How to configure App Configuration Policies
Introduction
Nine is able to be configured using MDM solutions such as MobileIron, AirWatch and so on. The App Configuration initiative defines a standard way for enterprise application developers to interpret app configurations and security policies from EMM (Enterprise Mobility Management) systems, and for EMM systems to configure and secure mobile applications.
This document describes the steps to be taken by the administrator so that when the user enlists a device with MDM solutions, the Nine installed on the device is automatically configured and secured.
Nine supports the following types of configurations.
App service configuration: Host, Port, UseSSL, DeviceIdPrefix, DeviceType
User configuration: Username, Email, Domain, DisplayName, Signature, LicenseNumber
Branding configuration: Company name, Colors, Logo
Security (or Custom) Settings: Sync settings, Print, Share contents
Nine Configuration Settings Values
App Service Configuration
It allows the application to connect to the appropriate app web services for an organization.
AppServicePublisher
Publisher
Type: String Example: (e.g. MobileIron) Default: Description: MDM service provider
AppServiceHost
Host
Type: String Example: (e.g. appserver.com) Default: Description: Hostname used to communicate with the application’s primary server (e.g. myserver.com). Application should implement its own default value.
AppServiceHosts
Hosts
Type: String Example: (e.g. appserver.com;example.com) Default: Description: If multiple hosts can be configured in the application, they will be sent as a string array. The first host in the list will be used as the default.
AppServiceSecondaryHost
Secondary Host
Type: String Example: (e.g. appserver.com) Default: Description: Server address for the subordinate accounts
AppServiceSecondaryHosts
Secondary Hosts
Type: String Example: (e.g. appserver.com;example.com) Default: Description: Server addresses for the subordinate accounts.
AppSecondaryEmailDomains
App secondary email domains
Type: String Example: (e.g. appserver.com;example.com) Default: Description: Email domains for the subordinate accounts.
AppServicePort
Port
Type: Integer Example: (e.g. 443) Default: 443 Description: Port number used to communicate with the application’s primary server (e.g. 443). Application should implement its own default value.
AppServiceUseSSL
Is Ssl Required
Type: Boolean Example: (e.g. True, False) Default: True Description: Determines if the application should use SSL when communicating to the applications’ server. Application should implement a default value.
AppServiceSSLTrustAll
Trust All Certificates
Type: Boolean Example: (e.g. True, False) Default: True Description: Accept all SSL certificates
AppDeviceIdPrefix
DevicePrefix Identifier
Type: String Example: (e.g. MSFT, YHOO) Default: Nine Description: Prefix for distinguishing DeviceID, (4 alphabetic letters)
AppUserAgent
User Agent
Type: String Example: (e.g. Nine, MDM) Default: Description: App name which is used in User Agent
AppUserAgentPrefix
User Agent Prefix
Type: String Example: Default: Description: Full text which is used in User Agent
AppDeviceId
Device Id
Type: String Example: (e.g. {EasDeviceIdentifier}) Default: Description: Device ID that the ActiveSync server uses for the device.
AirWatch SEG (Secure Email Gateway): {EasDeviceIdentifier}
MobileIron Sentry: $DEVICE_SN$
MobileIron Cloud: ${deviceEasIdentifier}
AppDeviceType
Device Type
Type: String Example: (e.g. Android) Default: Android Description: Device Type
AppUseLoginCertificate
Use Login Certificate
Type: Boolean Example: (e.g. True, False) Default: False Description: Client CA
AppLoginCertificateAlias
Login Certificate alias
Type: String Example: Default: Description: Certificate alias
AppReqParamPlaintext
Request param plain text
Type: Boolean Example: (e.g. True, False) Default: False Description: "The query value format in the URI contains all of the ActiveSync URI parameters.
e.g.)
Base64:
POST /Microsoft-Server-ActiveSync?jAAJBAp2MTQwRGV2aWNlAApTbWFydFBob25l HTTP/1.1
Plain text:
POST /Microsoft-Server- ActiveSync?Cmd=Sync&User=rmjones&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1"
AppUseModernAuthentication
App use modern authentication
Type: Boolean Example: (e.g. True, False) Default: False Description: Modern Authentication (ADAL)
AppPasswordEnable
Password required
Type: Integer Example: (e.g, -1, 0, 1) Default: -1 Description: App password Enable
-1 : Use Exchange Policy
0 : Disabled
1 : Enabled
AppPasswordComplexity
Password complexity
Type: Integer Example: (e.g. 0, 1) Default: 0 Description: App password complexity (0 : Simple, 1: Alphanumeric)
AppPasswordMinLength
Minimum password length
Type: Integer Example: (e.g. 4) Default: 0 Description: App Password Minimum length
AppPasswordExpirationDays
Password expiration days
Type: Integer Example: (e.g. 90) Default: 0 Description: App Password expiration date
AppPasswordHistory
Password history
Type: Integer Example: (e.g. 9) Default: 0 Description: App Password History counts
AppPasswordMaxFailed
Maximum failed password attempts
Type: Integer Example: (e.g. 10) Default: 0 Description: App Password Maximum failure counts
AppPasswordLockTime
Password lock time
Type: Integer Example: (e.g. 60) Default: 0 Description: App Password Maximum Lock Time (Min.)
AppUseAuthenticationBroker
App use authentication broker
Type: Boolean Example: (e.g. True, False) Default: False Description: Broker (Company Portal or Microsoft Authenticator)
AppUserAgentDetails
User agent details
Type: String Example: Ex) $OS $VERSION $APP_VERSION $APP_VERSION_CODE Default: Description: Extra information for UserAgent Eg> $OS $VERSION $APP_VERSION $APP_VERSION_CODE (Case sensitive) - SNINE4W-hero2ltexx/NRD90M (Android 7.0.1 4.0.3b 2402300)
AppLauncherShortcuts
App launcher shortcut
Type: String Example: [ "Mail", "Calendar", "Contacts", "Tasks", "Notes" ] Default: Description: eg) Add Calendar and Tasks shortcuts as default. [ "Calendar", "Tasks" ]
AppSecureMailLoadRemoteImages
App secure mail load remote images
Type: Integer Example: (e.g. -1, 0, 1, 2) Default: -1 Description: -1: User can select the option 0: Do not load 1: Ask before displaying remote images 2: Always display remote images
AppModernAuthenticationEnforcedServers
App modern authentication enforced server
Type: String Example: (e.g. outlook.office365.com, m.outlook.com) Default: Description: The server addresses which enforce to use Modern Authentication.
AppStrings
App strings
Type: String Example: { "compliance_changed_ticker_fmt": "Account $account_name changed its compliance settings; no user action is required.", "compliance_notification_content_change_title": "Compliance have changed" } Default: "" Description: DO NOT remove $account_name in the string
AppDisableURLRedirection
App disable URL redirection
Type: Boolean Example: (e.g. True, False) Default: False Description:
AppLDAPConfigurations
App LDAP Configurations
Type: String (JSON) Example: e.g. [ { "Description": "Default", "ServerAddress": "ldap.example.com", "ServerPort": "389", "TransportSecurity": 1, "SearchBase": "dc=mkt,dc=mainstore,dc=com", "BindDN": "", "BindPassword": "" } ] Default: Description: Description : Title of the configuration (mandatory, unique) ServerAddress : LDAP server address or IP address (mandatory) ServerPort : LDAP server port (mandatory) TransportSecurity : 0: None, 1: SSL, 2: StartTLS SearchBase : LDAP Naming base DN (mandatory) BindDN : Leave empty for anonymous BindPassword : Leave empty for anonymous
AppSelectiveAuthentication
App selective authentication
Type: Boolean Example: (e.g. True, False) Default: False Description:
AppPreemptivePushScheduling
App preemptive push scheduling
Type: Integer Example: (e.g. -1, 0, 1) Default: -1 Description: -1: User can select the option 0: Admin disables the option forcibly. User can't change the option. 1: Admin enables the option forcibly. User can't change the option.
AppEWSURL
App ews url
Type: String Example: https://outlook.office365.com:443/EWS/Exchange.asmx Default: Description:
AppCorporateContactsRefreshInterval
App corporate contacts refresh interval
Type: Integer Example: e.g. 30 Default: Description: Days 30: every 30 days
AppCorporateContactsSyncFields
App corporate contacts sync fields
Type: String (CSV) Example: e.g. "givenName, cn, homePhone, sn, mobile, o, mail, telephoneNumber, title, departement" Default: Description:
AppCorporateContactsCallerDisplay
App corporate contacts caller display
Type: String (CSV) Example: e.g. "cn, title, OU" Default: Description:
AppCorporateContactsLDAPConfigurations
App corporate contacts LDAP configurations
Type: String (JSON) Example: e.g.
[
{
"Description": "Default",
"ServerAddress": "ldap.example.com",
"ServerPort": "389",
"TransportSecurity": 1,
"SearchBase": "dc=mkt,dc=mainstore,dc=com",
"BindDN": "",
"BindPassword": ""
}
] Default: Description: Description : Title of the configuration (mandatory, unique) ServerAddress : LDAP server address or IP address (mandatory) ServerPort : LDAP server port (mandatory) TransportSecurity : 0: None, 1: SSL, 2: StartTLS SearchBase : LDAP Naming base DN (mandatory) BindDN : Leave empty for anonymous BindPassword : Leave empty for anonymous
AppUseLoginCertificateWithoutUserPassword
App use login certificate without user password
Type: Boolean Example: (e.g. True, False) Default: False Description:
AppSpamForwardingEmail
App spam forwarding email
Type: String Example: (e.g. security@example.com) Default: Description: If the 'AppSpamForwardingEmail' AppConfig is set, the 'Report Spam/Phish' menu is shown in the email details view.
AppRecurrenceEventEdit
App recurrence event edit
Type: Integer Example: (e.g. 0, 1) Default: 0 Description:
0: 3 options
Only this event
All events in the series
This and all future events
1: 2 options
Only this event
All events in the series
AppCryptographyLibrary
App cryptography library
Type: Integer Example: (e.g. 0, 1) Default: 0 Description: 0: Open SSL 1: Bouncy Castle
AppEditableLoginId
App editable loginId
Type: Boolean Example: (e.g. True, False) Default: False Description: If the value is true, you can edit the login Id field.
User Configuration
It allows the application to detect the user of the application, however does not uthenticate the user.
UserName
User name
Type: String Example: (e.g. wtillman) Default: Description: Username of the user who is using the device. Value to be used by application to authenticate user.
UserEmail
Email Address
Type: String Example: (e.g. will@company.com) Default: Description: Email address of the user who is using the application
UserPassword
Password
Type: String Example: (e.g. ****) Default: Description: Password for the user who is using the application
UserDomain
Domain
Type: String Example: (e.g. NADOMAIN) Default: Description: Domain of the user who is using the application
Multiple domains are able to be set with semicolon.
(eg. NADOMAIN1;NADOMAIN2)
UserDisplayName
Display name
Type: String Example: (e.g. James) Default: Description: User name which is displayed in Nine app
UserSignature
Default Signature
Type: String Example: (e.g. ABC Company, James, CIO, +4081234567) Default: Description: Email signature. If empty, use "Sent from Nine"
UserLicenseNumber
User License number
Type: String Example: (e.g. 123456781234) Default: Description: License key which is purchased in 9Folders web site
UserEmailSyncRange
Email Sync Range
Type: Integer Example: Default: Description: 0: All 1: 1 Day 2: 3 days 3: 1 week 4: 2 weeks 5: 1 month
UserEmailDownloadSize
Email Download Size
Type: Integer Example: Default: Description: 0: All 1: 10KB 2: 20KB 3: 50KB 4: 100KB
UserDefaultCalendar
User default calendar
Type: String Example: (e.g. com.google.android.calendar) Default: Description: Package name of the Calendar app which is used as the default Calendar. If it is empty, Nine Calendar is used as default.
UserFontFamily
User font family
Type: String Example: (e.g. Calibri, Arial, Helvetica, sans-serif) Default: Description: Default font family for outgoing email.
UserFontSize
User font size
Type: String Example: (e.g. 11.5) Default: Description: Default font size for outgoing email.
UserFontColor
User font color
Type: String Example: (e.g. #000000) Default: Description: Default font color for outgoing new email.
UserReplyFontColor
User reply font color
Type: String Example: (e.g. #1F497D) Default: Description: Default font color for reply email.
UserInAppCalendarNotification
User calendar notification
Type: Boolean Example: (e.g. True, False) Default: True Description: Calendar notification settings
UserDefaultEditor
User default editor
Type: Integer Example: (e.g. 0, 1) Default: 0 Description: 0: Rich Text Editor
1: Text Editor
UserMessageFormat
User message format
Type: Integer Example: (e.g. 0, 1, 2) Default: 1 Description: 0: TEXT 1: HTML 2: MIME
UserReFwdSeparatorStyle
User reply/forward separator style
Type: Integer Example: Default: Description: 0: No separator 1: 1px 2: 2px 3: Outlook 2016
UserContactsFieldsLevel
User contacts fields level
Type: Integer Example: (eg, 0, 1, 2) Default: 0 Description: 0: All Fields 1: Minimum Fields (Name Fields, Phone Fields, Photo Field) 2: All fields except Email address
PolicyMaxEmailLookback
Max sync range of the user
Type: Integer Example: Default: -1 Description: -1: Exchange Policy 0: All 1: 1 Day 2: 3 days 3: 1 week 4: 2 weeks 5: 1 month
UserSyncSystemCalendarStorage
User sync system calendar
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Default value for syncing to the system Calendar storage
UserSyncSystemContactsStorage
User sync system contacts
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Default value for syncing to the system Contacts storage
UserDownloadableAttachmentsMaxSize
User download attachment max size
Type: Integer Example: Default: 0 Description: xx: xxMB Limited 0 Unlimited (Default) eg) 10: 10MB Limited 25: 25MB Limited
UserAutoAdvance
User auto advance
Type: Integer Example: Default: 0 Description: 0: Open the previous item 1: Open the next item 2: Return to the current folder
UserReportDiagnosticInfo
User report diagnostic info
Type: Boolean Example: (e.g. True, False) Default: TRUE Description:
UserBiometricUnlock
User biometric unlock
Type: Boolean Example: (e.g. True, False) Default: FALSE Description:
UserNotesTemplate
User notes template
Type: String Example: Default: Description: Ex) "UserNotesTemplate": { "Title": "Memo", "Template": "To: \nFrom: \nDate: \nSubject: \n\n" }
UserSyncWhenRoaming
User sync when roaming
Type: Integer Example: (e.g. 0, 1) Default: 0 Description: 0: Off 1: On
EnforceSyncWhenRoaming
Enforce sync when roaming
Type: Boolean Example: (e.g. True, False) Default: False Description:
UserPreemptivePushScheduling
User preemptive push scheduling
Type: Boolean Example: (e.g. True, False) Default: False Description:
UserShowAsConversation
User show as conversation
Type: Boolean Example: (e.g. True, False) Default: True Description:
EnforceStorageEncryption
Enforce storage encryption
Type: Boolean Example: (e.g. True, False) Default: False Description: TRUE: Encrypt storage FALSE: DO NOT encrypt storage
EnforceExternalBrowsers
Enforce external browsers
Type: String Example: (e.g. com.microsoft.emmx, com.android.chrome) Default: "" Description: The package names of the Browser app which is used as the default Browser.
EnforceDeletionOnSpamForwarding
Enforce deletion on spam forwarding
Type: Boolean Example: (e.g. True, False) Default: False Description: If the 'EnforceDeletionOnSpamForwarding' is set as TRUE, the email will be moved to Trash folder
UserSigningCertificateAlias
User signing certificate alias
Type: String Example: Default: "" Description:
UserEncryptionCertificateAlias
User encryption certificate alias
Type: String Example: Default: "" Description:
UserContactsFileAs
Contacts Fileas
Type: Integer Example: Default: 1 Description: 0 : Not specified 1 : Last, First 2 : Last First 3 : LastFirst 4 : First Last 5 : Last, First (Company) 6 : Last First (Company) 7 : LastFirst (Company) 8 : Company (Last, First) 9 : Company (LastFirst) 10 : Company (Last First)
Branding Configuration
It allows an application to customize the look and feel for a specific organization.
BrandingLogo
Branding logo
Type: String Example: (e.g.. http://myserver/image.png) Default: "" Description: String representing HTTP URL of the image to download and display as the main wallpaper within the application. Each application could implement the visual representation differently.
- Recommend format: PNG (Other formats are applicable)
- Background color: #ff009688
- Recommend resolution: 720x264 (Max 1024x1024)
BrandingSplashLogo
Branding splash logo
Type: String Example: (e.g.. http://myserver/image.png) Default: "" Description: String representing HTTP URL of the image to download and display as the logo image in the splash screen. Images recommended to be in PNG format. Size: 720x264
BrandingName
Branding name
Type: String Example: (e.g. Company Name) Default: "" Description: String representing the company name which could be displayed in the application.
BrandingColor
Branding color
Type: String Example: (e.g. #1F497D) Default: "" Description: RGB(31, 73, 125)
Security (or Custom) Settings
It allows an application to enable or disable certain security features
AllowCalendarSync
Allow calendar sync
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow Calendar sync
AllowContactsSync
Allow contacts sync
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow Calendar sync
AllowTasksSync
Allow tasks sync
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow Tasks sync
AllowNotesSync
Allow notes sync
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow Notes sync
AllowPrint
Allow print
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow print
AllowShareContents
Allow share contents
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to share the contents of Email/Tasks/Notes
AllowShareAttachment
Allow share attachment
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to share the attachments to 3rd party app
AllowSaveAttachment
Allow save attachment
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to save attachments into external storage
AllowGalShare
Allow GAL share
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to deliver the GAL search results to 3rd party app
IgnoreExchangePolicy
Ignore exchange policy
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Disregard Exchange Policy. Instead, MDM controls the policy.
AllowDeleteOwnAccount
Allow delete own account
Type: Boolean Example: (e.g. True, False) Default: True Description:
AllowMultipleAccount
Allow multiple account
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Allow to set up multiple accounts
AllowReFwdFromDA
Allow to forward or reply from a different account
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to forward or reply from a different account than the message originated from.
AllowAutoConfig
Allow auto configuration
Type: Boolean Example: (e.g. True, False) Default: FALSE Description:
AllowSyncSystemCalendarStorage
Allow sync system calendar storage
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow for Nine Calendar data to sync to system calendar storage.
Users can see Nine Calendar data on the stock Calendar app.
AllowSyncSystemContactsStorage
Allow sync system contacts storage
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow for Nine Contacts data to sync to system contacts storage.
Users can see Nine Contacts data on the stock Contacts app.
AllowManualUserConfig
Allow manual user config
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Allow to set up UserName and UserEmail manually.
AllowCamera
Allow Camera
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to use Camera
AllowExportMessage
Allow export message
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Allow to export messages
AllowEWSConnectivity
Allow EWS connectivity
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow EWS connectivity for the features such as Shared Calendar features.
AllowBiometricUnlock
Allow biometric unlock
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow Biometric authentication such as Fingerprint to unlock screen.
AllowCorporateContactsSync
Allow corporate contacts sync
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Allow to use the Corporate Contacts feature
AllowWidgetEmail
Allow Email Widget
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to use the Email widget
AllowWidgetCalendarAgenda
Allow Calendar Agenda Widget
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to use the Agenda widget
AllowWidgetCalendarMonth
Allow Calendar Month Widget
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to use the MonthView widget
AllowWidgetTasks
Allow Tasks Widget
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to use the Tasks widget
AllowWidgetBadge
Allow Badge Widget
Type: Boolean Example: (e.g. True, False) Default: True Description: Allow to use the Badge widget
AllowScreenShot
Allow screen shot
Type: Boolean Example: (e.g. True, False) Default: True Description: If set to False, users can’t save a screenshot of the display and are prevented from capturing a screen recording as well.
AllowSaveSMIMEAttachment
Allow saving S/MIME attachments
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Allow saving attachments of an encrypted message into internal or external storage
AllowShareSMIMEAttachment
Allow sharing S/MIME attachments
Type: Boolean Example: (e.g. True, False) Default: FALSE Description: Allow sharing attachments of an encrypted message into internal or external storage
ActiveSync server synchronization due to app configuration
Nine Work synchronizes all emails, tasks, notes, contacts and calendar items with the ActiveSync server when the device user first launches Nine Work. It also does a full synchronization or delete account if you change the values of the following keys in the app configuration:
• AppDeviceId (Full synchronization)
• AppDeviceIdPrefix (Full synchronization)
• AppDeviceType (Full synchronization)
• AppUserAgentPrefix (Full synchronization)
• AppUserAgent (Full synchronization)
• UserEmail (Delete account)
• AppLoginCertificateAlias (Delete account)
The full synchronization or delete account occurs the next time the device checks in after you have changed the app configuration.
Last updated