Enforcing secure email using message classification
Message classification allows your organization to specify and enforce secure email policies and add visual markings to email messages on
iOS
and Android
devices. You can use BlackBerry UEM
to provide iOS
and Android
device users with similar options for message classification that you make available on their computer email applications. You can define the following rules to apply to outgoing messages, based on the messages' classifications:
- Add a label to identify the message classification (for example, Confidential)
- Add a visual marker to the end of the subject line (for example, [C])
- Add text to the beginning or end of the body of an email (for example, This message has been classified as Confidential)
- Set S/MIME orPGPoptions (for example, sign and encrypt)
- Set a default classification
For
iOS
and Android
devices, you can use message classification to require users to sign, encrypt, or sign and encrypt email messages, or add visual markings to email messages that they send from their devices. You can use email profiles to specify message classification configuration files (with .json file name extensions) to send to users’ devices. When users either reply to email messages that have message classification set or compose secure email messages, the message classification configuration determines the classification rules that devices must enforce on outgoing messages.The message protection options on a device are limited to the types of encryption and digital signing that are permitted on the device. When a user applies a message classification to an email message on a device, the user must select one type of message protection that the message classification permits, or accept the default type of message protection. If a user selects a message classification that requires signing, encrypting, or signing and encrypting of the email message, and the device does not have S/MIME or
PGP
configured, the user cannot send the email message.S/MIME and
PGP
settings take precedence over message classification. Users can raise, but not lower, the message classification levels on their devices. The message classification levels are determined by the secure email rules of each classification.When message classification is enabled, users cannot use the
BlackBerry Assistant
to send email messages from their devices.You can configure message classification using the appropriate email profile settings.
For more information about how to create message classification configuration files, see KB 36736 to read article 36736.