How to secure e-mail using MDM?

Description

Organizations use e-mail as primary means of passing confidential corporate data. Further, data is also shared in the form of e-mail attachments. This data must be secured to prevent any unauthorized access/usage of data. MDM provides mutliple solutions across platforms, to secure E-mail, as explained below:

Securing E-mail

Conditional Exchange Access

Conditional Exchange Access automates granting Exchange mailbox access to managed devices, while restricting devices not enrolled with MDM from accessing Exchange. This ensures devices accessing confidential corporate data, are under the management of MDM. Conditional Exchange Access is applicable for all three platforms.

Using E-mail/Exchange ActiveSync policies

iOS

While configuring E-mail/Exchange policy for iOS devices, disabling options Prevent Moving Messages to other Mail Accounts and Block Account usage from non-Mail Apps, ensures the messages can neither be moved nor be accessed by any other app other than the default mail app.

The advantage of using Exchange ActiveSync over E-mail, is that you can configure and secure Exchange using certificates. Certificate-based authentication(CBA) provides more security, as the account details can be distributed through the certificates. Know more about certificates here. Further, configuring Exchange ensures you can customize even the mail sync settings. This ensures a virtual container is created, whereby there is no unauthorized access of data.

Know more about E-mail and Exchange ActiveSync policies for iOS.

Android

While configuring E-mail/Exchange policy for Android devices, disabling Allow Forwarding Mails ensure the e-mails cannot be moved from corporate mail accounts to personal mail accounts. Also, disabling Allow User to change settings ensures Admin-configured settings cannot be modified.

The advantage of using Exchange ActiveSync over E-mail, is that you can configure and secure Exchange using certificates. Certificate-based authentication provides more security, as the account details can be distributed through the certificates. Know more about certificates here. Further, configuring Exchange ensures you can customize even the mail sync settings.

Know more about E-mail and Exchange ActiveSync policies for Android.

In general e-mail communication can be secured by using SSL and other security settings provided in MDM.

Using restrictions

E-mail can also be secured using restrictions, with the only downside being the restrictions are applied to all features and capabilities of the device including E-mail and may affect the normal functioning of the device.

The following restrictions can be applied, to secure e-mail:

  • Disable clipboard sharing
  • Disable screen capture
  • Disable syncing with cloud services such as iCloud etc.,
  • Disable sharing of data from managed apps to unmanaged apps
  • Disable transfer of data(e-mail attachments) through USB

Know more about Restrictions for iOS, Android and Windows.

MDM recommends using Conditional Exchange Access to secure E-mail as the restriction is applied on the accounts and not on the device, ensuring e-mail cannot be access from other unamanaged devices and also ensuring the normal functionality of the device is unaffected. 

Securing E-mail attachments

MDM also supports securing attachments sent through mail. The document viewer present in the ME MDM app lets you securely view and organize your e-mail attachments. Know more about document viewer here

Deleting data from devices

Once the user leaves the organization, the corporate data can be wiped by performing either a Corporate or Complete Wipe on the device. Corporate wipe will remove the e-mail account configured along with the apps and content shared using MDM.