# How to configure App Configuration Policies ## **Introduction** Nine is able to be configured using MDM solutions such as MobileIron, AirWatch and so on. The App Configuration initiative defines a standard way for enterprise application developers to interpret app configurations and security policies from EMM (Enterprise Mobility Management) systems, and for EMM systems to configure and secure mobile applications. This document describes the steps to be taken by the administrator so that when the user enlists a device with MDM solutions, the Nine installed on the device is automatically configured and secured. Nine supports the following types of configurations. * App service configuration: Host, Port, UseSSL, DeviceIdPrefix, DeviceType * User configuration: Username, Email, Domain, DisplayName, Signature, LicenseNumber * Branding configuration: Company name, Colors, Logo * Security (or Custom) Settings: Sync settings, Print, Share contents ## **Nine Configuration Settings Values** ### **App Service Configuration** It allows the application to connect to the appropriate app web services for an organization.
KeyTitleReq.Type/Example/Default/Desc.
AppServicePublisherPublisherYesType: String
Example: (e.g. MobileIron)
Default:
Description: MDM service provider
AppServiceHostHostYesType: String
Example: (e.g. appserver.com)
Default:
Description: Hostname used to communicate with the application’s primary server (e.g. myserver.com). Application should implement its own default value.
AppServiceHostsHostsNoType: String
Example: (e.g. appserver.com;example.com)
Default:
Description: If multiple hosts can be configured in the application, they will be sent as a string array. The first host in the list will be used as the default.
AppServiceSecondaryHostSecondary HostNoType: String
Example: (e.g. appserver.com)
Default:
Description: Server address for the subordinate accounts
AppServiceSecondaryHostsSecondary HostsNoType: String
Example: (e.g. appserver.com;example.com)
Default:
Description: Server addresses for the subordinate accounts.
AppSecondaryEmailDomainsApp secondary email domainsNoType: String
Example: (e.g. appserver.com;example.com)
Default:
Description: Email domains for the subordinate accounts.
AppServicePortPortNoType: Integer
Example: (e.g. 443)
Default: 443
Description: Port number used to communicate with the application’s primary server (e.g. 443). Application should implement its own default value.
AppServiceUseSSLIs Ssl RequiredNoType: Boolean
Example: (e.g. True, False)
Default: True
Description: Determines if the application should use SSL when communicating to the applications’ server. Application should implement a default value.
AppServiceSSLTrustAllTrust All CertificatesNoType: Boolean
Example: (e.g. True, False)
Default: True
Description: Accept all SSL certificates
AppDeviceIdPrefixDevicePrefix IdentifierNoType: String
Example: (e.g. MSFT, YHOO)
Default: Nine
Description: Prefix for distinguishing DeviceID, (4 alphabetic letters)
AppUserAgentUser AgentNoType: String
Example: (e.g. Nine, MDM)
Default:
Description: App name which is used in User Agent
AppUserAgentPrefixUser Agent PrefixNoType: String
Example:
Default:
Description: Full text which is used in User Agent
AppDeviceIdDevice IdNo

Type: String
Example: (e.g. {EasDeviceIdentifier})
Default:
Description:
Device ID that the ActiveSync server uses for the device.

AirWatch SEG (Secure Email Gateway): {EasDeviceIdentifier}

MobileIron Sentry: $DEVICE_SN$

MobileIron Cloud: ${deviceEasIdentifier}

AppDeviceTypeDevice TypeNoType: String
Example: (e.g. Android)
Default: Android
Description: Device Type
AppUseLoginCertificateUse Login CertificateNoType: Boolean
Example: (e.g. True, False)
Default: False
Description: Client CA
AppLoginCertificateAliasLogin Certificate aliasNoType: String
Example:
Default:
Description: Certificate alias
AppReqParamPlaintextRequest param plain textNo

Type: Boolean
Example: (e.g. True, False)
Default: False
Description:
"The query value format in the URI contains all of the ActiveSync URI parameters.

e.g.)

Base64:

POST /Microsoft-Server-ActiveSync?jAAJBAp2MTQwRGV2aWNlAApTbWFydFBob25l HTTP/1.1

Plain text:

POST /Microsoft-Server- ActiveSync?Cmd=Sync&User=rmjones&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1"

AppUseModernAuthenticationApp use modern authenticationNoType: Boolean
Example: (e.g. True, False)
Default: False
Description: Modern Authentication (ADAL)
AppPasswordEnablePassword requiredNo

Type: Integer
Example: (e.g, -1, 0, 1)
Default: -1
Description:
App password Enable

-1 : Use Exchange Policy

0 : Disabled

1 : Enabled

AppPasswordComplexityPassword complexityNoType: Integer
Example: (e.g. 0, 1)
Default: 0
Description:
App password complexity (0 : Simple, 1: Alphanumeric)
AppPasswordMinLengthMinimum password lengthNoType: Integer
Example: (e.g. 4)
Default: 0
Description: App Password Minimum length
AppPasswordExpirationDaysPassword expiration daysNoType: Integer
Example: (e.g. 90)
Default: 0
Description: App Password expiration date
AppPasswordHistoryPassword historyNoType: Integer
Example: (e.g. 9)
Default: 0
Description: App Password History counts
AppPasswordMaxFailedMaximum failed password attemptsNoType: Integer
Example: (e.g. 10)
Default: 0
Description: App Password Maximum failure counts
AppPasswordLockTimePassword lock timeNoType: Integer
Example: (e.g. 60)
Default: 0
Description: App Password Maximum Lock Time (Min.)
AppUseAuthenticationBrokerApp use authentication brokerNoType: Boolean
Example: (e.g. True, False)
Default: False
Description: Broker (Company Portal or Microsoft Authenticator)
AppUserAgentDetailsUser agent detailsNoType: String
Example:
Ex) $OS $VERSION
$APP_VERSION
$APP_VERSION_CODE
Default:
Description:
Extra information for UserAgent
Eg> $OS $VERSION $APP_VERSION $APP_VERSION_CODE (Case sensitive)
- SNINE4W-hero2ltexx/NRD90M (Android 7.0.1 4.0.3b 2402300)
AppLauncherShortcutsApp launcher shortcutNoType: String
Example:
[
"Mail",
"Calendar",
"Contacts",
"Tasks",
"Notes"
]
Default:
Description:
eg)
Add Calendar and Tasks shortcuts as default.
[
"Calendar",
"Tasks"
]
AppSecureMailLoadRemoteImagesApp secure mail load remote imagesNoType: Integer
Example: (e.g. -1, 0, 1, 2)
Default: -1
Description:
-1: User can select the option
0: Do not load
1: Ask before displaying remote images
2: Always display remote images
AppModernAuthenticationEnforcedServersApp modern authentication enforced serverNoType: String
Example: (e.g. outlook.office365.com, m.outlook.com)
Default:
Description: The server addresses which enforce to use Modern Authentication.
AppStringsApp stringsNoType: String
Example:
{
"compliance_changed_ticker_fmt": "Account $account_name changed its compliance settings; no user action is required.", "compliance_notification_content_change_title": "Compliance have changed"
}
Default: ""
Description: DO NOT remove $account_name in the string
AppDisableURLRedirectionApp disable URL redirectionNoType: Boolean
Example: (e.g. True, False)
Default: False
Description:
AppLDAPConfigurationsApp LDAP ConfigurationsNoType: String (JSON)
Example:
e.g.
[
{
"Description": "Default",
"ServerAddress": "ldap.example.com",
"ServerPort": "389",
"TransportSecurity": 1,
"SearchBase": "dc=mkt,dc=mainstore,dc=com",
"BindDN": "",
"BindPassword": ""
}
]
Default:
Description:
Description : Title of the configuration (mandatory, unique)
ServerAddress : LDAP server address or IP address (mandatory)
ServerPort : LDAP server port (mandatory)
TransportSecurity : 0: None, 1: SSL, 2: StartTLS
SearchBase : LDAP Naming base DN (mandatory)
BindDN : Leave empty for anonymous
BindPassword : Leave empty for anonymous
AppSelectiveAuthenticationApp selective authenticationNoType: Boolean
Example: (e.g. True, False)
Default: False
Description:
AppPreemptivePushSchedulingApp preemptive push schedulingNoType: Integer
Example: (e.g. -1, 0, 1)
Default: -1
Description:
-1: User can select the option
0: Admin disables the option forcibly. User can't change the option.
1: Admin enables the option forcibly. User can't change the option.
AppEWSURLApp ews urlNoType: String
Example: https://outlook.office365.com:443/EWS/Exchange.asmx
Default:
Description:
AppCorporateContactsRefreshIntervalApp corporate contacts refresh intervalNoType: Integer
Example: e.g. 30
Default:
Description:
Days
30: every 30 days
AppCorporateContactsSyncFieldsApp corporate contacts sync fieldsNoType: String (CSV)
Example: e.g. "givenName, cn, homePhone, sn, mobile, o, mail, telephoneNumber, title, departement"
Default:
Description:
AppCorporateContactsCallerDisplayApp corporate contacts caller displayNoType: String (CSV)
Example: e.g. "cn, title, OU"
Default:
Description:
AppCorporateContactsLDAPConfigurationsApp corporate contacts LDAP configurationsNo

Type: String (JSON)
Example:
e.g.

[

{

"Description": "Default",

"ServerAddress": "ldap.example.com",

"ServerPort": "389",

"TransportSecurity": 1,

"SearchBase": "dc=mkt,dc=mainstore,dc=com",

"BindDN": "",

"BindPassword": ""

}

]
Default:
Description:
Description : Title of the configuration (mandatory, unique) ServerAddress : LDAP server address or IP address (mandatory) ServerPort : LDAP server port (mandatory) TransportSecurity : 0: None, 1: SSL, 2: StartTLS SearchBase : LDAP Naming base DN (mandatory) BindDN : Leave empty for anonymous BindPassword : Leave empty for anonymous

AppUseLoginCertificateWithoutUserPasswordApp use login certificate without user passwordNoType: Boolean
Example: (e.g. True, False)
Default: False
Description:
AppSpamForwardingEmailApp spam forwarding emailNoType: String
Example: (e.g. security@example.com)
Default:
Description: If the 'AppSpamForwardingEmail' AppConfig is set, the 'Report Spam/Phish' menu is shown in the email details view.
AppRecurrenceEventEditApp recurrence event editNo

Type: Integer
Example: (e.g. 0, 1)
Default: 0
Description:

0: 3 options

  • Only this event
  • All events in the series
  • This and all future events

1: 2 options

  • Only this event
  • All events in the series
AppCryptographyLibraryApp cryptography libraryNoType: Integer
Example: (e.g. 0, 1)
Default: 0
Description:
0: Open SSL
1: Bouncy Castle
AppEditableLoginIdApp editable loginIdNoType: Boolean
Example: (e.g. True, False)
Default: False
Description: If the value is true, you can edit the login Id field.
### **User Configuration** It allows the application to detect the user of the application, however does not uthenticate the user.
KeyTitleReq.Type/Example/Default/Desc.
UserNameUser nameYType: String
Example: (e.g. wtillman)
Default:
Description: Username of the user who is using the device. Value to be used by application to authenticate user.
UserEmailEmail AddressYType: String
Example: (e.g. will@company.com)
Default:
Description: Email address of the user who is using the application
UserPasswordPasswordNType: String
Example: (e.g. ****)
Default:
Description: Password for the user who is using the application
UserDomainDomainN

Type: String
Example: (e.g. NADOMAIN)
Default:
Description:
Domain of the user who is using the application

Multiple domains are able to be set with semicolon.

(eg. NADOMAIN1;NADOMAIN2)

UserDisplayNameDisplay nameNType: String
Example: (e.g. James)
Default:
Description: User name which is displayed in Nine app
UserSignatureDefault SignatureNType: String
Example: (e.g. ABC Company, James, CIO, +4081234567)
Default:
Description: Email signature. If empty, use "Sent from Nine"
UserLicenseNumberUser License numberNType: String
Example: (e.g. 123456781234)
Default:
Description: License key which is purchased in 9Folders web site
UserEmailSyncRangeEmail Sync RangeNType: Integer
Example:
Default:
Description:
0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month
UserEmailDownloadSizeEmail Download SizeNType: Integer
Example:
Default:
Description:
0: All
1: 10KB
2: 20KB
3: 50KB
4: 100KB
UserDefaultCalendarUser default calendarNType: String
Example: (e.g. com.google.android.calendar)
Default:
Description: Package name of the Calendar app which is used as the default Calendar. If it is empty, Nine Calendar is used as default.
UserFontFamilyUser font familyNType: String
Example: (e.g. Calibri, Arial, Helvetica, sans-serif)
Default:
Description: Default font family for outgoing email.
UserFontSizeUser font sizeNType: String
Example: (e.g. 11.5)
Default:
Description: Default font size for outgoing email.
UserFontColorUser font colorNType: String
Example: (e.g. #000000)
Default:
Description: Default font color for outgoing new email.
UserReplyFontColorUser reply font colorNType: String
Example: (e.g. #1F497D)
Default:
Description: Default font color for reply email.
UserInAppCalendarNotificationUser calendar notificationNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Calendar notification settings
UserDefaultEditorUser default editorN

Type: Integer
Example: (e.g. 0, 1)
Default: 0
Description:
0: Rich Text Editor

1: Text Editor

UserMessageFormatUser message formatNType: Integer
Example: (e.g. 0, 1, 2)
Default: 1
Description:
0: TEXT
1: HTML
2: MIME
UserReFwdSeparatorStyleUser reply/forward separator styleNType: Integer
Example:
Default:
Description:
0: No separator
1: 1px
2: 2px
3: Outlook 2016
UserContactsFieldsLevelUser contacts fields levelNType: Integer
Example: (eg, 0, 1, 2)
Default: 0
Description:
0: All Fields
1: Minimum Fields (Name Fields, Phone Fields, Photo Field)
2: All fields except Email address
PolicyMaxEmailLookbackMax sync range of the userNType: Integer
Example:
Default: -1
Description:
-1: Exchange Policy
0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month
UserSyncSystemCalendarStorageUser sync system calendarNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Default value for syncing to the system Calendar storage
UserSyncSystemContactsStorageUser sync system contactsNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Default value for syncing to the system Contacts storage
UserDownloadableAttachmentsMaxSizeUser download attachment max sizeNType: Integer
Example:
Default: 0
Description:
xx: xxMB Limited
0 Unlimited (Default)
eg)
10: 10MB Limited
25: 25MB Limited
UserAutoAdvanceUser auto advanceNType: Integer
Example:
Default: 0
Description:
0: Open the previous item
1: Open the next item
2: Return to the current folder
UserReportDiagnosticInfoUser report diagnostic infoNType: Boolean
Example: (e.g. True, False)
Default: TRUE
Description:
UserBiometricUnlockUser biometric unlockNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description:
UserNotesTemplateUser notes templateNType: String
Example:
Default:
Description:
Ex) "UserNotesTemplate": {
"Title": "Memo",
"Template": "To: \nFrom: \nDate: \nSubject: \n\n"
}
UserSyncWhenRoamingUser sync when roamingNType: Integer
Example: (e.g. 0, 1)
Default: 0
Description:
0: Off
1: On
EnforceSyncWhenRoamingEnforce sync when roamingNType: Boolean
Example: (e.g. True, False)
Default: False
Description:
UserPreemptivePushSchedulingUser preemptive push schedulingNType: Boolean
Example: (e.g. True, False)
Default: False
Description:
UserShowAsConversationUser show as conversationNType: Boolean
Example: (e.g. True, False)
Default: True
Description:
EnforceStorageEncryptionEnforce storage encryptionNType: Boolean
Example: (e.g. True, False)
Default: False
Description:
TRUE: Encrypt storage
FALSE: DO NOT encrypt storage
EnforceExternalBrowsersEnforce external browsersNType: String
Example: (e.g. com.microsoft.emmx, com.android.chrome)
Default: ""
Description: The package names of the Browser app which is used as the default Browser.
EnforceDeletionOnSpamForwardingEnforce deletion on spam forwardingNType: Boolean
Example: (e.g. True, False)
Default: False
Description: If the 'EnforceDeletionOnSpamForwarding' is set as TRUE, the email will be moved to Trash folder
UserSigningCertificateAliasUser signing certificate aliasNType: String
Example:
Default: ""
Description:
UserEncryptionCertificateAliasUser encryption certificate aliasNType: String
Example:
Default: ""
Description:
UserContactsFileAsContacts FileasNType: Integer
Example:
Default: 1
Description:
0 : Not specified
1 : Last, First
2 : Last First
3 : LastFirst
4 : First Last
5 : Last, First (Company)
6 : Last First (Company)
7 : LastFirst (Company)
8 : Company (Last, First)
9 : Company (LastFirst)
10 : Company (Last First)
### **Branding Configuration** It allows an application to customize the look and feel for a specific organization.
KeyTitleReq.Type/Example/Default/Desc.
BrandingLogoBranding logoN

Type: String
Example: (e.g.. http://myserver/image.png)
Default: ""
Description:
String representing HTTP URL of the image to download and display as the main wallpaper within the application. Each application could implement the visual representation differently.

- Recommend format: PNG (Other formats are applicable)

- Background color: #ff009688

- Recommend resolution: 720x264 (Max 1024x1024)

BrandingSplashLogoBranding splash logoNType: String
Example: (e.g.. http://myserver/image.png)
Default: ""
Description: String representing HTTP URL of the image to download and display as the logo image in the splash screen. Images recommended to be in PNG format.
Size: 720x264
BrandingNameBranding nameNType: String
Example: (e.g. Company Name)
Default: ""
Description: String representing the company name which could be displayed in the application.
BrandingColorBranding colorNType: String
Example: (e.g. #1F497D)
Default: ""
Description: RGB(31, 73, 125)
### **Security (or Custom) Settings** It allows an application to enable or disable certain security features
KeyTitleReq.Type/Example/Default/Desc.
AllowCalendarSyncAllow calendar syncNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow Calendar sync
AllowContactsSyncAllow contacts syncNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow Calendar sync
AllowTasksSyncAllow tasks syncNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow Tasks sync
AllowNotesSyncAllow notes syncNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow Notes sync
AllowPrintAllow printNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow print
AllowShareContentsAllow share contentsNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to share the contents of Email/Tasks/Notes
AllowShareAttachmentAllow share attachmentNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to share the attachments to 3rd party app
AllowSaveAttachmentAllow save attachmentNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to save attachments into external storage
AllowGalShareAllow GAL shareNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to deliver the GAL search results to 3rd party app
IgnoreExchangePolicyIgnore exchange policyNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Disregard Exchange Policy. Instead, MDM controls the policy.
AllowDeleteOwnAccountAllow delete own accountNType: Boolean
Example: (e.g. True, False)
Default: True
Description:
AllowMultipleAccountAllow multiple accountNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Allow to set up multiple accounts
AllowReFwdFromDAAllow to forward or reply from a different accountNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to forward or reply from a different account than the message originated from.
AllowAutoConfigAllow auto configurationNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description:
AllowSyncSystemCalendarStorageAllow sync system calendar storageN

Type: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow for Nine Calendar data to sync to system calendar storage.

Users can see Nine Calendar data on the stock Calendar app.

AllowSyncSystemContactsStorageAllow sync system contacts storageN

Type: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow for Nine Contacts data to sync to system contacts storage.

Users can see Nine Contacts data on the stock Contacts app.

AllowManualUserConfigAllow manual user configNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Allow to set up UserName and UserEmail manually.
AllowCameraAllow CameraNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to use Camera
AllowExportMessageAllow export messageNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Allow to export messages
AllowEWSConnectivityAllow EWS connectivityNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow EWS connectivity for the features such as Shared Calendar features.
AllowBiometricUnlockAllow biometric unlockNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow Biometric authentication such as Fingerprint to unlock screen.
AllowCorporateContactsSyncAllow corporate contacts syncNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Allow to use the Corporate Contacts feature
AllowWidgetEmailAllow Email WidgetNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to use the Email widget
AllowWidgetCalendarAgendaAllow Calendar Agenda WidgetNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to use the Agenda widget
AllowWidgetCalendarMonthAllow Calendar Month WidgetNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to use the MonthView widget
AllowWidgetTasksAllow Tasks WidgetNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to use the Tasks widget
AllowWidgetBadgeAllow Badge WidgetNType: Boolean
Example: (e.g. True, False)
Default: True
Description: Allow to use the Badge widget
AllowScreenShotAllow screen shotNType: Boolean
Example: (e.g. True, False)
Default: True
Description: If set to False, users can’t save a screenshot of the display and are prevented from capturing a screen recording as well.
AllowSaveSMIMEAttachmentAllow saving S/MIME attachmentsNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Allow saving attachments of an encrypted message into internal or external storage
AllowShareSMIMEAttachmentAllow sharing S/MIME attachmentsNType: Boolean
Example: (e.g. True, False)
Default: FALSE
Description: Allow sharing attachments of an encrypted message into internal or external storage
**ActiveSync server synchronization due to app configuration** Nine Work synchronizes all emails, tasks, notes, contacts and calendar items with the ActiveSync server when the device user first launches Nine Work. It also does a full synchronization or delete account if you change the values of the following keys in the app configuration: • AppDeviceId (Full synchronization) • AppDeviceIdPrefix (Full synchronization) • AppDeviceType (Full synchronization) • AppUserAgentPrefix (Full synchronization) • AppUserAgent (Full synchronization) • UserEmail (Delete account) • AppLoginCertificateAlias (Delete account) The full synchronization or delete account occurs the next time the device checks in after you have changed the app configuration.