Mimecast Mobile: Deploying via Enterprise Mobility Management (EMM) Solutions

Document created by user.3AEuBDGmbb Employee on Mar 28, 2018Last modified by user.oxriBaJeN4 on Aug 9, 2019
Version 15Show Document
  • View in full screen mode

You can deploy Mimecast Mobile via leading Enterprise Mobility Management (EMM) solutions that support the AppConfig standards. This provides the following benefits:

  • Administrators can apply security policies that are supported by the AppConfig standards.
  • Administrators can manage access to Mimecast Mobile on managed devices, including remote data wipe and removal.
  • The application can be deployed directly to managed devices via EMM infrastructure.  
  • A separate set of Application Settings control end user access to the application, allowing administrators to prevent access to the public version.


Applies To...


  • Mimecast Mobile v4 onwards.
  • Customers with the required EMM infrastructure in place.


Recommended Reading



Accessing the Application


The application is available from:


Configuring Mimecast


It is best practice to allow access to managed devices only. This ensures employees can't access Mimecast Mobile on devices not under the control of the MDM/EMM. To do this:

  1. Logon the Administration Console.
  2. Click on the Administration toolbar menu item.
  3. Click on the Services | Applications menu item.
  4. Either click on the:
    • Application Settings to be amended.
    • New Application Settings button to create a new application setting.
  5. Expand the Mobile accordion.
  6. Select the Managed Only option from the drop-down.
  7. Configure the other settings as required.
  8. Click on the Save and Exit button.




To deploy Mimecast Mobile in Managed mode, refer to the guidance provided by your EMM solution vendor. A list a AppConfig EMM members can be found on the AppConfig Community.




Devices need to be configured for Android Enterprise. Depending on your EMM/MDM solution you may need to set the below 'App Configuration'.


Manage in Android EnterpriseTo manage this app in Android Enterprise, enter any value (e.g. yes). Otherwise, leave the box blank.



Supported Capabilities




Capability Details
App TunnelLeverage the “Per-app VPN” capability available in most commercial VPN solutions, and available in iOS 9+.
Single Sign-OnImplement a standard single sign-on protocol (e.g. SAML) and invoke the identity provider log on page in a web view. Currently not supported by iOS 11.
Passcode / TouchIDSet the pincode or TouchID settings on the application.
Managed Open-InSet the “managed open in” control available by the EMM provider, to restrict the native open in capability.
Prevent App BackupSet the “prevent app backup” security control available by the EMM provider, to prevent app data backup in iTunes.
Disable Screen CaptureSet the “prevent screen capture” security control available by the EMM provider with iOS 9+, to restrict the native screenshot capability.
Enforce App EncryptionSet the device passcode security control available by the EMM provider, to enforce the native iOS data protection encryption.
Remotely Wipe AppDistribute the app to the device as a managed application using the EMM tool, to have the ability to remotely wipe the app from the device.
Disable Copy-PasteSet the copy/paste policy on the application. KEY VALUE = “allowExternalCopyPaste” 




App Tunnel / Per-App VPNLeverage the “Per-App VPN” capability available in most commercial VPN solutions. Available in Android 5.0+.
Single Sign-On Login HintProvide a standardized log on hint needed to implement tenant discovery for any standard single sign-on protocol (e.g. OAuth or OpenID Connect) and invoke the identity provider logon page for that identity.
PasscodeFor Android N devices, supported EMM vendors can enforce a passcode to apply only for Work Profile managed applications.
Document SharingUse to enforce files to open only in managed applications.
Prevent App BackupAny app deployed under Android 5.0+ managed profiles will not participate in any backup infrastructure.
Disable Screen CaptureUse to prevent screenshots.
Enforce App EncryptionEnroll your device and the device will be encrypted as part of the enrollment process.
Remotely Wipe AppDistribute the app to the device as a managed application using the EMM tool, to have the ability to remotely wipe the app from the device.
Disable Copy-PasteContainerize copy and pasting to only managed applications.