Thursday, June 13, 2013

New Nitrodesk blog!!

We've been busy at Nitrodesk!  Besides all the new stuff we're working on across platforms (you're dying to know, aren't you!), we have a new blog. Please follow us to

Our blog authors are creating video tutorials, posts about Touchdown maximization, and so much more.  Come see!

Tuesday, February 5, 2013

TouchDown now Live on Windows

... complete with the usual 1* review that app developers are rewarded with for all the hard work.

"Only uses Active Sync which makes it useless"


Monday, January 7, 2013

TouchDown for Windows

Slightly old news, but TouchDown for Windows 8 and Windows RT is coming along nicely. A big THANK YOU to all those who have been trying the beta version and sending us feedback.

For those of you who want a closer to Outlook experience on your Windows RT device, or even on a Windows 8 computer, it's not too late to try the beta. The beta is free, can be installed for evaluation purposes, and will be available until we publish to the Store.

For more information go to TouchDown for Windows on our web site.

Tuesday, October 2, 2012

TouchDown for iOS

We are glad to announce the release of TouchDown for iOS in the AppStore. TouchDown has always strived to provide a good balance between usability for end users and security and compliance for enterpise IT.

With iOS, TouchDown provides a very seamless experience for the user when dealing with the various sections of corporate data like Email, Contacts, Calendar, Tasks and Notes into one single application, making it easy to navigate between them. When looking at the email list, contact list, task list or Notes list, you can also swipe a single item in the list to gain access to operations like tagging and deleting depending on the item.

In addition, TouchDown now provides the admin with the assurance that corporate data is ALWAYS encrypted on the device, regardless of policy. Yes, data is always encrypted using AES 256 encryption. This includes attachments which are downloaded from the server, and viewed within the application itself. Support for IRM and SMIME are in the iOS version as well, just as on Android.

In order to provision your email on the iOS device, you dont now have to lock down the entire device (although the user can still choose to do that), but just the TouchDown application, which hides the corporate data behind a PIN lock if requested in policy.

The next update for TouchDown will provide a split screen view with movable splitters, bringing it closer to the experience we have always provided for Android tablets.

Different from the Android version
1. Push: Note, however, that Apple does not allow applications to push data in the background, hence updates will not be pushed to the device if the application is not active. Once started, touchdown will start bringing in the updates and will continue to do so as long as the app is in the foreground and active. This is a change from how things function in Android.
Since applications cannot periodically wake up on iOS, there is no concept of periodic polling either on iOS. Peak Times is another concept which will go away, since there is no background syncing.

2. Speech: Speech notifications as well as speaking an email out is something not supported on iOS

3. Single Account: While in Android, touchdown had the ability to create multiple profiles, you cannot do so in iOS.

4. Supported Protocols: iOS version will support only Activesync when connecting to the server. Android version supports ActiveSync as well as some legacy non mobile protocols.

Thats off the top of the head, most other features of Android version will eventually carry over to iOS (and vice versa), and the only reason why something would not carry over will be due to platform limitations.

The future
We recognize that the iOS version is still in its infancy, but expect to be rolling out updates on iOS as well as Android to ensure as much feature parity as possible. Expect (at least) one update every month for the next few months as we learn, refine and redefine your enterprise email experience.

Monday, May 21, 2012

Generating logs on the server

Often times when debugging activesync issues, it may be desirable to generate a log of things that happen on the server, since touchdown logging only displays the log from the client/device. Here is how to generate a server side log if you are using Exchange 2007 or Exchange 2010 in activesync mode.

1. Go to Outlook web access by opening a browser on a PC and going to (replace with your server name)
2. On the top right corner, click Options button and select All Options.
3. You should see the options screen, and there you would see an option called "phone". click it.
4. You should see a list of all device partnerships you have active. find the device that represents the one you want to log and highlight that one. (you can double click it to see all information about it)
5. With the offending device selected in the list, click the button on top which reads "Start Logging". this will start logging all requests from the device.
6. Go to the device and perform the offending operation. Make sure the operation completes successfully or fails. (if trying to send an email, make sure the send fails).
7. Come back to Outlook Web Access and select the device and click "Retrieve Log".
8. At this point you should get an email in your inbox with the log. You can forward it to support or your contact in NitroDesk who asked for the log.

Monday, January 23, 2012

Transitioning to Offce365

If your organization just transitioned to Office365, please be aware that there are some recent changes in Office365 which has come to our attention which may cause you to see an error when performing the quick configuration.
This error shows up as an error code 451 when performing the configuration if you used the server name as

We have uploaded a beta version which overcomes this error. The beta is available at the following locations
For Smartphones :
For Tablets (honeycomb or higher) :

If you install the beta version, the 451 error should go away and you should be able to configure normally.

Wednesday, December 28, 2011

Syncing status with exchange servers

Lately we have been receiving a lot of support requests around this issue, and hence this post. Please read carefully, support may be simply unable to fix your issue. TouchDown has been tested to make these status changes to the device and back. However, there are factors that are outside our control that may cause some of these updates to simply not work. While support will try to establish a cause, we are typically unable to actually solve issues which are outside of the applications control.
TouchDown never talks directly with your outlook on the desktop. Outlook and TouchDown are simply "clients", which display what they think the exchange server account contains. The source of all the data is the exchange server which you connect Outlook and TouchDown to. There may be times when either of them may be out of sync with the server.

How to see what the server really knows
In order to see what the server knows about your data, you must connect directly with the server. The best (and only) way to do this is to login to OWA, or (Outlook Web Access). OWA is NOT OUTLOOK. For this, you must first find out the OWA link for your exchange server. If in doubt, ask your administrator, the link may take the following forms
(in some installations where security is not a priority for the organization [or where the administrator may find it desirable to have all your data to be trasmitted in plain text over the internet for some odd reason], https may be replaced with http.)
Once you know what the link is, you should navigate to the link on a PC browser. THe server will at that time ask you to authenticate yourself. Once you login to the server, you will see a view much like outlook, but inside your browser. What you see in this view is what the server knows. Any changes you make here will eventually be reflected in outlook and touchdown if all is configured correctly.

How read status (and deletions) works on Exchange
Outlook to Device
When you mark an item as read on Outlook, outlook eventually sends the status change to the exchange server. The exchange server maintains the status of each of the emails on the server, and eventually sends the status change to the device, IF it determines that the device is displaying the email

What can go wrong
1. Outlook fails to update the status on the server for some reason. To find out if this is the case, you have to see what exchange sees. After you mark items as read/unread in outlook, if you dont see the changes reflect back in TouchDown, login to the server and see if the server shows the items as you marked them. If it doesnt, chances are outlook did not update the server correctly. Make sure that you allowed enough time for Outlook to actually mark those items on the server.
2. Outlook updated the server, but the server did not update TouchDown. This can happen because the server doesnt always immediately update the device for changes like a read status change. Typically such changes are delayed to prevent too frequent updates to the device in an effort to save battery life. In such cases, changes such as these MAY be delayed until a more significant change such as a new email, new contact, a new event etc are detected. You can however force touchdown to proactively check for changes by pressing Menu/Sync on the TouchDown main screen a couple of times.
3. You deleted an item, but it still appears in TouchDown because you may be syncing the Deleted Items folder in TouchDown. This is by design.
4. There are some other lesser known and encountered situations where this may happen, such as cases where there may be multiple devices syncing to the server and the server faces internal issues when updating all devices involved. For example, we have known one or two situations where users have had this problem go away after they removed other devices from syncing with the exchange server. But that does not necessarily mean you cannot sync  multiple devices. (In our test environments, we have up to 10 devices syncing flawlessly with the server with no such issues).

Device to Outlook
When you mark an item as read on TouchDown, by default TouchDown does not immediately tell the server about the change. This is again to prevent unnecessary chatter with the server. TouchDown will batch all such changes are send them out the next time a more significant event like sending an email, or when a change is detected on the server. You can change this behavior somewhat by turing OFF the "Defer server updates" option in the last tab of touchdown settings.

What can go wrong
1. Defer server updates can cause batching of updates to the server, meaning that the changes are not immediately sent to the server. Turning it off, or going to the main touchdown screen and doing a Menu/Sync can send such batched changes to the server.
2. TouchDown faces an error from the server when sending the updates. Such errors are typically due to situations where the server returns an error, or is unavailable. While rare, such situations can in some cases cause the change to be lost in transit. With a good internet connection and a reliable server, such situations are almost non existent. In cases where the internet connection on the device is unavailable, touchdown would either wait for a connection or retry the operation for a finite number of times before giving up.
3. TouchDown updated the server, but the server did not update outlook. This is completely out of our control, since TouchDown's work is complete once the change has been sent to the server and acknowledged. if outlook has not updated the change from the server, you can confirm that issue by looking at OWA as described in the earlier section

Thursday, December 8, 2011

TouchDown on ICS

Now that ICS is available, and devices are shipping, thought i would write a bit about TouchDown on ICS devices. There is a fair amount of confusion about what version of touchdown should be used on ICS devices. ICS can run on smartphones as well as tablets.
There are two flavors of TouchDown in the Android Market
1. TouchDown For Smartphones (optimized for phone form factors)
2. TouchDown HD For Tablets (Optimized for tablet form factors)

After playing with both versions on the Galaxy Nexus, i am leaning towards using TouchDown For Smartphones on the device. The main reason is that the TouchDown HD For Tablets, being a honeycomb build takes up a sizeable chunk at the top of the screen to show the action bar, which does not really add much value to the application except provide a way to access the menu options. However, If you run TouchDown for Smartphones on the Galaxy Nexus, the menu would be accessible from a button which looks like a ":" at the bottom right of the screen. I find that wasting a whole row for the menu options was not really worth it.

Tablet mode Screen Display Please note also that when run on the Galaxy Nexus, the TouchDown for Smartphone version will by default open into a split screen view after you restart the application after the first configuration. If you find yourself opening the app into tablet mode, you can go to settings and under advanced tab, check ON the "Disable Tablet Mode" setting.

While the device has a high resolution, it doesnt really have enough surface area to display usable information in this format. To fix this, we are updating version 7.1.009b (this is beta still) to detect physical screen sizes less than 5" when running quick configuration, and automatically turn on the "Disable Tablet Mode" option in the advanced tab of settings.

Here are some screenshots of how the two versions look. To get this exact look and feel, note that you should TURN OFF the "Disable tablet mode option" in the last tab of settings. Tablet mode will be disabled automatically on the device since these views are not ideal.

First is a sample screenshot of TouchDown HD for Tablets showing the split screen view. Note that gray bar on the top plus the navigation tabs which take up too much space.

Here is how the TouchDown for SmartPhones app shows up on the device. Note the : symbol at the far right bottom. Thats the menu button. Also note that these screens are captured using the Black Theme. Read below to see how to set themes.

This is the email list in split screen mode.

Same thing viewed horizontally

Calendar Viewed Horizontally

Now, the classic main touchdown screen, this is the screen you will be normally greeted with after configuration.

Switching Themes
If you want to change the themes on the touchdown main screens and the list views, you can open settings and tap on the Select Theme option shown in the image below.

Note about the DeviceType change in the next version.
In the next version of TouchDown, we are changing the default device type reported to Exchange from "Android" to "Touchdown".  While this will not affect an already configured device, if you uninstall and reinstall or reconfigure the device from a clean state, the new string will be reported to the server. Admins can now use that string to better identify TouchDown in Exchange Server ABQ settings.

 Screen Capture Security Hole : We think it is dangerous to let android let you accidentally capture your email screen to the SD card if you happen to hold the volume down and the power button for about a second. Hence, we have put in some measures to ensure that if your security policies have PIN or data encryption or SD card encryption enabled, you cannot accidentally take screenshots of the touchdown screens that display potentially sensitive information. We have verified this on ICS.

Tuesday, December 6, 2011

Version 7.1 is available

Version 7.1 has been released to the market(s)
The following are the notable changes
- Support for themes (go to settings and in the advanced tab you can select themes)
- Support for Quick Replies by long-pressing the email in the list.
- Configure quick replies by going to the last tab of settings and clicking the quick replies button
- Fixes a MAJOR DLP SECURITY HOLE in some android devices. On some devices we found that regardless of the security level in your enterprise, a hotkey combination (on some devices, an easy to click button at the bottom) is all it takes to send your secure email as a JPEG image into your gallery. This image compromises security in all sorts of ways. This issue will become worse with the release of ICS, which makes the screen capture function a part of the OS itself.

Friday, November 25, 2011

Can enterprises embrace the Amazon Kindle Fire ?

The Kindle Fire has finally been released, and has made its way to the hands of hundreds of thousands of customers. While it is not known how many of those users are going to bring the device to the enterprise when holiday season is over, it is only logical to assume that there will be thousands of devices making their rounds inside the corporate firewalls across America at least for now.
Google News technology sections are filled with reviews both positive and negative around the device. Mostly positive. After all, the press has been waiting for link bait like this for a while. After the initial obligatory reviews around the device itself, attention is slowly turning towards whether and how well the Fire can adapt to the enterprise. Despite being a glorified electronic shopping cart for amazon, the Fire is still a formidable contender in the android tablet space. Will enterprises embrace it with both hands, or will it fizzle at the enterprise doorstep ? No one knows for sure.
From where we stand, we see IT admins may have little choice but to work backwards from the device and find creative ways to ensure they can support the device. At the end of the day, when the CIO gets a fire for christmas, its pretty much game over, you have to suport it.
As far as device capabilities go, the Kindle fire is a first class citizen in the Android world. it runs Gingerbread, and there is no excuse for not supporting the fire just because it has been heavily customized by Amazon. Amazon has done a great job of changing the OS on the surface to make it friendly for end users, but has not really backtracked on the underlying capabilities of the OS when it comes to security and sandboxing. So it can be made as secure as Gingerbread on any other phone the user may purchase. The fact that most MDM vendors have not taken the effort to test on the fire and publish their agents on the Amazon Market is probably less Amazon's fault and more a factor of prioritization by the MDM vendors. The vendor that makes the necessary investments to support the Fire and to get the MDM agent published on the amazon appstore for android will be met with eager enterprises wanting to support the device.
As always, NitroDesk TouchDown runs on the Kindle Fire with no reduction in functionality or security. From TouchDown's point of view, the fire is yet another tablet running android Gingerbread. The Fire does not have a built in Exchange email client, does not have a calendar application built in, but it has all the necessary underlying support for TouchDown to provide push email and a sandboxed contact/calendar/task/note database to customers who want a tablet experience on it. In fact, TouchDown is the only available exchange activesync client which can provide a full screen tablet optimized experience on the Fire. The only shortcoming on the device we have observed is the inability for the device to maintain a Wifi connection when the device is asleep, preventing push mail from working in that state. We have worked hard to ensure that the Fire is supported as a first class device with all the encryption and security support that the enterprise needs. Any MDM which touchdown integrates with, that publishes their agent on the Amazon AppStore will be immediately supported by NitroDesk.