Product Documentation

Configuring Touchdown for Android Devices

Apr 10, 2015

Device Manager leverages NitroDesk TouchDown technology to enable you to push Exchange email configurations and security policies to Android devices using the ActiveSync protocol. It enables device administrators to install TouchDown software on Android devices, configure device email settings, and apply corporate security policies to Android devices managed by Device Manager. Before you configure policies, download the NitroDesk TouchDown binary from the following locations:

  • http://nitrodesk.com/tddownloads/nitroid-droid.apk (Smart phones running Android 2.x or 4.x)
  • http://nitrodesk.com/tddownloads/nitroid-honey.apk (Tablets running Android 3.x)

You can download the TouchDown app from the Android Market or from the server running Device Manager. Before downloading the TouchDown software to your Android device, ensure that you have either an internal or external SD card. Then, enable the following setting before attempting the download: Settings > Applications > Unknown Sources.

Policy Combinations for Touchdown on Android Devices

The following policies combinations are common and useful ways to manage your Android devices with TouchDown.

License TouchDown App and Add Encryption Policy
License Key
RequireDeviceEncryption = true
RequireStorageCardEncryption = true
Require Passcode for TD App
DevicePasswordEnabled = true
MaxInactivityTimeDeviceLock =
MinDevicePasswordLength =
SuppressApplicationPIN = true
Prevent Attachments Download to SD Card
AllowStorageCard = false
Roaming and Custom Signature
RequireManualSyncWhenRoaming = true
SetSignature = Zenprise Protected Tablet
Update Device Type
DeviceTypeString = TouchDown

XenMobile-Certified TouchDown Policies

The following is a list of XenMobile-certified TouchDown policies that you can use with your Android device. Device Manager provides several other policies that are available but not officially certified.

Email Data Encryption Policies
The following two TouchDown policies are required to enable secure email data encryption:
  • RequireStorageCardEncryption = true. If True, email attachments downloaded to an SD card will be encrypted. Also, the policy disallows moving a TouchDown profile/database to the SD card. Note that attachments prior to this policy will continue to remain in plain text, and all attachments after this policy is activated will be encrypted on the SD card.
  • RequireDeviceEncryption = true. If True encrypts Contacts, Calendar and Email content; i.e., header as well as body, but not attachments.
TouchDown License Policy
LicenseKey = <String>. String value that specifies license key for the TouchDown application.
Individual Security Policies
  • SuppressApplicationPIN = true. If True, the application will not show a PIN prompt and if you do not want the Exchange ActiveSync PIN to be enforced by TouchDown. This is useful if Device Manager decides to enforce a device level PIN. If set to False, then TouchDown will prompt for pin/passcode only once. To change that behavior, set this policy to false and add the policy named MaxInactivityTimeDeviceLock, which prompts the user for a pin/passcode after a period of inactivity.
  • MaxInactivityTimeDeviceLock. Integer value (in seconds) that defines maximum inactivity time period before device auto locks.
  • DevicePasswordEnabled = true. If this field is not present, TouchDown will honor the PIN policies that Exchange ActiveSync sends. If this field is present then True = Enable PIN prompting. False = TouchDown will not prompt for PIN (even if EAS policies require it). Please make sure to add the policy named MinDevicePasswordLength along with this policy.
  • MinDevicePasswordLength = 1,2,3...14. Integer value that defines minimum password length for device passwords. Please make sure to add policy:DevicePasswordEnabled along with this policy.
  • AlphaNumericDevicePasswordRequired = true|false. True, if you want TouchDown application to enforce alphanumeric codes for device passwords. Make sure to add policies:DevicePasswordEnabled and MinDevicePasswordLength along with this policy.
  • AllowSimpleDevicePassword = true|false. If True, allows simple device passwords. Make sure to add policies:DevicePasswordEnabled and MinDevicePasswordLength along with this policy.
  • AllowStorageCard = true|false. If false, prevents downloading of attachments to the SD card. Also, disallows moving of TouchDown profile/database to the SD card.
  • AttachmentsEnabled = true|false. True, ability to send/receive email attachments via TouchDown
  • RequireManualSyncWhenRoaming = true|false (to reduce data roaming charges). If True, ability to manually sync email when device is roaming thereby limiting data roaming charges.
  • DisableCopyToPhoneBook = true (for data loss prevention purposes). If True, this will cause TouchDown to never copy contacts to the device phone book.

To configure a TouchDown policy to install and configure Exchange email accounts

You can use TouchDown in Device Manager to install and configure Exchange email accounts for users for your Android device users.
Note: For each TouchDown policy that you create, be sure to add the TouchDown license key to the policy, or the policy will not work
  1. Click the Policies tab and then under Android, click Configurations.
  2. Click New Configuration and then click TouchDown Email.
  3. In the Add a TouchDown Email configuration dialog box, enter a configuration name for the policy (such as TouchDown Email) and then enter your Exchange email parameters.
    Important: While deploying this policy, XenMobile behaves as though the NitroDesk TouchDown application is already being installed from Android Marketplace. You can leave the password field blank, which will prompt the user to enter a password.
  4. Add the license key to the policy, so you can be sure you are deploying valid software. Click the Policies and Applications Settings tab, click New Configuration and then click Policy.
  5. In the New Configuration dialog box, in Name, click LicenseKey and then, in the Value, enter the TouchDown license string.
  6. Click Create and then click Add.

After you deploy the policy, the user needs to log in the Android agent and authenticate the users' credentials in order activate the policy.

To create a deployment package for the TouchDown policy

In order to push the TouchDown email configuration policy to your Android devices, you need to create, configure, and run a deployment package in Device Manager to the devices you want to use the policy.
  1. Click the Deployment tab, click New Package and then click New Android Package.
  2. In the Create New Package wizard, define and deploy the TouchDown email package. On the Name page, enter a name for the email policy, such as TouchDown Email.
  3. On the Groups page, select a group or groups to be the recipient of this package. Or, you can choose to create an anonymous deployment. Any users unable to authenticate themselves to the server can be connected in anonymous mode and still receive packages.
  4. On the Resources to be deployed page, in the Policies list, select the TouchDown Email policy you want to deploy and then click the right arrow to add the policy to the package.
  5. In Installation Files, select the appropriate Android and TouchDown software to add to the package, depending on if you are deploying to an Android tablet or a phone.
  6. In the Deployment schedule page, choose a time to run the deployment, or click Now to run the deployment immediately.
  7. On the Deployment rules page,
  8. When you have configured the deployment package and are ready to deploy, click Finish.

After you deploy the policy, the user needs to log in on the Android agent to authenticate the user's credential in order activate the policy.

To initiate a selective wipe of email data by using a TouchDown API

You can initiate a selective wipe of email data (emails and attachments) on an Android device by using a TouchDown application programming interface (API). You can initiate an elective wipe on the Security tab. Status updates are available on a per-device basis on the General tab.

If a device user saved an email attachment to a location outside of the TouchDown default attachments folder, TouchDown won't be able to detect the action. XenMobile won't, therefore, delete the data as part of the selective wipe. This is a limitation with the use of the TouchDown API.

Configuring Deployment Rules for an Android Device Size

You can use Device Manager deployment rules to differentiate between a smartphone and a tablet based on the size of the Android device, and then deploy the policies based on size of the target device. The screen size rules enable you to apply specific policies based on whether or not the device is a tablet or a smartphone. Because some deployment resources are tablet-specific, using the screen size property will ensure accurate deployments of tablet- or phone-specific policies.

You can create the rules, for example, if you want to deploy a TouchDown Android policy on all Android tablets except the Amazon Kindle, and you want to ensure that these policies do not get deployed to any smartphones that may happen to be running the same version of Android that the tablets are running. Conversely, you may want to deploy a similar Android package, but for smartphones.

You set the rules in the Edit package wizard, in Deployment rules, on the Simple or Advanced tabs.

List of TouchDown Policies for Android Devices

AllowHTMLEmail
Type: Boolean
If True, TouchDown will allow the device to receive email that uses HTML format.
AllowSimpleDevicePassword
Type: Boolean

If True, allows simple device passwords.

Please be sure to add the following policies in combination with this policy:

  • DevicePasswordEnabled
  • MinDevicePasswordLength
AllowStorageCard
Type: Boolean

If False, prevents downloading of attachments to a device's SD card. Also, this policy disallows moving a TouchDown profile/database to an SD card.

AlphaNumericDevicePasswordRequired
Type: Boolean

If True, TouchDown will enforce alphanumeric codes for device passwords. Please be sure to add the following policies in combination with this policy:

  • DevicePasswordEnabled
  • MinDevicePasswordLength
AttachmentsEnabled
Type: Boolean
If True, allows you to send/receive email attachments via TouchDown.
DevicePasswordEnabled
Type: Boolean

If this field is not present, TouchDown will honor the PIN policies that EAS sends. If this field is present, and if you set to True, PIN prompting is enabled and a PIN will be required to access the device. If False, TouchDown will not prompt for a PIN, even if the Exchange ActiveSync (EAS) has policies set that require a PIN. Please be sure to add the MinDevicePasswordLength policy along with this policy.

DevicePasswordExpirationDays
Type: Integer

Value that defines when a device's password is about to expire, measured in days. 0 = no expiration.

DevicePasswordHistoryCount
Type: Integer
Value that defines device password where 0 = no history.
DisableCalendarWidget
Type: Boolean
If True, the Calendar widget will not show any data.
DisableChangeSignature
Type: Boolean
If true, TouchDown disallows user from changing email signature line.
DisableCleanup
Type: Boolean
If True, the user will be prevented from being able to wipe configuration settings on the device.
DisableCopyPaste
Type: Boolean
If True, users will not be able to copy data from email or paste data into email when composing messages.
DisableCopyToPhoneBook
Type: Boolean
If True, this will prevent the user from ever being able to copy contacts to the device phone book.
DisableDatabaseBackup
Type: Boolean
If True, the user cannot backup data to an SD card.
DisableEasyPINRecovery
Type: Boolean
If True, the user cannot use PIN Reset by entering a Microsoft Exchange account password.
DisableEmailWidget
Type: Boolean
If True, email widget will not display any data.
DisableExportTo3rdPartyWidgets
Type: Boolean
If true, device cannot export data to external content provider widgets.
DisableReconfiguration
Type: Boolean
Reconfiguration of device is disabled except through the MDM client.
DisableSettigsBackup
Type: Boolean
If True, user cannot back up device settings to an SD card.
DisableSpeecNotification
Type: Boolean
If True, notifications will not be read out loud.
DisableTaskWidget
Type: Boolean
If True, task widgets will not display any data.
DisableUniversalWidget
Type: Boolean
If True, Universal widget will not display any data.
HideCalendarInfoOnNotificationBar
Type: Boolean
If True, notifications will not show calendar data indicating which appointment is scheduled.
HideEmailInfoOnNotificationBar
Type: Boolean
If True, notifications will not show Email data.
HideTaskInfoOnNotificationBar
Type: Boolean
If True, notifications will not show Task data.
hideWidgetDataWhenLocked
Type: Boolean
If True, PIN lock will hide data in widgets.
License Key
Type: String
String value that specifies license key that enables running the TouchDown application.
Note: Configuring the LicenseKey policy is required in order to use TouchDown Android policies in Device Manager.
MaxAttachmentSize
Type: Integer
Integer value that defines maximum size of attachments.
MaxCalendarAgeFilter
Type: Integer

Integer value specifying maximum range of past events to sync.

Valid values are as follows:

0 = unlimited, 4 = 2 weeks, 5 = 1month, 6 = 3months, 7 = months

Note that this will not impact the currently set values by the user if the current values are more restrictive than this value.

MaxDevicePasswordFailedAttempts
Type: Integer
Integer value that defines maximum failed attempts to enter a correct device passcode before locking the user from accessing the device.
MaxEmailAgeFilter
Type: Integer
Integer value specifying maximum range of past emails to sync.
MaxEmailBodyTruncationSize
Type: Integer

Integer values that determines the maximum sized of an email body before it is truncated.

Valid values:

  • 0 - No Body is fetched
  • 1-4k
  • 2-5k
  • 3-7k
  • 4-10k
  • 5-20k
  • 6-50k
  • 7-100k
  • 8 - unlimited

Raw integral values representing the size in bytes may also be used. For example, if you set to 3000 (above 8), TouchDown will limit to the closest kilobyte unit shown above. Also note, this ONLY limits the upper limit the user chooses, and does not enforce the exact value. For example, if you set the value to 7, the user can then choose to limit to any value less than 100k.

MaxInactivityTimeDeviceLock
Type: Integer
Integer value (in seconds) that defines maximum inactivity time period before device auto locks.
MinDevicePasswordComplexCharacters
Type: Integer
Specifies the number of complex characters required in a device password.
MinDevicePasswordLength
Type: Integer

Defines minimum password length for device passwords.

Please make sure to add the DevicePasswordEnabled policy along with this policy.

PhoneBookCopyFields
Type: Integer

Comma-separated list of fields that can be copied to phone book.

The following fields can be entered in this string, delimited by commas, without any spaces:

  • org
  • photo
  • note
  • title
  • location
  • dept
  • wphone
  • wphone2
  • hphone
  • hphone2
  • mphone
  • ofax
  • hfax
  • assistantphone
  • radiophone
  • carphone
  • pager
  • compphone
  • email1
  • email2
  • email3
  • homeaddress
  • workaddress
  • otheraddress
RequireDeviceEncryption
Type: Boolean
If True, encrypts Contacts, Calendar and Email content, such as header as well as body, but not attachments.
RequireStorageCardEncryption
Type: Boolean

If True, email attachments downloaded to the SD card will be encrypted. Also, True disallows moving of TouchDown profile/database to the SD card.

Please note that attachments prior to this policy will continue to remain in plain text, and after this policy is activated all attachments will be encrypted on the SD card.

SetPlainTextSignature
Type: String
String values that specify the signature on the application to be used with plain text email.
SetSignature
Type: String
String value that sets the signature on the application.
SetSupressions
Type: String

String value that specifies a list of suppression codes to apply to TouchDown. To prevent TouchDown from displaying certain options to the end user. The list of codes should be comma separated, with at least one comma in the string.

SupressApplicationPIN
Type: Boolean

Set to True if you do not want the application to show a PIN prompt, and you do not want the Exchange ActiveSync (EAS) PIN to be enforced by TouchDown. This is useful if the MDM decides to enforce a device level PIN. If False, TouchDown will prompt for pin/passcode only once.

To change that behavior, set this policy to False and add the policy named MaxInactivityTimeDeviceLock, which prompts the user for a pin/passcode after a period of inactivity.

List of TouchDown Application Settings for Android Devices

AlwaysBCCSelf
Type: Boolean
If True, sends a copy (BCC) of all outgoing emails to the configured email address.
AppointmentRemindersAtNonPeakTime
Type: Boolean
If True, reminds user of all appointments even if the appointment occurs during off hours or if the reminder is set to occur during off hours.
CalendarAllDayInWidget
Type: Boolean
If True, this option will show all-day events in the TouchDown Calendar Widget.
CalendarCustomWeekView
Type: Boolean
This option gives two additional options:
  • Week starts on
  • Week ends on

Using these options the user can change the Week starts on and Week ends on options to select the start and end dates for the week.

Selecting a custom week start and end days will change the way the week view is shown. It will not affect the month view unless your Week start day is before the weekend day (Monday to Saturday).

CalendarDefaultPrivacy
Type: String
Automatically places the same privacy status for each new event unless otherwise specified by the user.
CalendarDefaultReminder
Type: Integer
Automatically places the same reminder length for each new event unless otherwise specified by the user.
CalendarDefaultStatus
Type: String
Automatically places the same availability status for each new event unless otherwise specified by the user.
CalendarEnableResources
Type: Boolean
If True, gives the ability to specify a resource field when creating new meetings. The user may use the resources field to specify non-attendees such as conference room resources or equipment which are available using an email address.
CalendarFirstWeekday
Type: Integer
Specifies the first day of the week to show in the calendar.
CalendarLastWeekday
Type: Integer
Specifies the last day of the week to show in the calendar, where 1 - 7 represents Sunday - Saturday. For example, 1 = Monday, 2 = Tuesday, and so on.
CalendarLightTheme
Type: Boolean
If True, the day and week Views will be shown with a light theme.
CalendarOverdueTasksInAgenda
Type: Boolean
If True, shows overdue tasks in the agenda.
CalendarShowUpcomingOnly
Type: Boolean
If True, in the TouchDown Agenda view only current appointments that have not already passed for the current day are shown.
CalendarSyncHistory
Defines date range of appointments to synchronize.

Values:

  • -1 = All
  • 4 = 2 Weeks
  • 5 = 1 Month
  • 6 = 3 Months
  • 7 = 6 Months
CalendarTasksInAgenda
Type: Boolean
If True, shows the calendar tasks in the agenda.
CalendarWorkEnd
Type: String
Species the end of the work day.
CalendarWorkStart
Type: String
Specifies the start of the work day.
CalnedarZoom
Type: Integer
Indicates zoom size for showing the day and week views in larger size and fonts. A good recommended zoom size for high resolution devices is 150%.
CleanSDCardonRemoteWipe
Type: Boolean
Removes data from SD card when a remote wipe command is issued.
  • If True, will delete the entire SD card on remote wipe.
  • If False, remote wipe will delete only the TouchDown folder.
CopyToPhoneNameFormat
Defines how to copy TouchDown Exchange contacts to the phone book as First Last name or as Last First name. Values:
  • 0 = First Middle Initial Last
  • 1 = Last First Middle Initial
  • 2 = File As
DeferServerUpdates
Type: Boolean
Selected changes are deferred and batched to the server. This is selected by default and improves response time of the application as well as reduce the number of server updates.
DeviceTypeString
Type: String
Default is Android. Once this value is set, it should not be changed.
DisableSmartreplies
Type: Boolean
If True, Smart Replies are turned off. This option should only be selected if the server does not allow SmartReplies and SmartForwards. If forwards and replies are not working, then turn this option ON to determine if it works.
DisableTabletMode
Type: Boolean
If True, disables tablet mode even if it has detected that the user is working on a tablet. This option is specifically for tablet users who prefer the classic TouchDown view.
EmailAfterDeleteGoto
This option lets the user select the behavior when viewing a message and selecting to delete the message. Options include:
  • Email List. Go to the email list.
  • Next Email. Open the next email in the list. If none, go back to the email list view
  • Previous Email. Go to the previous email in the list. If none, go back to the email list view.
EmailAlwaysExpandFolders
Type: Boolean
If True, then when the user opens Choose Folders or taps the email folder bar to change folders, the folder tree will always appear uncollapsed until the user manually collapses them.
EmailBodyStyle
Type: String
Specifies different fonts, sizes, colors and styles to be used when composing new messages in HTML mode.
EmailConfirmDeletes
Type: Boolean
If True, prompts user with a message each time the user deletes an email to confirm that the email should be deleted.
EmailDownloadSize
Defines the download size of the email messages from the server during synchronization. Zimbra users should set this to a value less than or equal to 10 KB.
  • 1=4KB
  • 2=5KB
  • 3=7KB
  • 4 =10KB
  • 5 = 20 KB
  • 6 = 50 KB
  • 7 = 100 KB
  • 8=Full
  • 10 = No body
EmailFetchEmbeddedImages
Type: Boolean
If True, if using ActiveSync connection mode and HTML emails are enabled, embedded images within emails will automatically be downloaded and displayed. Note that this may cause some refreshing of the email message after each image is fetched and shown.
EmailHighlightSender
Type: Boolean
If True, makes the name of email sender of any email item larger and bold (as opposed to the subject).
EmailHighlightUnread
Type: Boolean
If True, any read items in the email list will appear grey, without subject or sender in bold, leaving only unread emails fully lit and bold.
EmailMoveToAny
Type: Boolean
If True, when the user selects to move email messages to other folders, the user is able to move messages to folders that have not been selected for synchronization. If this is False, then the user can only move emails to folders that have already synchronized.
EmailMultiSelectors
Type: Boolean
If True, each email message in the email list view will show a circle on the right side. The user can place a check mark against each message by tapping the circle. Once selected the user could perform operations like Delete, Mark as Read, Mark as Unread and Move to Folder on all the selected items at once by tapping the Menu button on the device and selecting the option from the menu that opens.
EmailPreviewAttachments
Type: Boolean
If True, view a sample thumbnail of email attachments after download but before attachments are opened with an attachment viewer.
EmailSearchAsYouType
Type: Boolean
If True, when the user searches for messages using the Menu/ Search option in the email list view, the messages are filtered according to the search string as typed. If this is False, the user must tap the green arrow next to the search string to perform the search.
EmailShowSummary
Type: Boolean
If True, displays an email summary.
EmailSyncHistory
Type: Integer
Defines a date range of emails to synchronize. Default is 14 days.
EmailTextViewSize
Select the text size to use when viewing email messages. This can be set to 1 of 5 levels: smallest, smaller, normal, larger or largest.
EmailToolBarMode
Select how to display the toolbar. Values:
  • 0 = Always show
  • 1=Hide
  • 2 = Toggle on shake
EnableHTMLEmail
Type: Boolean
If True, TouchDown will attempt to download and display emails in HTML format. If False, emails will be retrieved as plain text.
Note: If using a server other than Exchange server, this option is not recommended.
ExcludeAttachmentsFromGallery
Type: Boolean
If True, ensures that media files are not scanned by the Android Gallery application when it scans the SD card for media files.
FilteredTasksOnHomeScreenAndWidgets
Type: Boolean
If True, displays tasks on the home screen window and on the task widget when they are viewed on the TouchDown Tasks Screen.
HonorBackgroundDataSetting
Type: Boolean
If True, honors the user's preference in the Android operating system if user has decided to turn off Background Data in device settings under the Accounts & Sync heading.
IncludePhoneContactsInPickList
Type: Boolean
If True, lists contacts from the Android Phone Book as contact options for new email or SMS items.
ManualSyncWhenRoaming
Type: Boolean
If True, supresses push and polling when on a roaming network.
NoDeleteOnServer
Type: Boolean
If True, deleting emails on the device will not remove them from the server.
NoMarkReadOnServer
Type: Boolean
If True, reading emails or marking them as read/unread on the device will not mark them as read/unread on the server.
NormalizePhoneNumbers
Type: Boolean
If True, changes contact phone numbers as follows:
  • X and x, and extension will be replaced by a ; (semicolon)
  • P and p will be replaced with a ; (semicolon)
  • W and w will be replaced with a , (comma)
NotifyAppointments
Type: Boolean
If True, shows a notification for reminders.
NotifyFailedPolling
Type: Boolean
If True, sends a notification when a periodic data refresh fails.
NotifyNewEmail
Type: Boolean
If True, sends a notification when new messages are received.
NotifyPasswordFailure
Type: Boolean
If True, sends a notification when an entered password is incorrect.
NotifySuccessfulPolling
Type: Boolean
If True, sends a notification when a successful data refresh is received.
OffPeakPollInterval
Type: Integer

Defines off-peak polling interval. Any integer >=0, which specifies the polling minutes if polling is enabled during off peak hours.

PollAtOffPeak
Type: Integer
If True, TouchDown will periodically poll for changes even during off peak times.
PollingFrequency
Type: Integer
Defines the frequency to check for changes from the server. An ideal value is 15 minutes. Keep in mind that smaller polling intervals can increase battery drain. (Note: This only applies if Push is not enabled.)
PushEnabled
Type: Boolean
If True, push email is enabled.
ReminderRepeat
Type: Integer
Allows you to set interval of reminder repeats. Values:
  • 0 = No repeat reminders
  • X>0 = repeat after X minutes
  • X<0 = Repeat X minutes before appointment
ShowEmailsOnStartup
Type: Boolean
If True, TouchDown will always open and display your email list.
Supressions
Type: Integer
Comma-separated codes which will specify which fields to suppress.
UpdateContactChangesToPhone
Type: Boolean
If True, updates contact information on the device when detected on the server.