ZCS Administrator's Guide 8.0.4
ZCS Administrator's Guide 8.0.4
Network Edition

Zimbra Mobile > Managing Mobile Devices

Managing Mobile Devices
After the mobile policy is set up, the next time a mobile device sends a request to the server, mobile devices that are capable of enforcing security policies automatically set up the rules and immediately enforces them.
For example, if a password has not been set up on the device or the password is not as strong as required by the mobile policy, the user must fix the password before syncing with the server. Once the server confirms that the policy is enforced on the mobile device, the device can sync.
If a mobile device is lost or stolen, the device is protected by the following policy rules:
When the Password re-entry required after inactivity (min) is configured, after the number of minutes configured, the device is locked. To unlock the device, users must re enter their password.
When the Failure attempts allowed is configured, after the password is entered incorrectly more than the specified number of times, a locally (generated by the device) initiated wipe of the device is performed. This erases all data on the device.
In addition to the rules set up from the administration console to perform a local device wipe, users can initiate a remote wipe from their ZWC account to erase all data on lost, stolen, or retired devices.
Supporting Auto Discover
ZCS supports the auto discover server so that users can provision mobile devices for their Zimbra accounts without having to knowing the system settings. Auto discover returns the required system settings after users enter their email address and password.
Auto discover is enabled by default. For auto discover to work, you must configure a valid SSL certificate from a certification authority.
The recommended type of certificate to use is a Unified Communications Certificate or UCC. This certificate lets you add multiple host names in the Subject Alternative Name field. For auto discover to work, the Subject Alternative Name field must include the URLs users are connecting.
You must have a valid domain name (DNS SRV record) for Autodiscover.<domain>.com. so that the client devices can locate and connect to the autodiscover service.
Use the Install Certificates wizard on the administration console to generate the certificate signing request and to install the signed certificate when received. Unified Communications certificates can be issued by many certification authority.
When you complete the request you must have a valid domain name (DNS SRV record) for Autodiscover.<domain>.com. Configure the Subject Alternative Name (SAN) field with the valid domain names that you use. The alternative name should include the domain Autodiscover.<company>.com. Include all the domain names required for your environment in the Subject Alternative Name field.
Set Up Mobile Synchronization for User Accounts
Mobile sync is enabled either in the COS profiles for the account or on individual accounts. In most cases, no additional plug-ins are required.
Users might need to configure the following on their in the mobile device to sync to their Zimbra account if they don’t have auto discover.
Server name (address). Enter the fully qualified host name of the user’s ZCS mailbox server.
User name. Enter the user’s primary ZCS account name.
Domain. Enter the user’s ZCS domain name (DNS).
SSL certificate from the server might have to be added to the device as trusted if SSL is used when the certification is self-signed.
Users can sync their ZCS account to their mobile device. They can send email, create appointments, and add contacts to their address book.
For details about specific device setup, see the Mobile Device Setup pages on the Zimbra Wiki.
Change Mobile Device Password Policy
If a mobile device is locked by the ZCS mobile password policy, the PIN requirement must be removed to resync the device.
On the Mobile Access page, uncheck Force pin on device.
After the password policy has been disabled, the user must resync the device:
If the iPhone/iPod Touch is prior to 3.0, there is an Apple software bug that prevents downloading new device policies to take effect. The user must delete the ZCS account from the iPhone/iPod Touch, turn the PIN off, and then re-setup sync with the ZCS. Because the password requirement was turned off, a PIN is not asked for.
Copyright © 2013 VMware Inc.