Organizations use e-mail as primary means of passing confidential corporate data. Further, data is also shared in the form of e-mail attachments. This data must be secured to prevent any unauthorized access/usage of data. MDM provides mutliple solutions across platforms, to secure E-mail, as explained below:
Conditional Exchange Access automates granting Exchange mailbox access to managed devices, while restricting devices not enrolled with MDM from accessing Exchange. This ensures devices accessing confidential corporate data, are under the management of MDM. Conditional Exchange Access is applicable for all three platforms.
While configuring E-mail/Exchange policy for iOS devices, disabling options Prevent Moving Messages to other Mail Accounts and Block Account usage from non-Mail Apps, ensures the messages can neither be moved nor be accessed by any other app other than the default mail app.
The advantage of using Exchange ActiveSync over E-mail, is that you can configure and secure Exchange using certificates. Certificate-based authentication(CBA) provides more security, as the account details can be distributed through the certificates. Know more about certificates here. Further, configuring Exchange ensures you can customize even the mail sync settings. This ensures a virtual container is created, whereby there is no unauthorized access of data.
While configuring E-mail/Exchange policy for Android devices, disabling Allow Forwarding Mails ensure the e-mails cannot be moved from corporate mail accounts to personal mail accounts. Also, disabling Allow User to change settings ensures Admin-configured settings cannot be modified.
The advantage of using Exchange ActiveSync over E-mail, is that you can configure and secure Exchange using certificates. Certificate-based authentication provides more security, as the account details can be distributed through the certificates. Know more about certificates here. Further, configuring Exchange ensures you can customize even the mail sync settings.
In general e-mail communication can be secured by using SSL and other security settings provided in MDM.
E-mail can also be secured using restrictions, with the only downside being the restrictions are applied to all features and capabilities of the device including E-mail and may affect the normal functioning of the device.
The following restrictions can be applied, to secure e-mail:
MDM recommends using Conditional Exchange Access to secure E-mail as the restriction is applied on the accounts and not on the device, ensuring e-mail cannot be access from other unamanaged devices and also ensuring the normal functionality of the device is unaffected.
MDM also supports securing attachments sent through mail. The document viewer present in the ME MDM app lets you securely view and organize your e-mail attachments. Know more about document viewer here.
Once the user leaves the organization, the corporate data can be wiped by performing either a Corporate or Complete Wipe on the device. Corporate wipe will remove the e-mail account configured along with the apps and content shared using MDM.