Setting up Mobile Device Security Policies

ZCS Administration Guide Network Edition 6.0.6 March 2010

Zimbra Mobile : Setting up Mobile Device Security Policies

Setting up Mobile Device Security Policies

Setting Mobile Device Policies Attributes

Users’ Mobile Device Self Care Features

The administrator can configure mobile security policies that enforce security rules on compliant mobile devices that sync with ZCS accounts. You can enforce general security policies including password rules and set up local wipe capability on compliant devices.

Note: Only WM6 devices and IPhones support security policies set by the server. Older devices do not respond to security policies.

Setting up a mobile policy can be either by COS or for an individual account and is configured from the administration console.

After the mobile policy is set up, the next time a mobile device sends a request to the server, mobile devices that are capable of enforcing security policies automatically set up the rules and immediately enforces them.

This typically means that if a Personal Identification Number (PIN) has not been set up on the device or the PIN is not as strong as required by the mobile policy you set up, the user is required to fix the PIN before they can sync with the server. Once the server confirms that the policy is enforced on the mobile device, the device can sync.

If a mobile device is lost or stolen the device is protected by the following policy rules:

•

When the Idle Time before device is locked is configured, after the number of minutes configured, the device is locked. To unlock the device, users must enter their PIN.

•

When the Number of consecutive incorrect PIN inputs before device is wiped is configured, after the PIN is entered incorrectly more than the specified number of times, a locally (generated by the device) initiated wipe of the device is performed. This erases all data on the device.

In addition to the rules, Remote Wipe can be used to erase all data on lost or stolen devices. See the Users’ Mobile Device Self Care Features section.

Setting Mobile Device Policies Attributes

The following attributes can be configured to establish rules for PIN and device lockout and local wipe initiation rules.

.

Allow non-provisionable devices

Allow partial policy enforcement on device

Devices that are capable of enforcing only parts of the mobile security policy can still be used. For example, the policy requires an alphanumeric PIN, but a device that only supports numbered PIN could still be used.

Force PIN on device

Force the user to create a personal identification number on the mobile device.

Require alpha-numeric password for device

Require that the password include both numeric and alpha characters.

Password Strength Policy Settings

Minimum length of device PIN

This specifies the minimum length of a password.

Number of consecutive incorrect PIN input before device is wiped

The number of failed login attempts to the device before the device automatically initiates a local wipe. The device does not need to contact the server for this to happen.

Idle time before device is locked (Minutes)

How long the device remains active when not in use before the device is locked. To unlock the device, users must enter their PIN.

Users’ Mobile Device Self Care Features

The Zimbra Web Client Preference> Mobile Devices folder lists users mobile devices that have synced with ZWC. Users can directly manage the following device functions from here:

•

Perform a remote wipe of a device. If a mobile device is lost, stolen, or no longer being used, users can initiate a remote wipe from their ZWC account to erase all data from the mobile device. A user selects the device to wipe and clicks Wipe Device. The next time the device requests to synchronize to the server, the wipe command is initiated. The device is returned to its original factory settings. Once the wipe is complete, the status of the device in the Preference> Mobile Devices folder shows as wipe completed.

Users can cancel a device wipe any time before the device connects with the server.

•

Suspend a sync that has been initiated from the mobile device and resume the sync to the device

•

Delete a device that from the list. If a device is deleted from the list and attempts to sync after that, the server forces the device to re-fetch the policy on the next sync of the device.

Note: This list can include devices that do not have the ability to support the mobile policy rules. Wiping a device does not work.

Allow non-provisionable devices
Allow partial policy enforcement on device	Devices that are capable of enforcing only parts of the mobile security policy can still be used. For example, the policy requires an alphanumeric PIN, but a device that only supports numbered PIN could still be used.
Force PIN on device	Force the user to create a personal identification number on the mobile device.
Require alpha-numeric password for device	Require that the password include both numeric and alpha characters.
Password Strength Policy Settings
Minimum length of device PIN	This specifies the minimum length of a password.
Number of consecutive incorrect PIN input before device is wiped	The number of failed login attempts to the device before the device automatically initiates a local wipe. The device does not need to contact the server for this to happen.
Idle time before device is locked (Minutes)	How long the device remains active when not in use before the device is locked. To unlock the device, users must enter their PIN.

Zimbra Mobile : Setting up Mobile Device Security Policies

ZCS Administration Guide Network Edition 6.0.6 March 2010