet. The following figure shows the way the notification appears in this scenario.

    Image of the email notification message

  • When Secure Mail receives an unexpected response from the Exchange server for a valid request from Secure Mail. For details about EWS response codes, see the Microsoft developer documentation.

Push notification failure messages in Secure Mail for iOS

In Secure Mail for iOS, appropriate push notification failure messages appear in the notification center on your device. These notifications appear based on the type of notification failure.

The following notification messages appear based on different failure scenarios as follows:

  • Secure Mail is unable to connect to your organization’s network. This notification appears when Secure Mail fails to establish a SOCKS5 connection with Citrix Gateway.

  • Secure Mail is unable to connect to your organization’s network. Please contact your administrator. This notification appears Citrix Gateway is unreachable. Ensure that your Citrix ADC is configured correctly and is reachable from external networks.

  • Secure Mail is unable to connect securely to your organization’s network. Please contact your administrator. This notification appears when Secure Mail fails to establish an SSL connection with the Citrix Gateway. Ensure that your SSL certificate is valid.

  • Secure Mail is unable to connect securely to your mail server. Please contact your administrator. This notification appears when Secure Mail fails to establish an SSL connection with the Exchange Server. Ensure that the SSL certificate on your Exchange Server is valid. If you want the app to connect to the Exchange Server despite having an invalid certificate, ensure that you have enabled the Accept all SSL certificates MDX policy.

  • Secure Mail is unable to fetch message due to a mail server error. Please contact your administrator. This notification appears when Secure Mail cannot parse the EWS response from the Exchange Server.

  • Secure Mail is unable to fetch message due to a request timeout. This notification appears when Secure Mail fails to receive a response from the server within 30 seconds. This notification could appear due to poor data or Wi-Fi connection on your device. Try again after waiting a few minutes.

  • Unable to fetch message. Please open Secure Mail. This notification appears when Secure Mail cannot read your credentials from the secure container. This notification could appear when your device has been restarted your device but not unlocked yet. Unlock your device to automatically allow Secure Mail access to the secure container. If you are still receiving this notification, then open Secure Mail to automatically update your credentials in the secure container.