The Security Challenges of Mobile Email

While mobile email access improves productivity, it creates significant security challenges for the enterprise:

• Cross-Platform Fragmentation: Standardizing email security configurations across diverse devices, operating systems, and native clients.
• Inter-App Data Leakage: Preventing corporate assets and attachments from being read, parsed, or exfiltrated by consumer-grade personal applications.
• Unmanaged Perimeter Threats: Blocking lost, stolen, or un-enrolled endpoints from accessing active corporate communication directories.
• Unsecured Transport Frameworks: Restricting access over unencrypted public Wi-Fi networks prone to credential sniffing and data interception.
• Malicious Forwarding: Countering insider threats or accidental disclosures caused by transferring corporate assets to personal storage accounts.

42Gears MEM — Key Features

42Gears UEM deeply integrates with corporate email servers (such as Microsoft Exchange and Microsoft 365) to control access. Using PowerShell integration, 42Gears UEM acts as a programmatic administrator within the Exchange infrastructure, automatically issuing allow or deny rules to Exchange ActiveSync (EAS) based on the device's live compliance status.

MEM Deployment Workflow (PowerShell Integration)

Infrastructure Topologies Supported

A. On-Premise Topology

B. Cloud-Based Topology

C. Hybrid Architecture Topology

Supported OS Feature Matrix

1. Configuring Cloud-Based Microsoft 365 Deployment

Microsoft 365 integrations communicate directly with the cloud service and do not require installing an on-premise connector proxy. Follow these steps to configure your deployment:

1. Log into the 42Gears UEM Console and navigate to Account Settings.
2. Click on Mobile Email Management.
3. Check the box to Enable Exchange ActiveSync.
4. Select Microsoft 365 as your primary platform type.
5. Input your designated PowerShell Gateway URL alongside the PowerShell Admin Username and Password credentials.
6. Click Done to finalize and bind the cloud service connection layer.

2. Configuring On-Premise and Hybrid Topologies

Deploying an on-premise Exchange server infrastructure requires installing the **42Gears UEM Connector** inside your internal network. This proxy broker facilitates secure communication between the external UEM console and your local Exchange server environment.

Console-Side Setup Steps:

1. Inside Account Settings, click Mobile Email Management.
2. Enable Exchange ActiveSync and select the standard Exchange ActiveSync platform option.
3. Enter your configured local PowerShell Gateway URL and click Done to save.

Local UEM Connector Installation Parameters:

Launch the installation wizard inside your local secure perimeter and supply the following directory properties to establish a verified data link:

• MDM URL: Point directly to your active console path instance without appending protocol descriptors (e.g., yourcompany.suremdm.io).
• Customer ID: Your unique account account ID visible inside the console platform interface.
• PowerShell URL: The local internal directory mapping pointing to your Exchange endpoint (e.g., https://<FQDN>/Powershell).
• Credentials: Input the dedicated service account username and password holding sufficient administrative rights over Exchange ActiveSync policies.

To streamline cross-platform deployments, use target profiles with dynamic wildcards $emailaddress$ or %emailaddress%. These parameters automatically resolve to the enrolled user's unique identity traits during deployment.

A. Android Enterprise Ecosystem Deployment

Navigate to Profiles > Android > Add > Mail Configuration > Using Gmail App. Define the remote Exchange host destination and apply dynamic wildcards to automate individual user mailbox configurations.

Once deployed, the pre-configured corporate Gmail app runs securely isolated within the Android Work Profile.

B. iOS Ecosystem Profile Configuration

Navigate to Profiles > iOS > Add > Exchange ActiveSync > Configure. Map the properties using structural parameters to lock downstream setups to the native iOS Mail system client application.

Upon receiving the configuration, the device prompts the user for their account password to establish secure cryptographic syncing.

C. Windows Ecosystem Configuration

Navigate to Profiles > Windows > Add > Exchange ActiveSync > Configure. This profile syncs enterprise mail folders, active calendar schedules, corporate contact cards, and reminders to your Windows endpoints.

42Gears UEM includes advanced platform-level Data Loss Prevention (DLP) frameworks designed to block unauthorized cross-app communications, prevent data leaks, and secure business assets across key operating systems:

Android Security Profiles

• Account Separation: Prevents corporate messages from being moved or forwarded to unmanaged personal profiles.
• Attachment Restrictions: Limits corporate email attachments to opening within verified, sandboxed work container viewer apps.
• Screen Capture Disabling: Disables platform-level screen cap functionality inside secure mail clients. (Profiles -> Android -> System Settings)
• Clipboard Isolation: Blocks cross-profile copy-and-paste actions from enterprise workspaces to personal apps.

iOS Security Profiles

• Media Recording Block: Disables built-in screenshots and display-capture streams on managed company endpoints.
• Sandbox Destination Routing: Isolates managed source documents to prevent them from opening inside unmanaged consumer destinations.
• AirDrop Leak Prevention: Labels AirDrop transfers as unmanaged destinations, blocking users from wireless-beaming corporate data to non-company devices.

Windows Security Profiles

• Display Stream Interception: Blocks standard screen capture APIs within managed application frameworks.
• Clipboard Enforcement Rules: Restricts system clipboards to prevent copy-and-paste leaks into personal web apps.