Allowing secure interaction with Office 365 apps

Citrix Secure Mail, Citrix Secure Web, and Citrix Files offer the option of opening the MDX container to allow users to transfer docs and data to Microsoft Office 365 apps. You manage this capability for iOS and Android platforms through the open-in policies on the Endpoint Management console.

Once opened in a Microsoft app, data is no longer secured or encrypted in the MDX container. Consider the security implications before enabling this feature. Particularly, customers concerned with data loss prevention or who are subject to HIPAA or other strict compliance requirements should weigh the trade-offs of opening the container.

Enabling Office 365 in iOS

  1. Download the latest versions of Secure Mail, Secure Web, or Citrix Files apps from the Endpoint Management downloads page.
  2. Upload the files to the Endpoint Management console.
  3. Locate the Document exchange (Open In) policy and set it to Restricted. In the Restricted Open-in exception list, Microsoft Word, Excel, PowerPoint, OneNote, and Outlook are automatically listed. For example: com.microsoft.Office.Word, com.microsoft.Office.Excel, com.microsoft.Office.Powerpoint, com.microsoft.onenote, com.microsoft.onenoteiPad, com.microsoft.Office.Outlook

    Image of the Document exchange (Open In) policy

In MDM enrollments, more controls are available for iOS devices.

You can upload iTunes apps to the Endpoint Management console and push the apps to devices. If you choose this option, set the following policies to ON:

  • Remove app if MDM profile is removed
  • Prevent app data backup
  • Force the app to be managed (note that a selective wipe removes the app and any data)

To prevent documents and data flowing from Microsoft apps to unmanaged apps on the device, go to Configure > Devices > Restrictions > iOS on the Endpoint Management console and then set Documents from managed apps in unmanaged apps and Documents from unmanaged apps in managed apps to OFF.

Enabling Office 365 in Android

  1. Download the latest versions of Secure Mail, Secure Web, or Citrix Files apps from the Endpoint Management downloads page.
  2. Upload the files to the Endpoint Management console.
  3. Scroll down to the Document exchange (Open In) policy and then select Restricted.
  4. In Restricted Open-in exception list, add the following package IDs:

    {package=com.microsoft.office.word} {package=com.microsoft.office.powerpoint} {package=com.microsoft.office.excel}

  5. Configure other app policies as usual and the save the apps.

Users must save files from Secure Mail, Secure Web, or Citrix Files on their devices and open the files with an Office 365 app.

For both iOS and Android, users can open and edit the following types of files on their devices:

Supported file formats

For the supported file formats, see the Microsoft Office documentation.

Allowing secure interaction with Office 365 apps