Secure Mail integration with Microsoft Intune/EMS

With this integration, you can manage and deliver Citrix Secure Mail with more security and the means to enhance productivity.

Secure Mail supports various Intune configurations. You can connect Secure Mail to on-premises Exchange or Office 365 mailboxes. To set up Endpoint Management integration with EMS/Intune, see Citrix Endpoint Management integration with Microsoft Intune/EMS

Secure Mail supports the following deployment modes:

  • Intune MAM
  • Intune MAM and Intune mobile device management (MDM)
  • Intune MAM with Endpoint Management MDM-only
  • Intune MAM with Endpoint Management MDM and MAM

Supported mail servers

  • Exchange Online
  • Exchange Server 2016
  • Exchange Server 2013


Secure Mail does not support certificate-based authentication.


To use Secure Mail in MDM mode along with Citrix Endpoint Management (MDM and MAM) you must configure Secure Hub in your environment.

To configure Secure Mail for Intune

If your environment is configured in the Citrix Endpoint Management MDM mode, Secure Mail automatically populates user names in an FTU experience.

To enable this feature, you must configure custom policies in the Endpoint Management console. For details, see the Endpoint Management documentation, Configure Secure Mail.

Features that are incompatible with Intune

The following Secure Mail features are not compatible with Endpoint Management integration with EMS/Intune:

  • Secure Ticket Authority (STA)
  • Email enrollment with single sign-on (SSO)
  • Rich push notifications
  • Citrix Files (Formerly ShareFile)
  • S/MIME signing and encryption
  • Microsoft Information Rights Management
  • Tunneled – Web SSO + Non KCD SSO Internal Exchange server
Secure Mail integration with Microsoft Intune/EMS