Introduction to the Email Notification Service (ENS)


The Email Notification Service (ENS) is used to provide real-time notifications to iOS devices using AirWatch Inbox and VMware Boxer, similarly to if they were using the native email client.  ENS monitors a user's inbox directly and sends a push notification to AirWatch Inbox and VMware Boxer on the respective user's device.  From the user's perspective, it will look like any other standard notification in the notification window, and will open into AirWatch Inbox and VMware Boxer when selected.  While AirWatch Inbox and VMware Boxer will continue to use the background functionality provided by iOS, integration with ENS will allow users to receive accurate notifications even when the inbox is not properly running in the background on the device.

Where does the Email Notification Service fit in the overall network?

The Email Notification Service must be installed as an on-premise component, and is currently only fully supported when installed on the same domain as the Exchange server.  ENS will connect to the Exchange server in order to subscribe to Streaming Notifications for a particular user's mailbox.  However, ENS can connect to the Exchange environment via the AutoDiscovery server, or by directly specifying a particular Exchange server (or group of servers).  ENS can be used in an environment that is currently using a Secure Email Gateway (SEG), as long as it can connect directly to the Exchange servers.

Additionally, ENS must communicate with the AirWatch API server.  It does this to retrieve user and device information, as well as the current compliance status of a particular device when email compliance is being used.  ENS will use the information gathered for the user accounts (particularly the email domain, username, and address) when subscribing to  Streaming Notifications with Exchange.

Finally, ENS will connect to the AirWatch Cloud Notification Service (CNS) to actually send notifications to end user devices.  When the ENS identifies that there is an unread message in a user's mailbox, it will send a message payload to the CNS.  CNS will then package this message into an APNS (or GCM) payload and send it to the appropriate push notification service to ultimately notify the device.  CNS is currently only supported as a SaaS service, so on-premise installations of ENS must allow an outbound connection to the AirWatch-hosted CNS environment.



Components of the Email Notification Service

ENS consists of two main components: the Notification System and the Notification Subscriber.  The Notification System ensures that the list of users and devices stays up-to-date so that the subscriptions registered with Exchange always remain accurate.  ENS maintains a local repository of the user and device information that it updates by periodically connecting with the AirWatch API to gather this information.  Additionally, ENS will confirm whether a device is marked compliant or non-compliant for email access.  A device that is marked non-compliant for email access will not receive any notifications when there are unread messages in the user's inbox.

While the Notification System maintains the user and device information, the Notification Subscriber will actively manage the actual Streaming Notifications with the Exchange environment.  When a new user is identified by the Notification System, it will gather the email domain, username, and address and pass it to the Notification Subscriber.  The Notification Subscriber will then connect to the Exchange environment (either directly or through the assistance of Exchange Autodiscovery) and subscribe to Streaming Notifications for that particular user.  From then on, Exchange will notify ENS when an unread message is present in the inbox.

As ENS receives these notifications from Exchange, it will package together a message payload containing the user information and, depending on the configuration, certain information about the message itself.  ENS will batch these messages and send them to the AirWatch-hosted CNS environment to ultimately communicate with end-user devices.  The payloads between ENS and CNS will use the ENS certificate to authenticate.  As such, the public key of the ENS server must be manually installed on the CNS server for authentication to be successful.  ENS does support the use of outbound proxies when communicating with CNS and/or the AirWatch API server.



Types of Notifications

When installing ENS, you can configure the type of notifications that a device will receive.  These types are:

  • Default: You can configure a default message that devices will receive when there is a new message.
  • Sender and Subject: The notification will include the sender and subject of any unread message.
  • Preview: The notification will include a preview of the message itself.

Service Accounts

When installing ENS, you must configure a service account that is used to subscribe to Streaming Notifications.  This service account must have impersonation privileges for all users in the system or it will not be allowed by Exchange to subscribe.  After the initial install, you will have the ability to create additional service accounts if necessary.  Similarly, if your ENS installation must connect to multiple Exchange servers directly, this is configurable as well after the initial install.


On the server itself, ENS is a Windows Service named "Email Notification Service."  Like other AirWatch services, relevant logs can be found in the path {Installation Path}/Logs, and the logging level can be configured in the service's config file.  Note that the service must be restarted for logging changes to take effect.

When set to verbose, you will be able to identify log messages pertaining to both new subscriptions being created, as well as any device compliance state-changes being identified.  For example, if a device becomes compromised and is then marked as non-compliant.  In the logs, a message indicating that a device's access state is True indicates that the device is allowed, whereas False means the device is blocked.

Additional Resources

Have more questions? Submit a request


Article is closed for comments.