Product Documentation

Citrix Secure Mail

June 4, 2018

Citrix Secure Mail lets users manage their email, calendars and contacts on their mobile phones and tablets. To maintain continuity from Microsoft Outlook or IBM Notes accounts, Secure Mail syncs with Microsoft Exchange Server and IBM Notes Traveler Server.

As part of the Citrix suite of apps, Secure Mail benefits from single sign-on (SSO) compatibility with Citrix Secure Hub. After users sign on to Secure Hub, they can move seamlessly into Secure Mail without having to reenter their user names and passwords. You can configure Secure Mail to be pushed to users’ devices automatically when the devices enroll in Secure Hub, or users can add the app from the Store.

Important:

The MDX Toolkit 10.7.10 is the final release that supports the wrapping of XenMobile Apps. Users access XenMobile Apps versions 10.7.5 and later from the public app stores.

To begin, download Secure Mail and other XenMobile components from XenMobile Downloads.

For Secure Mail and other XenMobile App system requirements, see System requirements for XenMobile Apps.

For information about notifications in for Secure Mail for iOS and Android when the app is running in the background or closed, see Push notifications for Secure Mail.

Deploying Secure Mail

The MDX Toolkit 10.7.10 is the final release that supports the wrapping of XenMobile Apps. Users access XenMobile Apps versions 10.7.5 and later from the public app stores. For table listing the XenMobile Apps enterprise versions that you can wrap with the MDX Toolkit 10.7.10, see the Enterprise delivery of XenMobile Apps section in XenMobile Apps administration and delivery.

Citrix ceased support of enterprise distribution for XenMobile productivity apps on December 31, 2017. Now, only public app store distribution is supported.

To deploy Secure Mail with XenMobile, follow these general steps:

  1. You can integrate Secure Mail with an Exchange Server or IBM Notes Traveler Server to keep Secure Mail in sync with Microsoft Exchange or IBM Notes. If you use IBM Notes, configure the IBM Notes Traveler server. The configuration uses Active Directory credentials to authenticate to Exchange or the IBM Notes Traveler server. For details, see Integrating Exchange Server or IBM Notes Traveler Server.

    Important:

    You cannot sync mail from Secure Mail with IBM Notes Traveler (formerly IBM Lotus Notes Traveler). This Lotus Notes third-party capability is not currently supported. As a result, when you delete a responded meeting mail from Secure Mail, the mail is not deleted on the IBM Notes Traveler server. [CXM-47936] To learn about known limitations with IBM/Lotus Notes, see this Citrix blog post.

  2. You can optionally enable SSO from Secure Hub. To do so, you configure ShareFile account information in XenMobile to enable XenMobile as a SAML identity provider for ShareFile. The configuration uses Active Directory credentials to authenticate to ShareFile.

    Configuring the ShareFile account information in XenMobile is a one-time setup used for all Citrix clients, ShareFile clients, and non-MDX ShareFile clients. For details, see To configure ShareFile account information in XenMobile for SSO.

  3. Download Secure Mail from the Citrix Downloads site and then wrap Secure Mail. For details, see About the MDX Toolkit.

Add Secure Mail to XenMobile and configure MDX policies. For details, see Add an MDX app.

Note:

As of Secure Mail version 10.6.5, you can configure a new MDX analytics policy for Secure Mail for iOS and Android. Citrix collects analytics data to improve product quality.T he Google Analytics level of detail policy allows you to specify whether the data collected can be associated with your company domain or collected anonymously. Selecting Anonymous opts users out of including the company domain with the data that is collected. This new policy replaces an earlier Google analytics policy.

When the policy is set to anonymous, we collect the following types of data. We have absolutely no way to link this data to an individual user or company because we do not request user identifiable information. No personally identifiable information is sent to Google.

  • Device statistics, such as the operating system version, app version, and device model
  • Platform information, such as ActiveSync version and Secure Mail server version
  • Failure points for product quality like APNs registrations, mail sync failures, mail send failures, attachment download failures, calendar sync failures, and so on

Note that other than company domain, no other identifiable information is collected when the policy is set to Complete. Default is Complete.

Security considerations

Microsoft IRM support

Secure Mail for Android and Secure Mail for iOS support messages protected with Microsoft Information Rights Management (IRM), subject to the configured IRM policy.

This feature allows organizations use IRM to apply persistent protection to messaging content and allows mobile device users to be able to create and consume IRM-protected content. By default IRM support is Off. To enable IRM support, set the Information Rights Management policy to On.

Secure Mail supports the following template attributes:

Important:

Attachments are not included in IRM support.

Attribute Label in Secure Mail Description
ContentExpiryDate No expiration or the expiration date Allows you to purge the body and attachments of the email message when the ContentExpiryDate has passed. Additionally, Secure Mail provides the ability to fetch the content again from the server.
EditAllowed Edit Content Specifies whether the user can modify the email message when the user forwards, replies, or replies all to the message.
ExportAllowed   Specifies whether the user can remove the IRM protection on the email message.
ExtractAllowed Copy Content Specifies whether the user can copy content out of the email messages.
ForwardAllowed Forward Specifies whether the user is allowed to forward the email message.
ModifyRecipientsAllowed Modify Recipients Specifies whether the user can modify the recipient list when the user forwards or replies to the email message.
ProgrammaticAccessAllowed Send to Other Apps Specifies whether the contents of the email message can be accessed programmatically by third-party applications.
ReplyAllAllowed Reply All Specifies whether the user can reply to all of the recipients of the original email message.
ReplyAllowed Reply Specifies whether the user is allowed to reply to the email message.

Users see the following Restrictions screen.

Secure Mail IRM Restrictions screen

Some organizations may require strict adherence to their IRM policy. Users with access to Secure Mail may attempt to bypass the IRM policy by tampering with Secure Mail, the operating system, or even the hardware platform.

Although XenMobile can detect certain attacks, you may want to consider the following precautionary measures to increase security:

  • Review the security guidance supplied by the device vendor.
  • Configure devices accordingly, using XenMobile capabilities or otherwise.
  • Provide guidance to your users for the appropriate use of IRM features, including Secure Mail.
  • Deploy additional third-party security software to resist this type of attack.

Email security classifications

Secure Mail for iOS and Android supports email classification markings, enabling users to specify security (SEC) and dissemination limiting markers (DLM) when sending emails. SEC markings include Protected, Confidential, and Secret. DLM includes Sensitive, Legal or Personal. When composing an email, a Secure Mail user can select a marking to indicate the classification level of the email, as shown in the following images.

Security classification link in Secure Mail

Security classification list in Secure Mail

Recipients can view the classification marking in the email subject. For example:

  • Subject: Planning [SEC = PROTECTED, DLM = Sensitive]
  • Subject: Planning [DLM = Sensitive]
  • Subject: Planning [SEC = UNCLASSIFIED]

Email headers include classification markings as an Internet Message Header Extension, shown in bold in this example:

Date: Fri, 01 May 2015 12:34:50 +530

Subject: Planning [SEC = PROTECTED, DLM = Sensitive]

Priority: normal

X-Priority: normal X-Protective-Marking: VER-2012.3, NS=gov.au,SEC = PROTECTED, DLM = Sensitive,ORIGIN=operations@example.com

From: operations@example.com

To: Team <mylist@example.com>

MIME-Version: 1.0 Content-Type: multipart/alternative;boundary="_com.example.email_6428E5E4-9DB3-4133-9F48-155913E39A980"

Secure Mail only displays classification markings. The app does not take any actions based on those markings.

When a user replies to or forwards an email that has classification markings, the SEC and DLM values default to those of the original email. The user can choose a different marking. Secure Mail does not validate such changes in relation to the original email.

You configure email classification markings through the following MDX policies.

  • Email classification: If On, Secure Mail supports email classification markings for SEC and DLM. Classification markings appear in email headers as “X-Protective-Marking” values. Be sure to configure the related email classification policies. Default value is Off.

  • Email classification namespace: Specifies the classification namespace that is required in the email header by the classification standard used. For example, the namespace “gov.au” appears in the header as “NS=gov.au”. Default value is empty.

  • Email classification version: Specifies the classification version that is required in the email header by the classification standard used. For example, the version “2012.3” appears in the header as “VER=2012.3”. Default value is empty.

  • Default email classification: Specifies the protective marking that Secure Mail applies to an email if a user does not choose a marking. This value must be in the list for the Email classification markings policy. Default value is UNOFFICIAL.

  • Email classification markings: Specifies the classification markings to be made available to users. If the list is empty, Secure Mail does not include a list of protective markings. The markings list contains value pairs that are separated by semicolons. Each pair includes the list value that appears in Secure Mail and the marking value that is the text appended to the email subject and header in Secure Mail. For example, in the marking pair “UNOFFICIAL,SEC=UNOFFICIAL;”, the list value is “UNOFFICIAL” and the marking value is “SEC=UNOFFICIAL”.

Default value is a list of classification markings that you can modify. The following markings are provided with Secure Mail.

  • UNOFFICIAL,SEC=UNOFFICIAL
  • UNCLASSIFIED,SEC=UNCLASSIFIED
  • For Official Use Only,DLM=For-Official-Use-Only
  • Sensitive,DLM=Sensitive
  • Sensitive:Legal,DLM=Sensitive:Legal
  • Sensitive:Personal,DLM=Sensitive:Personal
  • PROTECTED,SEC=PROTECTED
  • PROTECTED+Sensitive,SEC=PROTECTED
  • PROTECTED+Sensitive:Legal,SEC=PROTECTED DLM=Sensitive:Legal
  • PROTECTED+Sensitive:Personal,SEC=PROTECTED DLM=Sensitive:Personal
  • PROTECTED+Sensitive:Cabinet,SEC=PROTECTED,DLM=Sensitive:Cabinet
  • CONFIDENTIAL,SEC=CONFIDENTIAL
  • CONFIDENTIAL+Sensitive,SEC=CONFIDENTIAL,DLM=Sensitive
  • CONFIDENTIAL+Sensitive:Legal,SEC=CONFIDENTIAL DLM=Sensitive:Legal
  • CONFIDENTIAL+Sensitive:Personal,SEC=CONFIDENTIAL,DLM=Sensitive:Personal
  • CONFIDENTIAL+Sensitive:Cabinet,SEC=CONFIDENTIAL DLM=Sensitive:Cabinet
  • SECRET,SEC=SECRET
  • SECRET+Sensitive,SEC=SECRET,DLM=Sensitive
  • SECRET+Sensitive:Legal,SEC=SECRET,DLM=Sensitive:Legal
  • SECRET+Sensitive:Personal,SEC=SECRET,DLM=Sensitive:Personal
  • SECRET+Sensitive:Cabinet,SEC=SECRET,DLM=Sensitive:Cabinet
  • TOP-SECRET,SEC=TOP-SECRET
  • TOP-SECRET+Sensitive,SEC=TOP-SECRET,DLM=Sensitive
  • TOP-SECRET+Sensitive:Legal,SEC=TOP-SECRET DLM=Sensitive:Legal
  • TOP-SECRET+Sensitive:Personal,SEC=TOP-SECRET DLM=Sensitive:Personal
  • TOP-SECRET+Sensitive:Cabinet,SEC=TOP-SECRET DLM=Sensitive:Cabinet

Australian Signals Directorate Data Protection

Secure Mail supports Australian Signals Directorate (ASD) data protection for those enterprises that must meet ASD computer security requirements. By default, the Enable iOS data protection policy is Off and Secure Mail provides Class C data protection or uses the data protection set in the provisioning profile.

If the policy is On, Secure Mail specifies the protection level when creating and opening files in the app sandbox. Secure Mail sets Class A data protection on:

  • Outbox items
  • Photos from the camera or camera roll
  • Images pasted from other apps
  • Downloaded file attachments

Secure Mail sets Class B data protection on:

  • Stored mail
  • Calendar items
  • Contacts
  • ActiveSync policy files

Class B protection enables a locked device to sync and enables downloads to complete if a device is locked after the download starts.

With data protection enabled, queued outbox items are not sent when a device is locked because the files cannot be opened. And, if the device terminates and then restarts Secure Mail when a device is locked, Secure Mail is unable to sync until the device is unlocked and Secure Mail starts.

Citrix recommends that, if you enable this policy, you enable Secure Mail logging only when needed to avoid the creation of log files with Class C data protection.

Notifications and synchronization

Secure Mail for iOS background app refresh

If Secure Mail for iOS is configured to provide notifications through iOS background app refresh (and not APNs), Secure Mail email refresh works in the following ways:

  • When user enable Background App Refresh on the device (Settings > General > Background App Refresh) and Secure Mail is running in the background, mail is synced with the server. The sync frequency depends on a variety of factors.
  • If the user disables Background App Refresh, the app never receives email while running in the background.
  • When users move Secure Mail to the background, the app continues to run within a grace period before the app is suspended.
  • While running in the foreground, Secure Mail shows real-time email activity, regardless of the Background App Refresh setting.

Secure Mail and ActiveSync

Secure Mail syncs with Exchange Server via the ActiveSync messaging protocol to give users real-time access to their Outlook mail, contacts, calendar events, automatically generated mailboxes, and user-created folders.

Note:

ActiveSync doesn’t support the synchronization of Exchange public folders. In Exchange Server 2013, ActiveSync doesn’t sync the Drafts folder.

To sync user-created folders, follow these steps:

iOS

  1. Go to Settings > Auto Refresh.
  2. Set Auto Refresh to On.
  3. Tap On. A list of all mailboxes appears.
  4. Tap the folders you want to sync.

Android

  1. Go to the Mailboxes list.
  2. Tap the mailbox you want to sync.
  3. Tap the More icon in the lower-right corner.
  4. Tap Sync options.
  5. Under Check frequency, select how often you want the folder to sync.

Exporting contacts in Secure Mail

Secure Mail users can continuously sync their contacts with the phone address book, do a one-time export of an individual contact to the phone address book, or share a contact as a vCard attachment.

To allow these features, set the Export Contacts policy for Secure Mail in the XenMobile console to ON.

When the policy is ON, the following options are enabled in Secure Mail:

  • Sync with Local Contacts in Settings
  • Exporting individual contacts
  • Share contacts as vCard attachments

When the Export Contacts policy is OFF, those options do not appear in the app.

When the policy is enabled, to continuously sync contacts from the mail server to the phone address book, users need to set Sync with Local Contacts to ON. As long as Sync with Local Contacts is ON, any updates to contacts in Exchange or Secure Mail triggers an update to local contacts.

Due to Android limitations, if any Exchange or Hotmail account is already set to sync with local contacts, Secure Mail is unable to sync contacts.

On iOS, Secure Mail contacts can be exported and synced with the phone contacts even if a Hotmail or Exchange account is set up on the device. You configure this feature in XenMobile through the Override Native Contacts Check policy for Secure Mail. This policy determines if Secure Mail should override the check for contacts from an Exchange/Hotmail Account configured in the native Contacts app. If On, the app syncs contacts to the device even if the native Contacts app is configured with Exchange/Hotmail Account. If Off, the app continues to block contacts sync. Default is On.

Secure Mail notifications

The following table summarizes how notifications are handled for supported mobile devices when Secure Mail is running in the foreground or background.

With Secure Mail running in the foreground or background: Notifications are handled for iOS Notifications are handled for Android
Foreground Secure Mail maintains a persistent ActiveSync connection to sync email and calendar activity. Secure Mail maintains a persistent ActiveSync connection to sync email and calendar activity.
Background (or terminated) Secure Mail receives notifications through the iOS background app refresh functionality or, if configured, APNs. Secure Mail maintains a persistent ActiveSync connection.

For configuration details, see Push Notifications for Secure Mail for iOS.

Rich push notifications

Secure Mail for iOS supports rich push notifications. Rich notifications ensure that you receive lock screen notifications for your inbox even when Secure Mail is not running in the background. This feature is supported on password-based authentication and client-based authentication setups.

Note:

Due to the change in architecture to support this feature, the VIP Only mail notifications is no longer available.

To enable this feature, ensure that the following prerequisites are met:

  • In the XenMobile console, set Push notifications to ON.
  • Network access policy is set to Unrestricted or Tunnel to internal network. If your Network access policy is set to Tunnel to internal network, ensure that Exchange Web Services (EWS) host is configured in the Background network services policy. If EWS and ActiveSync hosts are the same, then ensure that the ActiveSync host is configured in the Background network services policy.
  • The Control locked screen notifications policy is set to Allow or Email sender or event title.
  • Navigate to Secure Mail > Settings > Notifications and then enable Mail Notifications.

This feature is not supported if you are running any of the following setups:

  • Modern authentication with Microsoft Office 365 (Oauth)
  • Apps managed by XenMobile integration with Microsoft InTune/EMS
  • Devices enrolled by using derived credentials

Secure Mail interactivity with other XenMobile Apps and ShareFile

Secure Mail interactivity with other XenMobile Apps and ShareFile lets users access, edit, share, and save documents seamlessly, without leaving the secure environment set by your organization’s policies. For example, tapping a link in Secure Mail opens the site in Secure Web. Users can open and edit attachments with Citrix QuickEdit for XenMobile, and they can select text from one or multiple emails and then add the information to Secure Notes. Attachments are downloaded into the user’s Citrix ShareFile for XenMobile space.

For a full list of Secure Mail features for each platform, see XenMobile Apps Features by Platform.

Spellcheck feature for iOS

Secure Mail spellcheck interacts with the device Auto-Capitalization and Check Spelling settings under General > Keyboard in the following ways:

Auto-Correction on Device Check Spelling on Device Check Spelling in Secure Mail Behavior
ON ON ON Red underline shows. When tapped, the word is highlighted in pink and a suggestion appears.
OFF OFF ON Red line shows. When tapped, no suggestion appears.
ON ON OFF No red underline shows. When tapped, the word is highlighted in pink and a suggestion appears
OFF OFF OFF No red underline, highlighting, or suggestion appear.
ON OFF ON Red underline shows. When tapped, the word is highlighted in pink and a suggestion appears.
OFF ON ON Red underline shows. When tapped, the word is highlighted in pink and a suggestion appears.
ON OFF OFF No red underline shows. When tapped, the word is highlighted in pink and a suggestion appears.
OFF ON OFF No red underline shows. When tapped, the word is highlighted in pink and a suggestion appears.

Attaching files in Android

In Secure Mail/WorxMail versions 10.3.5 and later, Android users can’t attach images directly from the Gallery app when the Inbound document exchange (Open-in) policy is set to Restricted. If you want to keep this policy set to Restricted, but still allow users to add photos from the Gallery, follow these configuration steps in the XenMobile console.

  1. Set Block gallery to Off.

  2. Get the Gallery package ID for devices. Some examples:

    • LG Nexus 5: com.google.android.gallery3d, com.google.android.apps.photos
    • Samsung Galaxy Note 3: com.sec.android.gallery3d, com.sec.android.gallery3d.panorama360view, com.google.android.apps.photos
    • Sony Expire: com.sonyericsson.album, com.google.android.apps.photos
    • HTC: com.google.android.apps.photos, com.htc.album
    • Huawei: com.android.gallery3d, com.google.android.apps.photos
  3. Make the hidden policy InboundDocumentExchangeWhitelist visible:

    • Download the WorxMail APK file and wrap the file with the MDX Toolkit.
    • Find the .mdx file on your computer and change the file suffix to .zip.
    • Open the .zip file and find the policy_metadata.xml file
    • Search for and change InboundDocumentExchangeWhitelist from PolicyHidden>true</PolicyHidden> to <PolicyHidden>false</PolicyHidden>.
    • Save the policy_metadata.xml file.
    • Select all the files in that folder and compress to create the .zip file.

      Note:

      Don’t zip the outer folder. Select all files inside the folder and compress the selected files.

    • Click the resulting compressed file.
    • Choose Get Info and change the file suffix back to .mdx.
  4. Upload the modified .mdx file to the XenMobile console and add the list of Gallery package IDs to the now-visible Inbound document exchange whitelist policy.

    Image of the Inbound document exchange whitelist

    Ensure that the package IDs are comma-separated:

    com.sec.android.gallery3d, com.sec.android.gallery3d.panorama360view, com.google.android.apps.photos

  5. Save and deploy Secure Mail.

Android users can now attach an image from the Gallery app.

Supported file formats

An X indicates a file format that can be attached, viewed, and opened in Secure Mail.

Format iOS Android
Video: H.263 AMR NB codec_Mp4   X
Video: H.263 AMR NB codec_3gp   X
Video: H.264 AAC codec_3gp X X
Video: H.264 AAC codec_mp4 X X
Video: H.264 Acclc codec_mp4 X X
GTM recorded_wmv   X
AVI   X
FLV   X
WAV X X
MP4 X X
3GP X X
Flac   X
AAC X X
M4A X X
3GP(AMR-NB) X X
MP3 X X
WAV X X
WMA   X
OGG   X
ICO X X
JPEG X X
PNG X X
TIF (single-page only) X  
BMP X X
GIF X X
WebP   X
.dot X X
PDF X  
PPT X X
PPTX X X
DOC X X
DOCX X X
XLS X X
XLSM X X
XLSX X X
TXT X X
POT X X
HTM X X
HTML X X
ZIP X X
EML X X

Joining meetings from Calendar

In Secure Mail, users can join meetings directly from invitations in Calendar. The following tables list which meeting types and phone number formats are supported, and dial-in requirements for each.

Supported Meeting Types

Meeting type Identification requirements Action after tapping Join Meeting
GoToMeeting (GTM) One of the following in the meeting content: 1) This type of URL: https://www1.gotomeeting.com/join/1234567892; 2) GTM access code in any of these formats: GTM: 123456789, GTM – 123456789, G2M – 123456789, G2M: 123456789 If the GTM app is installed, the app opens and user joins meeting.If the app is not installed, the user sees an option to go the app store to install GTM. For GTMs in the gotomeet.me/username format, the app opens and the user joins the meeting.
WebEx   Citrix Secure Web opens and opens the unwrapped WebEx app, if installed on the device. WebEx must be added as an exception in the Secure Web Restricted Open-in exception list on Android and in the Allowed URLs policy on iOS.
Skype for Business   Users can click a link that opens in Secure Web, which then opens the unwrapped Skype for Business app if installed on the device. Add the Skype for Business app as an exception in the Secure Web Restricted Open-In exception list policy on Android. Add the exception in the Allowed URLs policy on iOS.

Configuring the following list of policies allows users to tap a meeting link to open the relevant app.

Webex (Unwrapped app)

  • iOS - “Allow URLs” Policy”: +^wbx: Example policy string is ^http:,^https:,^mailto:=ctxmail:,+^citrixreceiver:,+^telprompt:,+^tel:,+^col-g2m-2:,+^col-g2w-2:,+^wbx:,+^maps:ios_addr:
  • Android - “Open-in Exclusions” Policy: {action=android.intent.action.VIEW scheme=wbx package=com.cisco.webex.meetings}

Skype for Business

  • iOS - “Allow URLs” Policy”: +^lync:
  • Android - “Open-in Exclusions” Policy:{action=android.intent.action.VIEW scheme=lync package=com.microsoft.office.lync15}

Skype

  • iOS - “Allow URLs” Policy”: +^skype:
  • Android - “Open-in Exclusions” Policy: {action=android.intent.action.VIEW scheme=skype package=com.skype.raider}

Dial-In Specifications

The following list indicates the type of meeting and the respective supported phone number format and conference code format for each.

GoToMeeting (GTM)

Supported phone number formats:

  • Any phone number in GTM formats. Examples:
    • India (toll-free): 000 800 100 7855
    • United States (toll-free): 1 877 309 2073
  • Any phone number that satisfies RFC 3966 format standards. For details, see the Internet standards track protocol document.

Supported conference code formats:

The conference code is picked up from any of the following formats in the meeting body:

  • URL (*.gotomeeting.com/join/123456789)
  • URL (gotomeet.me/username format)
  • “GTM” formats, such as “GTM:123456789”
  • “G2M” formats such as “G2M:123456789”
  • Formats, such as “Access Code: 123456789”

WebEx

Supported phone number formats:

  • Any phone number in WebEx Call-in formats. Examples (both Verizon and U.S.):
    • 1-866-652-5088
    • 1-517-466-3109
  • Any phone number in WebEx Audio Connection formats. Example:
    • 1-650-479-3207 (US toll)
  • Any phone number that satisfies RFC 3966 format standards.

Supported conference code formats:

The meeting content must contain one of these formats:

  • Meeting number: 123 456 789
  • Access code: 123 456 789

Note:

For conference codes that are nine digits or fewer, the # key is added automatically to dial in to the meeting.

Skype for Business

Supported phone number formats:

Supported conference code formats:

The meeting body contains this text: “Conference ID: 123456789”

Note:

The # key is added automatically for Skype for Business meetings.

Generic audio conference information

Supported phone number formats:

  • Any phone number in RFC 3966 formats For details, see the Internet standards track protocol document. Examples:

    • 5555555555
    • (555) 555-5555
    • 555-555-5555
    • 555-555-555-5555 (in case of country code)
    • 1-555-555-5555
    • +1-555-555-5555

Note:

Use a single separator between digits in the phone number. For example, “) –“ can cause the number not to be recognized.

Supported conference code formats:

Recommended format: “(phone number)”,”(code)”

You can specify up to four commas and provide the # key if necessary. See the table later in this document for a list of supported formats.

For an audio conference, the following formats let users tap Dial In. If they tap the phone number from the body of the calendar meeting, however, they can dial into the meeting. They must then type conference codes manually. The following phone number and conference code formats are supported.

Supported phone number formats Conference code separator Example
Any phone number in RFC 3966 formats    
Examples: 5555555555; (555) 555-5555; 555-555-5555; 555-555-555-5555 (in case of country code); 1-555-555-5555;+1-555-555-5555 Participant Code 1-888-999-9999 Participant Code: 9999999
  Participant PIN 1-888-999-9999 Participant PIN: 99999999
  Guest Code 1-888-999-9999 Guest Code: 99999999
  Guest PIN 1-888-999-9999 Guest PIN:99999999
  Participant/Guest Code 1-888-999-9999 Participant/Guest Code:99999999
  Chair Code 1-888-999-9999 Chair Code:99999999
  Chair PIN 1-888-999-9999 Chair PIN:99999999
  Chairperson Code 1-888-999-9999 Chairperson Code:99999999
  Chairperson PIN 1-888-999-9999 Chairperson PIN:99999999
  Host PIN 1-888-999-9999 Host PIN:99999999
  PIN 1-888-999-9999 PIN:99999999
  Access Code 1-888-999-9999 Access Code:99999999
  Code 1-888-999-9999 Code:99999999
  Conference Code 1-888-999-9999 Conference Code:99999999
  Conference ID 1-888-999-9999 Conference ID:99999999
  , +1 (631) 992-3240,958209234#
  ,, +1 (631) 992-3240,,958209234#
  ,,, +1 (631) 992-3240,,,958209234#
  ,,,, +1 (631) 992-3240,,,,958209234#
  passcode +1 (631) 992-3240 passcode 958209234#
  ext: +1 (631) 992-3240 ext:958209234#
  ext. +1 (631) 992-3240 ext. 958209234#
  ;ext= +1 (631) 992-3240; ext. 958209234#
  extn +1 (631) 992-3240 extn 958209234#
  HC +1 (631) 992-3240 HC 958209234#
  xtn +1 (631) 992-3240 xtn 958209234#
  xt +1 (631) 992-3240 xt 958209234#
  x +1 (631) 992-3240 x 958209234#
  PC +1 (631) 992-3240 PC 958209234#
  pc +1 (631) 992-3240 pc 958209234#

Personal calendar overlay

On iOS and Android devices, you can import your personal calendar from the native calendar app and view your personal events in Secure Mail. Enable this feature by going to Secure Mail settings and then turning On Personal Calendar. Select a color for your personal events that you want to display in Secure Mail. This is a read-only view that is only visible to users. The personal calendar information does not sync back to the Exchange or Lotus Notes mail server.

You enable the personal calendar overlay either from the pop up notification or from Secure Mail settings.

The first set of figures show the feature on an iOS device. The subsequent set of figures show the feature on an Android device.

Image of iOS personal calendar feature

Image of iOS general settings with personal calendar feature

Image of enable personal calendar option on iOS

Once you have enabled the feature, you can select a color for your personal mail items.

Image of color option

Image of example color choice

Image of colored calendar

You can select which personal calendars appear from the settings screen.

Secure Mail also displays the following details about a personal calendar event:

  • Account name of the sender
  • Invitees
  • Meeting notes

Image of the calendar details

Secure Mail for Android displays any conflicts with your personal calendar event while creating or rescheduling an Exchange account calendar event.

Image of a calendar conflict on Android

Image of conflict details

The following video demonstrates the Personal Calendar overlay feature.

Image of video of personal calendar feature

Insert an inline image

The following procedure describes how to insert an inline image.

  1. To attach an inline image to your email, long press in the mail body. From the options that appear, tap Insert Picture.

    Image of the Insert Picture option

  2. Secure Mail may prompt you for access to your Photos. The Photos gallery appears. Navigate to the gallery and tap picture you want to insert.

    Image of the photo gallery

  3. The mail now contains the image you selected.

    Image of a message with a photo insert

Multiple Exchange accounts

Multiple Exchange accounts for Android

From Settings within Secure Mail, you can now add multiple Exchange email accounts and switch between them. This feature allows you to monitor all your mails, contacts, and calendars in one place.

Prerequisites

A user name and password is required to configure additional accounts. Automatic enrollment or credential store configurations applies only to the first account setup in the app. Type the user name and password for all additional accounts.

  • If the first account you create is certificate-based, you cannot add further certificate-based accounts.
  • To allow additional accounts to connect to a domain or Exchange Server in an external network, you must set split tunneling to ON in Citrix NetScaler.
  • Secure Mail for iOS supports Exchange and Office 365 mail servers only.

To add an Exchange email account for Android

  1. Open Secure Mail and then tap Settings.
  2. Under ACCOUNTS, tap + Add account.
  3. In the Add account screen, type the credentials for the new account.

    Optionally, you can set values for the following parameters:

    • Sync mail period: Tap to select a value for the sync mail period. The value you set specifies the number of mail days for Secure Mail to synchronize. Your administrator sets the default value.
    • Make this my default account: Tap to set the new account as your default account. The value is set to OFF by default.
  4. Tap Sign In to create the account.

    You can view the new account in the Settings screen under the ACCOUNTS menu.

Note:

Additional accounts must use authentication based on Active Directory. Secure Mail does not support certificate-based authentication when configuring multiple accounts.

To edit an account

You can edit the password and description of email account for Android.

  1. Open Secure Mail and then tap Settings.

  2. Under ACCOUNTS, tap the account you want to edit.

  3. In the Account details screen, edit the fields.

  4. Tap Save to confirm your action or tap Cancel to return to the Settings screen.

    Image of the Account details screen

To delete an account for Android

  1. Open Secure Mail and then tap Settings.
  2. Under ACCOUNTS, tap the account you want to delete.
  3. In the Account details screen, tap Delete account at the bottom of the screen or tap Cancel to return to the Settings screen.
  4. Tap Delete to confirm your action.

Note:

If you delete the default account, the next account will become the default account.

To set a default account for Android

Secure Mail uses the default account in the following scenarios:

  • Composing emails: The From: field auto-populates with the email ID of the default account.
  • Creating calendar events: The Organizer field auto-populates with the email ID of the default account.

When you add one or more email accounts, the first account you create is the default account. To change the default account, navigate to Settings and then tap Default under General.

In the Default account screen, tap the account you want to set as default.

Settings for multiple Exchange accounts for Android

If you have configured multiple Exchange accounts, some of the Secure Mail settings are available to each of these accounts individually, whereas other settings are global. The following settings are account-specific:

  • Default
  • Notifications
  • Out of Office
  • Sync inbox frequency
  • Sync mail period
  • Sync email
  • S/MIME
  • Offline Files
  • Signature
  • Quick responses
  • Sync calendar
  • Sync contacts
  • Sync with local contacts
  • Export Settings

These settings appear with the > icon. Tap the > icon to view the accounts on your device.

To apply the setting to a specific account, expand a setting item by tapping > and then select the email account.

Mail

The Mailboxes screen displays all the accounts you have configured and has the following views:

  • All Accounts: Contains emails from all Exchange accounts that you have configured.
  • Individual accounts: Contains emails and folders of an individual account. These accounts appear as a list that you can expand to view the subfolders.

To view your mailboxes, select Mail from the slide-out menu. In the Mailboxes screen, tap the account to expand the options.

Image of the slide-out menu options

The All Accounts mailbox is the global view by default. This view contains attachments and emails from all Exchange accounts that you have configured on your device.

Image of the All Accounts mailbox

Although the All Accounts view displays your emails from multiple accounts collectively, the following actions use the email address of the default or primary account:

  • New message
  • New event

To change the email address of the sender while composing a new mail from the All Accounts view, tap the default address in the From: field and then select a different account from the mail accounts that appear.

Image of the mail accounts selection

Note:

Composing an email from the conversation view auto-populates the From: field with the email address that conversation is addressed to.

Individual accounts

The default or the primary account always appears first followed by the other accounts in alphabetical order.

The individual accounts display any subfolders you might have created.

Image of subfolders

The following actions are limited to individual accounts only:

  • Moving items.
  • Composing emails from conversation view.
  • Saving contacts.

Contacts

To view your contacts, tap CONTACTS from the slide-out menu and then tap the hamburger icon on the top left. The Contacts screen displays the following items:

  • All Contacts: Displays all contacts from multiple email accounts.
  • Individual accounts: Displays contacts pertaining to the individual accounts that you have configured.
  • Categories: Displays any contact categories that you may have created.

Image of the Contacts list

You can synchronize contacts pertaining to an individual account to your local contacts.

To sync with local contacts

  1. Navigate to Settings and then tap Sync with local contacts listed under Contacts to expand the menu.
  2. In the Sync with local contacts screen, enable the account whose contacts you want to sync.
  3. Tap OK.
  4. When prompted to allow Secure Mail to access your contacts, tap OK.

You have now successfully exported contacts for the account. To undo this action, go to Settings > Contacts > Sync with Local Contacts and then tap on the switch next to the account to disable this feature. Tap OK to confirm your action.

Image of the Sync with local contacts confirmation

Calendar

The calendar displays all events pertaining to the multiple accounts on your device. You can set colors to individual accounts to differentiate calendars events pertaining to individual accounts.

Note:

The Personal calendar feature will always be associated with your primary or default account if enabled.

Image of the calendar associated with primary or default account

To set colors to calendar events

  1. Select CALENDAR from menu.
  2. Tap on the default color that appears on the right of an Exchange account. The Colors screen displays the available colors for that account.
  3. Select a color of your choice and then tap Save. To return to the previous screen, tap Cancel.

    The selected color is set for all calendar events pertaining to that Exchange account.

    Image of the calendar color options

    Image of the colored accounts

    Image of the calendar with colors

When you are creating a calendar invitation or event, the Organizer field auto-populates with the email address of the default account. To change the mail account, tap this email address and select another account.

Image of the organizer field

Image of the organizer selection

You can perform a global search from the All Accounts or the All Contacts view. This action displays the appropriate results after searching all the accounts in the app.

All searches from within an individual account displays results pertaining to that account only.

Multiple Exchange accounts for iOS

From Settings within Secure Mail, you can now add multiple Exchange email accounts and switch between them. This feature allows you to monitor all your mails, contacts, and calendars in one place.

Prerequisites

A user name and password is required to configure additional accounts. Automatic enrollment or credential store configurations applies only to the first account setup in the app. Type the user name and password for all additional accounts.

  • To allow additional accounts to connect to a domain or Exchange Server in an external network, you must set split tunneling to ON in Citrix NetScaler.
  • Secure Mail for iOS supports Exchange and Office 365 mail servers only.

To add an Exchange email account for iOS

  1. Open Secure Mail and then tap Settings.
  2. Under ACCOUNTS, tap Add Exchange Account.
  3. In the Exchange screen, type the credentials for the new account.

Optionally, you can set values for the following parameters:

  • Sync Mail Period: Tap to select a value for the sync mail period. The value you set specifies the number of mail days for Secure Mail to synchronize. Your administrator sets the default value.
  • Make this my default account: Tap to set the new account as your default account. The value is set to OFF by default.
  1. Tap Sign On to create the account.

You can view the new account in the Settings screen under the ACCOUNTS menu.

Note:

The default or primary account uses certificate-based authentication because Secure Mail can only receive a single user certificate from XenMobile Server. Additional accounts must use authentication based on Active Directory.

Citrix recommends that you do not configure multiple accounts on shared devices.

To edit an account for iOS

You can edit the password and description of email account.

  1. Open Secure Mail and then tap Settings.

  2. Under ACCOUNTS, tap the account you want to edit.

  3. In the Account screen, edit the fields.

  4. Tap Save to confirm your action or tap Cancel to return to the Settings screen.

To delete an account for iOS

  1. Open Secure Mail and then tap Settings.
  2. Under ACCOUNTS, tap the account you want to delete.
  3. In the Account screen, tap Delete Account at the bottom of the screen or tap Cancel to return to the Settings screen.
  4. Tap Delete to confirm your action.

Note:

If you delete the default account, the next account will become the default account.

To set a default account for iOS

Secure Mail uses the default account in the following scenarios:

  • Composing emails: The From: field auto-populates with the email ID of the default account.
  • Creating calendar events: The Organizer field auto-populates with the email ID of the default account.
  • App badge count: Indicates the unread mail count of the default account.

When you add one or more email accounts, the first account you create is the default account. To change the default account, navigate to Settings > General > Default.

In the Default Email screen, tap the account you want to set as default.

Alternatively, you can navigate to Settings > ACCOUNTS and then tap the account you want to set as default. In the Account screen, enable the Make this my default account feature.

Settings for multiple Exchange accounts for iOS

If you have configured multiple Exchange accounts, some of the Secure Mail settings are available to each of these accounts individually, whereas other settings are global. The following settings are account-specific:

  • Default
  • Notifications
  • Auto Refresh
  • Out of Office
  • Sync Mail Period
  • S/MIME
  • Offline Files
  • Signature
  • Sync with Local Contacts
  • Export Settings

These settings appear with the > icon. Tap the > icon to view the accounts on your device.

To apply the setting to a specific account, expand a setting item by tapping > and then selecting the email account.

Note:

You can only import the previously exported Secure Mail settings to the default or primary account.

Mailboxes screen

The Mailboxes screen displays all the accounts you have configured and has the following views:

  • All Accounts: Contains emails from all Exchange accounts that you have configured.
  • Individual accounts: Contains emails and folders of an individual account. These accounts appear as a list that you can expand to view the subfolders.

The All Accounts mailbox is the global view by default. This view contains attachments and emails from all Exchange accounts that you have configured on your device.

The All Accounts mailbox has the following menu items:

  • All attachments
  • Inbox
    • Unread
    • Flagged
  • Drafts
  • Sent Items
  • Outbox
  • Deleted Items

Although the All Accounts view displays your emails from multiple accounts collectively, the following actions use the email address of the default or primary account:

  • New message
  • New event

To change the email address of the sender while composing a new mail from the All Accounts view, tap the default address in the From: field and select a different account from the mail accounts that appear.

Note:

Composing an email from the conversation view auto-populates the From: field with the email address that conversation is addressed to.

Individual accounts

All the accounts you have configured appear as a list below All Accounts. The default or the primary account always appears first followed by the other accounts in alphabetical order.

The individual accounts display any subfolders you might have created. You can view the subfolders folders by tapping the V icon next to the folder.

The following actions are limited to individual accounts only:

  • Moving items.
  • Composing emails from conversation view.
  • Importing vCard.
  • Saving contacts.

Contacts

To view your contacts, tap CONTACTS from the slide-out menu and then tap the hamburger icon on the top left. The Contacts screen displays the following items:

  • All Contacts: Displays all contacts from multiple email accounts.
  • Individual accounts: Displays contacts pertaining to the individual accounts that you have configured.

You can synchronize contacts pertaining to an individual account to your local contacts.

To sync with local contacts

  1. Navigate to Settings > Contacts > Sync with Local Contacts and then tap > to expand the menu.
  2. In the Sync Local Contacts screen, enable the account whose contacts you want to sync.
  3. Tap OK.
  4. When prompted to allow Secure Mail to access your contacts, tap OK.

You have now successfully exported contacts for the account. To undo this action, go to Settings > Contacts > Sync with Local Contacts and then tap on the switch next to the account to disable this feature. Tap Yes, Delete to confirm your action.

If you have created folders or subfolders for your contacts using Microsoft Outlook, you can view them in Secure Mail.

To view the contact folders

  1. Tap Contacts from the slide-out menu. The Contacts folders and subfolders pertaining to the individual accounts appear.
  2. Tap an account to view all the contacts associated with that account.

    Image of the Contacts screen

    Image of the list of contacts

  3. To view contacts from a folder or subfolder, tap the respective folder or subfolder. The contacts associated with that folder appear.

    Image of the contacts in a folder

Calendar

The calendar displays all events pertaining to the multiple accounts on your device. You can set colors to individual accounts to differentiate calendars events pertaining to individual accounts.

To set colors to calendar events

  1. Select CALENDAR from menu.
  2. Tap the hamburger icon on the top left. The Calendars screen displays all the accounts you have configured.
  3. Tap on the default color displayed on the right of an Exchange account. The Colors screen displays the available colors for that account.
  4. Select a color of your choice and then tap Save.
  5. To return to the previous screen, tap Cancel. The selected color is set for all calendar events pertaining to that Exchange account.

When you are creating a calendar invitation or event, the Organizer field auto-populates with the email address of the default account. To change the mail account, tap this email address and select another account.

Note:

When you exit and then launch Secure Mail, the app restores the last configured calendar settings on your device.

Search

You can perform a global search from the All Accounts or the All Contacts view. This action displays the appropriate results after searching all the accounts in the app. All searches from within an individual account displays results pertaining to that account only.

Swipe to delete

On iOS and Android devices, you perform the following actions by swiping an email either left or right.

  • More
  • Flag
  • Delete
  • Mark

The following table captures the actions available on swipe gestures in various folders:

Folders Left swipe Long left swipe Right swipe  
  Inbox/Sent/Delete Delete; Flag/Unflag; More Delete Read/Unread
  Drafts Delete; Flag/Unflag Delete Read/Unread
  Outbox Delete; Resend/Cancel Delete No Action
  Server Results Forward; Reply/Reply All Reply/Reply All No Action

Tap on one of the menu items to perform further actions.

Image of the swipe action

You swipe right to perform the Mark action.

The following sections provide more information about each menu item.

The More menu displays the following options:

  • Reply
  • Reply All
  • Forward
  • Move
  • Cancel

Image of the More menu

The Flag option allows you to mark the email for faster reference. You can also use this option to clear the status of a previously flagged email.

The Delete option allows you to delete the selected email.

Image of the Delete option

You can also delete an email by long swiping the email item toward the left.

Image of the left long swipe

In both delete scenarios, the Undo button appears for a few seconds so you can reverse the action.

Image of the Undo button

You can delete multiple emails by long pressing an email item and then selecting the emails that you want to delete.

The Mark option allows you to mark an email as read or unread. This swipe gesture lets you toggle among the two Mark as states - Read and Unread.

Image of the Mark option

Join Skype for Business meetings on iOS and Android

You can join Skype for Business meetings seamlessly through Secure Mail. This feature requires the Skype for Business app to be installed on your device.

To join a Skype for Business meeting

  1. Tap on the Skype for Business meeting reminder or calendar event.
  2. In the Event Details screen, tap the Skype Join Meeting. The Skype for Business meeting starts in a new window.

    If you have not installed Skype for Business on your device, tap Install Skype to install the app.

You can now print emails, calendar events, or inline images from your iOS device.

Prerequisites

Before you begin, ensure that the following requirements are met:

  • The Block AirPrint option is set to OFF.
  • The Allow viewers to print option is disabled in IRM.

By default, the print feature is enabled in Secure Mail for iOS. The printing feature might be controlled by your administrator through administrative policies via Apple AirPrint or Microsoft Information Rights Management (IRM). In these scenarios, printing an email, calendar event, or inline image will not work and an error message might appear.

To print emails

  1. Open the email item you want to print.
  2. Tap the Reply/Forward icon. The following options appear:
    • Reply
    • Forward
    • Print

    Image of the email to print

  3. Tap Print. The Printer Options screen appears.

    localized image

  4. To select a printer, tap Select Printer. The Printer screen appears.

    Image of the printer options screen

  5. Select the printer you want to print to.

    Image of the printer list

  6. Tap or + to decrease or increase the number of copies you want to print.

    Image of the copies option

  7. To print a specific page or a range of pages, tap Range. The Page Range screen appears. By default, All Pages is selected.

    Image of the page range option

  8. To change the page selection, swipe the page numbers up or down.

    Image of the page number option

  9. Tap Printer Options to go back to the Printer Options screen.

    Image of the print options list

  10. To print in black and white, tap the Black & White button. By default, Secure Mail prints in color.

    Image of the black-and-white option

  11. Tap Print on the top right to print the email.
  12. To cancel the print job, tap Cancel on the top left.

To print a calendar event

  1. Navigate to calendar and select an event.

    Image of a calendar event

  2. Tap the Reply/Forward icon. The following options appear:

    • Reply
    • Reply All
    • Forward
    • Print
    • Cancel

    Image of the email options

  3. Tap Print and follow the same instructions as mentioned in the preceding section To print emails.

To print inline images:

  1. Open the email item with the inline image.
  2. Long press the image. The following options appear:

    • Reply
    • Forward
    • Print

    Image of the email options

  3. Tap Print and follow the instructions as mentioned in the proceding section To print emails.

In-app preview of attachments and other enhancements to attachments

You can now preview attachments (MS Office and images) in Secure Mail in-app, rather than by opening it by using third-party apps, such as QuickEdit.

You can perform the following actions when viewing attachments:

  • Select an existing message from your mailboxes to attach the file to.
  • Select a new message to attach the file to.
  • Save attachment for offline access.
  • Delete attachment from offline files.
  • Open attachment using a different application.
  • View the source email or calendar event of the attachment.

Note:

You can view the source email or calendar event when viewing attachments from the Attachments repository only.

Further, you can preview attachments in the following cases:

  • Viewing a message.
  • Composing a new message.
  • Attachments folder.
  • Calendar events.

To select a message to attach the file to

  1. Open the email with the attachment.

    Image of email with attachment

  2. Tap the attachment.

  3. Tap the Attach icon.

    The Inbox appears.

    Image of the Inbox

  4. Select an existing message to attach this file to or tap New message to attach this file to a new message.

    Image of message

    Image of new message

To save the attachment for offline access

  1. Open the attachment.
  2. Tap the Download icon to save the attachment for offline access.

Image of the offline access option

To delete the attachment from offline files

  1. Open the attachment.
  2. Tap the Trash icon to delete the attachment from the offline files.

Image of the remove option

To open the attachment by using a different application

  1. Open the attachment.
  2. Tap the Share icon and select an application to open the attachment.

    Image of the open with different application option

  3. From the options that appear, tap on the one you want to open the attachment with.

    localized image

To view the source email or calendar event of the attachment

  1. Navigate to Mailboxes > Attachments.
  2. The recent attachments are listed.

    localized image

  3. Tap the attachment and then tap the information icon on the top left of the screen.

    localized image

  4. The source email appears.

    localized image

Multiple conference codes (Dial-In to a meeting)

Secure Mail for iOS supports multiple conference codes. You can now select a conference code, from a list of available conference codes, to join a meeting.

To dial-in to a meeting

  1. Open a meeting invite and tap Dial In.

  2. From the list of phone numbers that appear, select one to dial in.

  3. From the list of conference codes that appear, select one to join the meeting.

  4. Tap Call to join the meeting.

Migrating user names to email addresses (UPN)

In Secure Mail for iOS and Android, you can migrate from an Exchange user name and password based authentication to a UPN and password based authentication.

With this feature enabled, you do not have to do any of the following:

  • Reinstall Secure Mail.
  • Delete and add the account in Secure Mail.
  • Change the user name in Secure Mail.

Prerequisites

Before you proceed with this migration, ensure that users are running Secure Mail version 10.7.25 or later. To use this feature, you must enable the Attempt Username Migration On Auth Failure policy.

To migrate to UPN-based authentication

  1. Enable the Attempt Username Migration On Auth Failure policy in XenMobile Server.
  2. Migrate your Exchange user account to a new UPN that matches the user’s primary SMTP email address. This triggers an Authentication Failure. Secure Mail attempts authentication by using the primary SMTP email address.

On successful authentication, the user account is migrated to the updated UPN.

To verify the migration

On iOS devices: Go to Settings and then tap the account to view the details. On successful migration, the primary SMTP email address appears in the User Name field in the ACCOUNT screen.

On Android devices: Go to Settings and then tap the account to view the details. On successful migration, the primary SMTP email address appears in the Username field in the Account details screen.

Personal distribution lists

Prerequisites

  • Exchange Web Services (EWS) is enabled on your Exchange Server.
  • Microsoft Exchange Server version 10 SP1 or later.

Secure Mail for iOS and Android supports Personal Contact Groups. You can view contact groups that you have created on your Outlook desktop client in Secure Mail. The contact groups that you have created appear in Contacts in Secure Mail.

Note:

You cannot view members of a nested contact group in Secure Mail.

You can use the Personal distribution lists when you compose an email or create a calendar event. If you have created a Personal Contact Group (Distribution List) using Exchange, you can view the list in Secure Mail.

To view a Personal distribution list

  1. In Secure Mail, open Contacts.
  2. Type the name of the contact group.
  3. The group appears in the search result.
  4. Tap the contact group to view the members.

    localized image

Note:

You cannot edit a contact group in Secure Mail.

To compose a mail to a contact group

  1. Open Secure Mail and tap the + icon to compose a mail.
  2. In the New Message screen, type the contact group’s name in the To: field.
  3. From the list of contacts that appear, select the contact group.

    localized image

    Contact groups are denoted by the following icon:

    localized image

To send a calendar invite to a contact group

  1. Open Secure Mail and navigate to Calendar.
  2. Tap the + icon to create a calendar event.
  3. In the New Event screen, tap Invitees to add members.
  4. Type the contact group’s name to send the invite to the group.

    localized image

  5. From the list of contacts that appear, select the contact group.

Report phishing emails

Secure Mail for iOS and Android allows you to report mails suspected of phishing. To enable this feature, you must configure the Report Phishing Mail Addresses policy.

You can provide an email address or a list of comma-separated email addresses to report the phishing message.

localized image

To report phishing emails

  1. To report an email, swipe-left and tap More.

    localized image

  2. Tap Report as phishing.
  3. Tap REPORT AND DELETE to confirm.

    localized image

This email is reported to the address or addresses that you have configured.

Modern authentication using Microsoft Office 365

Secure Mail for iOS supports modern authentication using Microsoft office 365. This method implements an OAuth token-based authentication with user name and password.

Prerequisites

  • Enable modern authentication (OAuth) for Microsoft Office 365. For details, see Microsoft TechNet.
  • Migrate your on-premises mailboxes to Microsoft Office 365. For details, see Microsoft Technet.

Note:

This release does not support modern authentication with XenMobile integration with Microsoft Intune/EMS.

Ensure that you have configured the following MDX policies in the XenMobile console listed under OAuth Support for Office 365:

  • Office 365 authentication mechanism. This policy indicates the OAuth mechanism used for authentication while configuring an account on Office 365.
  • Do not use OAuth. OAuth is not used. Secure Mail uses basic authentication (user name and password) for Office 365 Exchange account configuration. This is the default setting.
  • Use OAuth with Username and Password. The user must provide their email, password, and a multi-factor authentication code on the Secure Mail authentication screen for Microsoft. Then, on the next screen, the user must grant Secure Mail permission to access the Office 365 mailbox.
  • Trusted Exchange Online Hostnames. Define a list of trusted Exchange Online hostnames that use the OAuth mechanism for authentication while configuring an account. This is a comma-separated format, such as ** server.company.com, server.company.co.uk. If the list is empty, Secure Mail uses basic authentication for account configuration. Default value is outlook.office365.com.
  • Trusted AD FS Hostnames. Define a list of trusted AD FS hostnames for webpages where the password populates during Office 365 OAuth authentication. This is a comma-separated format, such as sts.companyname.com, sts.company.co.uk. If the list is empty, Secure Mail does not auto populate passwords. Secure Mail matches the listed hostnames with the hostname of the webpage encountered during Office 365 authentication and checks if the page uses HTTPS protocol. For instance, when sts.company.com is a listed hostname, if the user navigates to https://sts.company.com, Secure Mail populates the password if the page has a password field. Default value is login.microsoftonline.com.

Secure Mail for iOS is now enabled with modern authentication when the policies are refreshed on the device.

Android for Work in Secure Mail

Secure Mail and Secure Web for Android is compatible with Android enterprise, formerly known as Android for Work.

Prerequisites

  • To be able to use this feature, ensure that your device is running Android 5.0 or later.
  • For on-premises deployments, the afw.accounts XenMobile Server property must be set to TRUE.

After you have set up Android enterprise on the XenMobile Server, the XenMobile Apps are available on your device. The apps are identified by the Android Enterprise icon as highlighted in the following image.

Image of Android enterprise icon

Features that are compatible with Android enterprise

The following table lists the Secure Mail features that are compatible with Android enterprise.

Feature Support
Exchange Server auto discovery X
Secure Ticket Authority (STA) X
Export contacts X
Microsoft Information Rights Management X
Lock-screen notifications X
Mail sync X
Email classification X
S/MIME signing and encryption X
Firebase Cloud Messaging (FCM) service X
Modern authentication (OAuth)  
Multiple Exchange accounts X
Personal calendar  
Export mail settings X
Shared devices  
XenMobile integration with Microsoft Intune/EMS  
Office 365 X
LDAP Exchange Server 2010, 2013, and 2016 X
Certificate based authentication (CBA)  
Go ToMeeting X
Skype for Business  
Personal distribution list X
ShareFile compatibility X
Email enrollment with single sign-on X

The following table below lists the Secure Web features that are compatible with Android enterprise.

Feature Support
Secure Browse mode X
Full VPN mode X
All app features X
Compatibility with Secure Mail X

Rich text signatures

In Secure Mail for iOS and Android, you can use images or links in your email signature. To update your signature, simply copy and paste images or links in the signature field.

Image of signature feature

To add a rich text signature

  1. Copy the image or URL you want to use.

  2. Navigate to Secure Mail > Settings > Signature.

  3. Paste the image or URL.

Alternatively, on iOS devices, you can long press in the signature field and tap Insert Picture to select an image from your gallery.