So my company uses Google Apps for work. If i add my work gapps account to my note 7 it requires me to also install the policy manager which in turn forces my device to meet several criteria such as device encryption among several other things. Currently I use NINE (Exchange/GApps) email client that only encrypts the NINE sandbox so to speak.
My question is, if I add my work gapps account will it encrypt the whole device or just the sandboxed space used by Secure Folder etc?
~SG
Anyone?
If the policy manger can be activated within the secure folder you should be fine.
Sent from my SM-N930V using Tapatalk
I thought I'd try to put MS Outlook in the secure folder hoping it would only affect the folder. No dice. Policies were applied device wide.
Related
I have just got my Desire and whilst it is great, there are some issues that I would love some help with.
I am syncing with my work Exchange server and it is running quite well. however, I cannot find a way to sync subfolders or indeed any folder other than the Inbox. It seems to render the conversation view in the Mail app useless really (which is a shame).
Also, the security policy at work is that I have to have a password set which is fine except that now everytime I unlock my phone, I have to enter the password. Does anyone know if there is a workaround for this or an app that can help?
Thanks
Search for "LockPicker" on market place or have a look here : http://forum.xda-developers.com/showthread.php?p=6032322
That is great thanks. Now only the subfolders to fix.
If you want to use the lock pattern (Gesture) instead then you can do the following:
1. Delete your exchange Setup on the phone.
2. Go into Security and setup a lock pattern.
3. Once that is done and tested readd your exchange account.
4. Download the app called LockPicker from Market place.
5. Go into the program and enable the Override.
6. Enjoy the new way of unlocking your phone.
Looks like this : http://www.youtube.com/watch?v=Z1HsLRBGvdw
Just did it on my Desire and it rocks
So.. with Nexus One's Activsync integration, there was an option "accept all ssl"
With my incredible, it does not have that option (that I can see).. Therefore with a custom certificate from my company's security team, I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Thoughts? Solutions?
Please move this to appropriate forum if I'm in wrong place. Thanks in advance.
I allowed me to chose SSL. From in your Exchange Active sync do the following:
Menu -> More -> Settings -> Account Settings
Scroll down to below the password or you can close the virtual keyboard and you should see it.
Thanks for your reply..
However, that option just says "This Server requires an encrypted SSL connection"
The old version had an option to accept all SSL Certificates.
This means, a custom signature coming from a very large technology company's, very extensive IT security team, will be accepted in any way shape or form.
Alternatively, if the certificate is "not from a trusted authority", then you get the warning over and over and over and over.. whether you accept it or not.
my company is using a godaddy cert, it works fine. i tried setting it up for a client who has 07 exchange and a cert, but its not a well signed one, it wouldnt work at all. so not that it is the best solution but u could get a godaddy cert for yourself.
iamodogg said:
I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Click to expand...
Click to collapse
What is the warning? Do you know if they have their cert setup correctly?
I'm currently using the Touchdown app and using SSL. I haven't seen any warnings.
Touchdown will work fine. The certificate is obviously custom-built. We are a 60k employee company. They are not going to change the very for the limited android users.
Again, the 2.0 OS had a feature built in that allowed you to choose to accept all certificates.
Thanks for the work around/alternatives. Still hoping for a fix.
-------------------------------------
Sent via the XDA Tapatalk App
i had a clients incredible and it just wouldn't work, they were using a self sign certificate and exchange 07. i tried every setting i could, even after the software update1. yesterday i was determined to get it to work so i searched and searched. It just keep saying it couldnt authenticate. From what I found a couple things could work.
What I did:
I opened the browser and went to the company owa site. https://mail.company.org/owa, then onces there I could log in. I logged in as the user and it asked me to accept the certificate so I did. Then I was able to get into the users box. Then I added the exchange activesync account next and it work with one minor change in the domain field ( i just erased it). Form what I understand the autodiscover service on IIS needs to be running and working. Not 100% sure, but I got it to work so its worth a try.
What I tried, but didnt work:
Several sites said as long as you are connected to the network, but don't have internet then so the setup and it will continue. Then once it is setup then plug the internet back in and it will ask you to accept the cert and u just say yes. the option which you are talking about no longer looks available. Again its worth a try
Hope this helps
Yeah not sure what the OP means by "Custom Cert" as it's either a valid cert from a trusted CA or it's self signed. Nothing in between. I don't know why a company with 60K employees though would not have a valid SSL cert though...
Look at the cert properties and make sure the server name you are using on the phone matches the name on the cert exactly (if you haven't checked that already). This is the "Issued to:" field...
My company's e-mail server was running Exchange 2007 up until Friday night, which I was able to link to with my GN (and for that matter, my Nook Color) via the stock E-mail app. Over the weekend they updated to Office365, and after going through all of the nonsense about deleting and re-adding the account, the app is now telling me I have to change my security settings and give the account device admin settings. Among these are "Erase all data" eek and "Set storage encryption," neither of which are things I want to do, let alone give a remote server the ability to do. Apparently I'm not the only one that's worried about this.
So, Is there any way to get past this craziness? This is really frustrating, because a lot of the time I'm not in the office, it's important that my e-mail and calendars are synced automatically. I don't want to have to use a mobile web interface, or manually copy each meeting or appointment from the desktop interface into GCal. FWIW, I'm rooted (see sig for ROM, kernel, etc.) and would be perfectly fine going with a 3rd party app, as long as I can get new mail and all appointments pushed to the phone.
ETA: Here's a screenshot of the "permissions" it wants:
That is set by your Exchange Admin Team. I know of Email.apk's that will bypass the PIN lock requirement, but not those permissions. I manage our Exchange 2007 environment, and when I used Enhanced Email it wanted to be device admin, basically turning on PIN lock requirement and enforcing our Exchange Policies. They would either have to assign another Active Sync policy to your user account, or ease up these security restrictions.
Help!
I'm having issues connecting my work emails to my phone. Our IT department says that android phones don't support the necessary policies to gain access. iPhones can connect no problem. And oddly Samsung Galaxy S3 is an enterprise ready phone it also works. Seeing how the Galaxy S3 works. I assume that the Galaxy Nexus also has the capability to work if I port the email.apk from the S3?
I ask because I want native support. (i.e. calendar sync, contacts, etc...) I'm using k-9 for now just for the emails. Let me know if anyone has any ideas. Thank!!!
Can you explain more? Are you unable to reach the server? Are you sure you have the correct server address? Do you have Active Sync enabled for your account on Exchange? I sync with Exchange 2007 with no problems.
The problem is I keep getting incorrect username password errors. And when I consulted with our IT department they explained to me it wasn't because I inputted anything in wrong. It was because there are certain Microsoft Exchange security policies that android doesn't support natively.
Sent from my Galaxy Nexus using Tapatalk 2
I don't think that's correct. What's the policy they are enforcing that Android doesn't support?
What ver. of Exchange are you on?
Exact Issue I am facing too . My pl can connect via his Iphone 4 but not me... Never it gets connected.
deepayanneogi said:
Exact Issue I am facing too . My pl can connect via his Iphone 4 but not me... Never it gets connected.
Click to expand...
Click to collapse
What version of Exchange? What policy isn't supported?
2010 exchange , Cannot connect simply on giving credentials.
I've never had a problem. Enter my domain\username and password and the server URL which is different from what it defaults to and I'm good.
Edit: Looks like it might be non-provisional devices?
Issue 2.1 - Failures to provision and synchronize with Android OS
Exchange ActiveSync policies can cause provisioning and synchronization to fail when the devices are customized. Devices are not provisioned if a policy that exceeds these limitations is applied to the users of these devices. This issue is discussed in comment 9 from the following post on the Google Android forum:
http://code.google.com/p/android/issues/detail?id=9426
Edit: Maybe get them to create a new policy for you. Should only take them a second.
Another alternative would be to use an app like TouchDown, it would also provide the added bonus of seperating your e-mail from your phone. If a pin is enforced, it's enforced in touchdown, not the whole phone. a remote wipe only kills touchdown, not the whole phone.. etc.
It's a bit pricey, but very worth it.
deepayanneogi said:
2010 exchange , Cannot connect simply on giving credentials.
Click to expand...
Click to collapse
I use exchange 2010 no problem, and I just migrated a customer to exchange 2010 with a mixed iPhone/Android environment. If it's an authentication issue there are a couple of things to try:
-In the username make sure the format is DOMAIN\Username. So if your domain is ABC and your username is jsmith - it would be "ABC\jsmith" without the quotes.
-Make sure the servername is correct (i.e.: is the fqdn that can be resolved from 3G or from Wifi internally/externally - a lot of folks don't setup the correct DNS internally and mail.company.com may resolve to their website or something).
-Try checking/unchecking Use SSL, and Accept all SSL certificates. Using SSL is always best and Exchange 2010 requires it by default if I'm not mistaken, but unless you've got a trusted SSL certificate installed on the server you may have a problem...but nothing that can't be overcome by this.
-I'm assuming your user is allowed to use a mobile device since your IT person is troubleshooting.
I am trying to setup the default email app but it does not work. I need to configure my gmail account there. I tried both automatic and manual setup (IMAP, imap.gmail.com, port 993, SSL/TSL). But I always receive this message: "Problem with account setup. Username or password is incorect." But I am completely sure that I type my usernam (= my gmail address) and password correctly.
Babovka said:
I am trying to setup the default email app but it does not work. I need to configure my gmail account there. I tried both automatic and manual setup (IMAP, imap.gmail.com, port 993, SSL/TSL). But I always receive this message: "Problem with account setup. Username or password is incorect." But I am completely sure that I type my usernam (= my gmail address) and password correctly.
Click to expand...
Click to collapse
It might be a silly thing to ask, but do you have two step authentication enabled?
Actually, I believe the issue is to do with allowing less secure applications to access your GMail account - there is more about this here: https://www.ghacks.net/2014/07/21/gmail-starts-block-less-secure-apps-enable-access/ and for security reasons, I do *not* advise you to allow less secure applications to access your account. Instead, get a better application.
I repeat, I advise you NOT to allow less secure applications to access your account.
marco-v said:
Actually, I believe the issue is to do with allowing less secure applications to access your GMail account - there is more about this here: https://www.ghacks.net/2014/07/21/gmail-starts-block-less-secure-apps-enable-access/ and for security reasons, I do *not* advise you to allow less secure applications to access your account. Instead, get a better application.
I repeat, I advise you NOT to allow less secure applications to access your account.
Click to expand...
Click to collapse
I guess you're right. But the problem is that if the OP doesn't use GApps in LineageOS, only the default email and some others you can install from F-Droid will be available, but they're all the same (unless you know some alternative I don't). I'm trying to setup ProtonMail, but the developers said it is impossible to be done outside the browser or the Play Store app right now.
It would help if the people who made the email service created an open source app that could be included in F-Droid. Very few care about free software