Secure Mail 10.6

  • Upgrade to Exchange ActiveSync (EAS) version 16. Secure Mail supports both EAS version 16.1 and version 16.0 on iOS and Android. However, an upgrade to the respective EAS version depends on the EAS protocol supported by Exchange Server 2016 in your environment. During the upgrade, Secure Mail resynchronizes all your local data and preserves any draft or unsent emails that you may have.
  • Personal Calendar overlay enhancements. Secure Mail now notifies users when they make a calendar event that conflicts with events in their native calendar. Secure Mail also notifies users when scheduling a meeting during time labeled as Free Busy. Additional fields appear for personal events as well. Users can see whom an event is from and can show the invitee count.

Secure Hub 10.6

Citrix VPN connection type for Android devices

The VPN device policy for Android now supports configuring Citrix VPN. Citrix VPN is a mobile application that connects to NetScaler Gateway in full VPN mode, as opposed to a clientless VPN or ICA proxy mode.

On the Configure > Device Policies page for Android, the Connection type menu now includes Citrix VPN.

Citrix VPN settings:

  • Server name or IP address: Type the FQDN or IP address of the NetScaler Gateway.
  • User name and Password: Type your VPN credentials for the Authentication types of Password or Password and Certificate. Optional. If you don’t provide the VPN credentials, the Citrix VPN app prompts for a user name and password.
  • Identity credential: Appears for the Authentication types of Certificate or Password and Certificate.
  • Enable per-app VPN: Select whether to enable per-app VPN. If you don’t enable per-app VPN, all traffic goes through the Citrix VPN tunnel. If you enable per-app VPN, specify the following settings. The default is OFF.
    • Whitelist or Blacklist: Choose a setting. If Whitelist, all apps in the whitelist tunnel through this VPN. If Blacklist, all apps except those on the blacklist tunnel through this VPN.
    • Application List: Specify the whitelisted or blacklisted apps. Click Add and then type a comma-separated list of app package names.
  • Custom XML: Click Add and then type custom parameters. XenMobile supports these parameters for Citrix VPN:
    • disableL3Mode: Optional. To enable this parameter, type Yes for the Value. If enabled, no user-added VPN connections are displayed and the user cannot add a new connection. This is a global restriction and applies to all VPN profiles.
    • userAgent: A string value. You can specify a custom User Agent string to send in each HTTP request. The specified user agent string is appended to the existing Citrix VPN user agent.

For general information about configuring the VPN device policy, see VPN device policy.

Derived credentials for iOS device enrollment

Derived credentials provide strong authentication for mobile devices. The credentials, derived from a smart card, reside in a mobile device instead of the card. The smart card is either a Personal Identity Verification (PIV) card or Common Access Card (CAC).

The derived credentials are an enrollment certificate that contains the user identifier, such as UPN. XenMobile stores the credentials obtained from the credential provider in a secure vault on the device.

XenMobile can use derived credentials for iOS device enrollment. If configured for derived credentials, XenMobile doesn’t support enrollment invitations or other enrollment modes for iOS devices. However, you can use the same XenMobile server to enroll Android devices through enrollment invitations and other enrollment modes.

Device enrollment steps when using derived credentials

Enrollment requires that the user insert their smart card to a reader attached to their desktop.

1. The user installs Secure Hub and the app from your derived credential provider.

In this example, the identity provider app is the Intercede MyID Identity Agent.

2. The user starts Secure Hub. When prompted, the user types the XenMobile server fully qualified domain name and then clicks Next. Enrollment in Secure Hub starts. If the XenMobile server supports derived credentials, Secure Hub prompts the user to create a Citrix PIN.

3. The user follows the instructions to activate their smart credential. A splash screen appears, followed by a prompt to scan a QR code.

4. The user inserts their card into the smart card reader that’s attached to their desktop. The desktop app then displays a QR code and prompts the user to scan the code using their mobile device.

The user enters their Secure Hub PIN when prompted.

After authenticating the PIN, Secure Hub downloads the certificates. The user then follows the prompts to complete enrollment.

To view device information in the XenMobile console:

  • Go to Manage > Devices and then select a device to display a command box. Click Show more.
  • Go to Analyze > Dashboard.