Rich push notifications for Secure Mail for iOS

Secure Mail for iOS supports rich push notifications. Rich notifications ensure that you receive lock screen notifications for your Inbox even when Secure Mail is not running in the background. This feature is supported on password-based authentication and client-based authentication setups.

Note:

Due to the change in architecture to support this feature, the VIP Only mail notifications feature is no longer available.

To enable the rich push notifications feature, ensure that the following prerequisites are met:

  • In the Endpoint Management console, set Push notifications to ON.
  • Network access policy is set to Unrestricted or Tunnel to internal network. If your Network access policy is set to Tunnel to internal network, ensure that Exchange Web Services (EWS) host is configured in the Background network services policy. If EWS and ActiveSync hosts are the same, then ensure that the ActiveSync host is configured in the Background network services policy.
  • The Control locked screen notifications policy is set to Allow or Email sender or event title.
  • Navigate to Secure Mail > Settings > Notifications and then enable Mail Notifications.

This feature is not supported if you are running any of the following setups:

  • Modern authentication with Microsoft Office 365
  • Apps managed by Endpoint Management integration with Microsoft InTune/EMS
  • Devices enrolled by using derived credentials

How push notifications work in Secure Mail iOS

Secure Mail receives push notifications for the following Inbox activities:

  • New mail, meeting requests, meeting cancellations, meeting updates: When APNs pushes remote notifications to iOS SecureMail and SecureMail updates all folders marked for auto refresh.

    Note:

    By default, the Inbox, Calendar, and Contact folders are marked for auto refresh. Users can select any other mail folder for auto refresh from Secure Mail > Settings > Auto Refresh.

  • The Secure Mail icon shows the total count of unread and new messages in the Exchange Inbox folder only. Secure Mail updates the icon after users read emails on a desktop or laptop computer.

  • During an installation or upgrade, Secure Mail for iOS prompts users to allow push notifications. Users can also allow push notifications later by using iOS Settings.

Push notifications behavior without rich push notifications support

For configurations that are not supported by the rich push notifications feature for iOS, Secure Mail still provides the count of unread Inbox emails for the sync period. If the Control locked screen notifications policy is On, push notifications appear on a locked device screen after iOS wakes up Secure Mail to perform a sync.

Secure Mail iOS push notifications FAQs

When does iOS deliver notifications to Secure Mail?

When the rich push notification feature is enabled, iOS delivers remote notifications to Secure Mail. These notifications happen even if the app is not running in background or is in low power mode.

Note:

When rich push notifications is not enabled, notifications may not be delivered to Secure Mail when Secure Mail is not active: This situation occurs for many reasons, such as the following reasons:

  • If the device is in Low Power Mode and Secure Mail is in the background: This is the most common case in which notifications are not delivered.

  • If Background App Refresh is Off for Secure Mail and if Secure Mail is in the background: Note that users control this setting.

  • If the device has poor network connectivity: This situation depends on the iOS device.

Reasons for the “You have new mail” notification to appear on iOS devices

The “You have new mail” notification appears on iOS devices when Secure Mail does not receive a response from Exchange Web Services (EWS) within the specified time. The time required to fetch the message details is 30 seconds.

Image of the generic iOS new email notification

You may also experience this behavior on your device based on poor Wi-Fi or data connectivity.

Other than the delayed EWS response, Secure Mail displays the “You have new mail” notification in the following situations:

  • When Secure Mail fails to read the required information from the secure container. This scenario generally occurs after you restart your device and before you unlock the device.
  • When Secure Mail fails to connect to or set up a secure channel with Citrix Gateway or EWS.
  • When your credentials have expired or you have modified the credentials, but they are not updated in Secure Mail. The following figure shows the way the notification appears in this scenario.

    Image of the email notification message

  • When Secure Mail receives an unexpected response from the Exchange Server for a valid request from Secure Mail. For details about EWS response codes, see the Microsoft developer documentation.

Push notification failure messages in Secure Mail for iOS

In Secure Mail for iOS, appropriate push notification failure messages appear in the notification center on your device. These notifications appear based on the type of notification failure.

The following notification messages appear based on different failure scenarios as follows:

  • Secure Mail is unable to connect to your organization’s network. This notification appears when Secure Mail fails to establish a SOCKS5 connection with Citrix Gateway.

  • Secure Mail is unable to connect to your organization’s network. Please contact your administrator. This notification appears Citrix Gateway is unreachable. Ensure that your Citrix ADC is configured correctly and is reachable from external networks.

  • Secure Mail is unable to connect securely to your organization’s network. Please contact your administrator. This notification appears when Secure Mail fails to establish an SSL connection with the Citrix Gateway. Ensure that your SSL certificate is valid.

  • Secure Mail is unable to connect securely to your mail server. Please contact your administrator. This notification appears when Secure Mail fails to establish an SSL connection with the Exchange Server. Ensure that the SSL certificate on your Exchange Server is valid. If you want the app to connect to the Exchange Server despite having an invalid certificate, ensure that you have enabled the Accept all SSL certificates MDX policy.

  • Secure Mail is unable to fetch message due to a mail server error. Please contact your administrator. This notification appears when Secure Mail cannot parse the EWS response from the Exchange Server.

  • Secure Mail is unable to fetch message due to a request timeout. This notification appears when Secure Mail fails to receive a response from the server within 30 seconds. This notification could appear due to poor data or Wi-Fi connection on your device. Try again after waiting a few minutes.

  • Unable to fetch message. Please open Secure Mail. This notification appears when Secure Mail cannot read your credentials from the secure container. This notification could appear when your device has been restarted, but not unlocked. Unlock your device to automatically allow Secure Mail access to the secure container. If you are still receiving this notification, then open Secure Mail to automatically update your credentials in the secure container.