ZCS Administrator Guide 8.0
ZCS Administrator Guide 8.0
Network Edition

Zimbra Mobile > Mobile Device Security Policies

Mobile Device Security Policies
The following attributes can be configured from the administration console to establish mobile policies.
In order for mobile devices to sync to Zimbra Collaboration Server, Enable Mobile Sync must be checked. Users have two-way, over the air synchronization of mail, contacts, and calendar data between mobile devices and the Zimbra server.
Check this box to set up mobile security policies that enforce security rules on compliant mobile devices. You can enforce general security policies including password rules and set up local wipe
After the mobile policy is set up, the next time a mobile device sends a request to the server, mobile devices that are capable of enforcing security policies automatically set up the rules you implement and immediately enforces them.
Allow non-provisionable devices
If this is enabled, old devices that do not support device security policy enforcement can still access the server.
Allow partial policy enforcement on device
If a device does not acknowledges all policies that are downloaded, ZCS still allows the device to continue downloading messages.
Specifies the amount of time in minutes before ZCS enforces the policy refresh on the device by sending "449 Retry after Provision" response to Sync request. Default is 24 hours.
Minimum number of characters for the password. Default is 4. The maximum length is 16 characters.
Require alphanumeric password
Minimum complex characters required
Minimum number of complex characters that must be in the password. This is any character that is not a letter. Default is 0 (none)
Simple passwords can be created. A simple device password is a password that has a specific pattern, such as 2468, 1111. Not enabled by default.
Allow device encryption
Require device encryption
If enabled, encryption must be implement on the device to synchronize with the server. Not enabled by default.
Password re-entry required after inactivity (min)
Length of time the device remains inactive before the password must be entered to reactivate the device. Default is 15 minutes
Specifies the number of failed log in attempts to the device before the device automatically initiates a local wipe. The device does not need to contact the server for this to happen. Default is 4
Length of time in days that a password can be used. After this number of days, a new password must be created. Default is 0, the password does not expire.
Passwords stored to prevent reuse
Number of unique passwords that a user must create before an old password can be used. Default is 8.
Enable S/MIME public key encryption and signing
In order to use S/MIME encryption on a mobile device this must be checked. The S/MIME feature must also be enabled in the COS Features page.
Require device to send signed messages
Require S/MIME algorithm for signing
Require device to send encrypted messages
Specifies whether S/MIME messages must be encrypted. Not enabled by default.
Require S/MIME algorithm for encrypting
A required algorithm must be used when signing a message. Not enabled by default.
Algorithm negotiation
How a messaging application on the device can negotiate the encryption algorithm if a recipient's certificate does not support the specified encryption algorithm. Select from Block Negotiation; Strong Algorithm Only, or Allow Any Algorithm. Default is Allow Any Algorithm.
Allow S/MIME software certificates
Maximum range of calendar days that can be synchronized to the device. Default is two weeks.
Maximum number of days of email items to synchronize to the device. Default is 3 days.
Limit plain text message size (KB)
Maximum size at which email messages are truncated when synchronized to the device. Default is to not set a maximum size.
Allow direct push while roaming
Allow HTML formatted messages
Enables HTML email on the device. If this is disabled, all email is converted to plain text before synchronization occurs. Default is to enable HTML formatting.
Limit HTML message size (KB
Maximum size at which HTML-formatted email messages are synchronized to the devices. The value is specified in KB. Default is to not set a maximum size.
Specifies that the mobile device can be used as a modem to connect a computer to the Internet. Default is TRUE.
Specifies that the mobile device can synchronize with a desktop computer through a cable. Default is TRUE.
By default Bluetooth capabilities are allowed on the device. Select from Allow, Disable, Hands-Free Only.
Microsoft® Pocket Internet Explorer is allowed on the mobile device by default. This does not affect third-party browsers.
Users can configure a personal email account on the mobile device. This parameter does not control access to emails using third-party mobile device email programs.
Users can configure a POP3 or IMAP4 email account on the device. This parameter doe not control access by third-party email programs.
Allow text messaging
Allow unsigned applications
Allow unsigned install packages
Approved Applications
Blocked Applications
Copyright © 2012 VMware Inc.