Product Documentation

Allowing secure interaction with Office 365 apps

Citrix Secure Mail, Citrix Secure Web and ShareFile offer the option of opening the MDX container to allow users to transfer docs and data to Microsoft Office 365 apps. You manage this capability for iOS and Android platforms through the open-in policies on the XenMobile console.

Once opened in a Microsoft app, data is no longer secured or encrypted in the MDX container. Consider the security implications before enabling this feature. Particularly, customers concerned with data loss prevention or who are subject to HIPAA or other strict compliance requirements should weigh the trade-offs of opening the container.

Enabling Office 365 in iOS

  1. Download the latest versions of Secure Mail, Secure Web, or ShareFile apps from the XenMobile downloads page.
  2. Upload the files to the XenMobile console.
  3. Locate the Document exchange (Open In) policy and set it to Restricted. In the Restricted Open-in exception list, Microsoft Word, Excel, PowerPoint, OneNote and Outlook are automatically listed. For example: com.microsoft.Office.Word, com.microsoft.Office.Excel, com.microsoft.Office.Powerpoint, com.microsoft.onenote, com.microsoft.onenoteiPad, com.microsoft.Office.Outlook

Image of the Document exchange (Open In) policy

In MDM enrollments, additional controls are for iOS devices are available.

You can upload iTunes apps to the XenMobile console and push the apps to devices. If you choose this option, set the following policies to ON:

  • Remove app if MDM profile is removed
  • Prevent app data backup
  • Force app to be managed (note that a selective wipe will remove the app and any data)

To prevent documents and data flowing from Microsoft apps to unmanaged apps on the device, go to Configure > Devices Policies > Restrictions > iOS on the XenMobile console and then set Documents from managed apps in unmanaged apps and Documents from unmanaged apps in managed apps to OFF.

Enabling Office 365 in Android

  1. Download the latest versions of Secure Mail, Secure Web, or ShareFile apps from the XenMobile downloads page.
  2. Upload the files to the XenMobile console.
  3. Scroll down to the Document exchange (Open In) policy and then select Restricted.
  4. In Restricted Open-in exception list, add the following package IDs:

    {com.microsoft.office.word} {com.microsoft.office. powerpoint} {com.microsoft.office.excel}

  5. Scroll down to Private file encryption exclusions.

    Note:

    Only MDX wrapped apps require the exclusion.

  6. For Secure Mail, enter:

    ^databases/[0-9\]+\.db\_img\_store/,^files/ deviceName,^files/file\_provider_images/

  7. For Secure Web and ShareFile apps, enter:

    ,^app_o2_dex/,^app_o2_dex_opt/,.doc$/,. docx$/,^files/(.)+.docx$

  8. For Secure Web and ShareFile apps, scroll to Public file encryption exclusions and add:

    ,^sharefile/

  9. Configure other app policies as usual and the save the apps.

Users must save files from Secure Mail, Secure Web or ShareFile on their devices and open the files with an Office 365 app.

For both iOS and Android, users can open and edit the following types of files on their devices:

Supported file formats

For the supported file formats, see the Microsoft Office documentation.

Allowing secure interaction with Office 365 apps