[Update 18. Dec] The Boxer Product Team has published a nice Blog Post in the VMware EUC Blog. Feel free to look at: Workspace ONE Boxer Adds Support for Multiple Managed Accounts and Shared/Delegated Accounts
When you are one of the probably 99.9% of our customers looking to use the feature of Delegated, Shared or Multiple Managed (Secondary), there are good news. We’ve gone a long way, but we are finally there. With the latest Boxer release 5.23 for Android the last bit for Shared Mailboxes went GA. iOS had this feature already a month before with release 5.22.
But let’s go two steps back. There are three ways to use Shared Mailboxes or Multiple Managed Accounts in Boxer:
- Multiple Managed Mailboxes (Secondary Mailbox)
- Shared Mailboxes and Calendars
- Delegated Mailboxes and Calendars
To understand the differences, we should take a deeper look at the three use cases.
- Multiple Managed Mailboxes (Secondary Mailbox)
This is typically when you are having a secondary account or a functional mailbox which should be added to Boxer. In this case, we are talking about a standard (Active Directory) account and the primary user usually knows the password of the secondary account, or certificate-based authentication may be used. The secondary account is configured from Workspace ONE UEM Console side and can have a completely separate setup: Different domain, different policies, different settings. This means that you don’t only need the appropriate version of Boxer to support this feature, you also need Workspace ONE UEM 20.08 as a minimum.
Here are the facts you need to know:
- Assign secondary Mailbox from Console 20.08 or higher
- Boxer release 5.21 as a minimum
- Have Password or Cert of secondary email account
- Accounts can be in different domains
- Different Settings / Policies may apply
- Single Sign-On (SSO) activated on SDK profile as prerequisite
- Exchange Active Sync is Used as the sync protocol
- Remote commands from the Console apply to all Managed accounts
- ENS & S/MIME supported (CA or Escrow Gateway)
- Exchange 2010, 2013, 2016, 2019, O365
- VMware Docs: Add Multiple Managed Accounts
- Shared Mailboxes and Calendar
Shared Mailboxes are a special mailbox type in Exchange, created by an Admin via the Exchange Admin Panel or Powershell, incl. the desired access right assignment. While the Multiple Managed Accounts are added through the Console, for Shared (and also Delegated) Mailboxes, this needs to be done from user side through the Boxer App. The primary user does not need to know the password of the shared mailbox, in fact shared mailboxes are not having a user facing password. The typical use case is a team mailbox where many people have access to one shared mailbox or calendar. Through Exchange granular access rights can be configured to allow different sets of permissions for the mailbox or also the (team) calendar only.
What you technically need to know about Shared Mailboxes and Calendars:
- Supported from Boxer 5.22 for iOS and 5.23 for Android
- No Console dependency
- Exchange Web Services (supported via SEG Proxy)
- Remote commands from the Console apply to all Managed accounts
- Contacts, Tasks, Notes is not supported
- Exchange 2010, 2013, 2016, 2019, O365
- MS: Create a Shared Mailbox
- MS: Open and use a shared Mailbox
- VMware Docs: Shared Mailbox Configuration
In our tests the Shared Mailbox Account was created through the Exchange Admin Center, but users who need to access the Shared Mailbox had to be added through the Microsoft 365 Admin Center – in fact two different consoles/portals when accessing M365 through portal.office.com, which can be difficult to understand or misleading. Powershell may be the straight forward option here.
- Delegated Mailboxes and Calendars
Probably the most demanded use case. The case of delegating access to a mailbox through Outlook to an assistant or a stand in during vacation time is very common. But be careful, only when the mailbox is delegated through the Exchange Admin Center the access rights are set in a way that other folders than the Inbox are accessible for the secondary user. Also for Delegated Mailbox the way to add them to the Boxer client is through the ‘Add Account’ option in Boxer.
Shared Mailboxes and Delegated Mailboxes are very similar from an end user perspective. They are added in the same way and the look and feel within the Boxer App is the same. The primary user does not need to know the password of the delegated mailbox (Delegator). Typically, for delegated mailboxes, we are talking about a one-to-one relationship between primary and secondary mailbox.
The technical facts:
- Boxer 5.19 iOS & Boxer 5.21 Android
- No UEM Console dependency
- Exchange Web Services (supported via SEG Proxy)
- Same Auth Method for EAS / EWS required
- Mailbox Delegation must be configured from Desktop Outlook
- Use Exchange Admin Center for Full Delegation
- ENS & S/MIME NOT supported by default (Phase 3 / Future )
- Out of scope: Contacts, Tasks, Notes Delegation
- Exchange 2010, 2013, 2016, 2019, O365
- VMware Docs: Add a delegated Mailbox
- VMware Docs: Add a delegated Calendar
The options to use shared mailboxes in different variations in Boxer are now very comprehensive and well thought, especially considering the point that for most cases the Secure Email Gateway or the Email Notification Service can be useful additions from a security and/or usability perspective. Also, for Shared or Delegated Mailboxes, in case the required Exchange Web Service is not accessible directly from the Internet, the SEG v2 can be used as EWS Proxy. There are a few smaller features and improvements outstanding which will be added in future Boxer releases. Keep an eye on the Boxer Release Notes or ask your VMware contact in case you are running into issues or when having a question.
Screenshots for Shared Mailboxes with Boxer for Android:
Screenshots for Shared Mailboxes with Boxer for iOS:
Julius Lienemann 
One thought on “VMware Boxer – Delegated, Shared and Multiple Managed Mailboxes”