Work email (iOS Sophos container policy)
The Work email configuration lets you configure Sophos Secure Email.
Main email account
|Exchange server||For Exchange Online, enter |
For Exchange Server, enter your server URL.
When you use Exchange Server with the Sophos Mobile EAS proxy, enter its URL instead.
|User||The user's sign-in name. |
For Exchange Online, this is usually the email address. Enter
For Exchange Server, enter
Users must enter the account password on their devices.
|Email address||The email address of the account. |
If you enter the variable
|Domain||For Exchange Online, leave this field empty. |
For Exchange Server, enter the domain of the user account.
|Support contact email||The email address that will be used as the "Contact Support" email address.|
In addition to the main email account, you can add up to two accounts, called Managed accounts, to Sophos Secure Email.
Note the following:
- When you configure managed accounts, users can’t add accounts manually. They can use accounts that they added before you assigned the policy.
- If there’s an existing account with the same email address, it’s converted into a managed account.
|Use secure text fields||The content of input fields is secured. Auto-complete and auto-correction are disabled within the Sophos Secure Email app to prevent sensitive words to be saved in the memory of the device.|
|Allow external content||Users can load external mail content like images.|
|Maximum email size||Email messages that are larger than the size you select (including attachments) are not retrieved from the Exchange server.|
|Notifications||The notification type for new email: |
This setting also affects event reminders:
|Content||The type of information that is displayed in a notification. |
This setting is only available if you’ve selected App in Notifications.
|Default signature||The default email signature.|
|EWS server||The URL of your Exchange Web Services (EWS) server. |
If you leave this field empty, Sophos Secure Email uses the URL you configured in Exchange server.
|Synchronize Outlook tasks and notes||Users can view their Outlook tasks and notes in Sophos Secure Email. |
By default, users can also create, edit, and delete tasks and notes. To turn this off, select Tasks and notes are read-only.
|Tasks and notes are read-only||Users can’t create, edit, or delete Outlook tasks and notes in Sophos Secure Email.|
|Call identification||Contact information from Sophos Secure Email can be used to identify company contacts in incoming calls, without the need to export Sophos Secure Email contacts to the device contacts. |
To use this, users must turn on the following device settings:
|Export contacts to device||Users can export Exchange contacts to the device. |
Sophos Secure Email keeps the information synchronized.
Sophos Secure Email automatically deletes local contact information in the following situations:
|Deny copy to clipboard||Users cannot copy or cut texts from the Sophos Secure Email app.|
|Open attachments||In all apps: Attachments can be opened in all apps that support the file format. |
In container apps: Attachments are encrypted with a device key and can only be opened in Sophos Secure Workspace. The Open in action itself is not blocked.
|Use system CA list||For incoming encrypted emails, Sophos Secure Email uses the certificate authority (CA) list provided by iOS or iPadOS to validate the certificate’s chain of trust. |
If you clear this setting, all certificates of the chain of trust must be available on the device.
|Encrypt by default||If the recipient’s S/MIME certificate is available, emails are sent encrypted.|
|Sign by default||Outgoing emails are signed by default with a user’s S/MIME certificate. |
Users can change the default in the Sophos Secure Email settings or can send individual messages unsigned.
|Allow S/MIME encryption||Users can send and receive emails that are encrypted with a S/MIME certificate.|
|Allow S/MIME signing||Users can sign emails if their S/MIME certificate is available on the device.|
With these settings, you set up Sophos Secure Email so that users access their Exchange accounts via your organization’s Microsoft 365 sign-in procedure. See Set up modern authentication for Sophos Secure Email.
|Turn on OAuth 2.0||Turn on Microsoft 365 authentication.|
|Authorization endpoint||The OAuth authorization endpoint of your application in Microsoft Azure. |
Enter the value displayed in the Azure portal under OAuth 2.0 authorization endpoint (v2).
|Client ID||The ID of your application in Microsoft Azure. |
Enter the value displayed in the Azure portal under Application (client) ID.
|Redirect URI||The location that the Microsoft 365 API uses for authentication responses. |
Enter the following text:
|Token endpoint||The OAuth token endpoint of your application in Microsoft Azure. |
Enter the value displayed in the Azure portal under OAuth 2.0 token endpoint (v2).
Only configure these settings if instructed by Sophos Support.