Securing User Messages: Controlling Access and Distribution
By setting message sensitivity, users can control who can access a voice message and whether it can be redistributed to others. Cisco Unity Connection also offers ways for you to prevent users from saving voice messages as WAV files to their hard drives or other locations outside the Connection server, enabling you to maintain control of how long messages are retained before they are archived or purged.
See the following sections:
How Cisco Unity Connection Handles Messages That Are Marked Private or Secure
Revised May 2009
When users send messages by phone in Cisco Unity Connection, the messages can be marked private, secure, or both private and secure. You can also specify whether Connection marks messages that are left by outside callers as secure.
Any recipient can receive a private message—including non-Connection users. Recipients can use the phone, the Cisco Unity Inbox, Cisco Unified Personal Communicator, Cisco Unified Messaging with IBM Lotus Sametime, or an IMAP client to listen to private messages.
Private messages cannot be forwarded by phone or from the Cisco Unity Inbox.
A private message can be forwarded and can be saved locally as a WAV file when accessed from an IMAP client unless you specify otherwise. (See the “Message Security Options for IMAP Client Access” section to learn how to prohibit users from playing and forwarding private messages and from saving private messages as WAV files.)
When users reply to a private message, the reply is marked normal.
When users send a message, they can choose to mark it private.
When outside callers leave messages for users, they cannot mark them private.
When users do not explicitly log on to their mailboxes before leaving messages for other users, they cannot mark the messages private.
Secure messages are stored only on the Connection server, allowing you to control how long messages are retained before they are archived or purged. For secure messages, the Save Recording As option is automatically disabled on the Options menu on the Media Master in the Cisco Unity Inbox, Cisco Unity Connection ViewMail for Microsoft Outlook, and Cisco Unity Connection ViewMail for IBM Lotus Notes.
Secure messages can be useful for enforcing your message retention policy. You can configure Connection to automatically delete secure messages that are older than a specified number of days, regardless of whether users have listened to or touched the messages in any way. For more information, see the “Changing the Message Aging Policy” section.
Secure messages can be played by using the following interfaces:
– Connection phone interface
– Cisco Unity Inbox
– Cisco Unity Connection ViewMail for Microsoft Outlook
– Cisco Unity Connection ViewMail for IBM Lotus Notes
– Cisco Unified Personal Communicator version 7.0 and later
– Cisco Unified Messaging with IBM Lotus Sametime version 7.1.1 and later. (For requirements for playing secure messages using Cisco Unified Messaging with Lotus Sametime, see the applicable Release Notes for Cisco Unified Messaging with IBM Lotus Sametime at
Secure messages cannot be accessed by using the following interfaces:
– IMAP clients (unless Cisco Unity Connection ViewMail for Microsoft Outlook or Cisco Unity Connection ViewMail for IBM Lotus Notes is installed)
– RSS readers
Only Connection users can receive a secure message. (VPIM contacts may also be able to receive the message, but only when the VPIM location is configured to change the message sensitivity to normal before delivering it.)
Replies to secure messages are also marked secure.
A secure message can be forwarded to other Connection users and to the Connection users in a distribution list. The forwarded message is also marked secure. Users cannot change the sensitivity of forwarded messages and replies.
When users log on to Connection and send a message, class of service settings determine whether the message is marked secure. By default, Connection automatically marks a message secure when the user marks it private.
When callers are routed to a user or call handler greeting and then leave a message, the Mark Messages Secure check box on the Edit > Message Settings page for a user or call handler account determines whether Connection marks the message secure.
Disabling the “Save Recording As” Option in the Media Master for All Voice Messages
By default, except for messages that are marked private, secure, or private and secure, users can save their messages as WAV files to their hard disks by using the Save Recording As option, available on the Media Master Options menu in the Cisco Unity Inbox. You can prevent users from saving any voice message—regardless of its sensitivity—by disabling the Save Recording As option on the Options menu of the Media Master in the Cisco Unity Inbox.
Note the following as you consider this security option:
When you prevent users from by saving messages to their hard disks, they may choose to retain them in their Inboxes and Deleted Items folders longer as a way of archiving them.
Disabling the Save Recording As option affects all users who are associated with the Connection server; you cannot disable it only for individual users.
Users can continue to use the Media Master to save greetings or recorded names as WAV files.
To Disable the Save Recording As Option in the Media Master in the Cisco Unity Inbox
Step 1 In Cisco Unity Connection Administration, expand
System Settings > Advanced
, then click
Step 2 On the PCA Configuration page, check the
Unity Inbox: Disable Save Recording As Option in Media Master
Step 3 Click
Message Security Options for IMAP Client Access
When users access voice messages that are marked with normal or private sensitivity from an IMAP client, the IMAP client may allow users to save messages as WAV files to their hard disks, and may allow users to forward the messages. To prevent users from saving and/or forwarding voice messages from their IMAP client, consider specifying one of the following class of service options:
Users can only access message headers in an IMAP client—regardless of message sensitivity.
Users can access message bodies for all messages except those that are marked private. (Secure messages cannot be accessed in an IMAP client, unless the client is Microsoft Outlook and ViewMail for Outlook is installed or the client is Lotus Notes and ViewMail for Notes is installed.)