OS / Browser
HENNGE Access Control / HENNGE Email DLP / HENNGE Email Archive / HENNGE Secure Transfer / HENNGE Tadrill / HENNGE File DLP
| Windows | macOS | iOS | iPadOS | Android | ChromeOS | |
| OS | Windows 11 supported by Microsoft | Up to the latest 3 generations of codenamed versions |
Up to the latest 2 generations of major versions |
Up to the latest 2 generations of major versions |
Up to the latest 4 generations of codenamed versions |
Latest version |
| Browser | Latest public browser version | |||||
| Google Chrome Firefox Edge |
Google Chrome Safari Firefox Edge |
Google Chrome Safari Firefox Edge |
Google Chrome Safari Firefox Edge |
Google Chrome Firefox Edge |
Google Chrome | |
- The HENNGE Secure Transfer screen is only available in the PC version.
- The management screens for all services are only available in the PC version.
- IE mode in Edge is not supported.
- End of Support for Internet Explorer 11 in HENNGE One
- Customized Android OS (custom ROM) like ColorOS is not supported.
- Regarding Microsoft Entra Join, we provide guidance based on our verification in January 2025, but we do not guarantee reliable operation.
Please also check the following article for precautions.
Want to use HENNGE Access Control with Microsoft Entra Join
HENNGE Secure Browser / HENNGE Secure Browser Desktop
| Windows | macOS | iOS | iPadOS | Android | |
| OS | Windows 11 supported by Microsoft | Up to the latest 3 generations of codenamed versions |
Up to the latest 2 generations of major versions |
Up to the latest 2 generations of major versions |
Up to the latest 4 generations of codenamed versions |
- HENNGE Secure Browser prioritizes support for viewing "Email," "Calendar," and "Contacts" in Microsoft 365 / Google Workspace.
There may be cases where it does not function as expected due to factors such as:- Specifications or limitations of your environment (OS / device, etc.)
- Specifications or limitations of the accessed service (Microsoft 365 / Google Workspace)
- For services not provided in the mobile Microsoft 365 / Google Workspace web interface, you will need to use dedicated native apps.
- Customized Android OS (custom ROM) like ColorOS is not supported.
HENNGE Lock
| iOS | iPadOS | watchOS | Android | |
| OS | Up to the latest 2 generations of major versions |
Up to the latest 2 generations of major versions |
Up to the latest 2 generations of major versions |
Up to the latest 4 generations of codenamed versions |
- Customized Android OS (custom ROM) like ColorOS is not supported.
HENNGE Device Certificate (including import tool)
| Windows | macOS | iOS | iPadOS | Android | ChromeOS | |
| OS | Windows 11 supported by Microsoft | Up to the latest 3 generations of codenamed versions | Up to the latest 2 generations of major versions | Up to the latest 2 generations of major versions | Up to the latest 4 generations of codenamed versions | Latest version |
| Browser | Up to 2 generations prior, including the latest version of the browsers below (1 generation per major version) | |||||
| Google Chrome Edge Firefox |
Google Chrome Safari Firefox |
Safari | Google Chrome | Google Chrome | ||
- Customized Android OS such as ColorOS (custom ROM) is not supported.
- Android work profiles are not supported.
HENNGE Access Control Tenant Certificate
| Windows | macOS | iOS | iPadOS | |
| OS | Windows 11 supported by Microsoft | Up to the latest 3 generations of codenamed versions | Up to the latest 2 generations of major versions | Up to the latest 2 generations of major versions |
To use Shared Tenant Certificates on iOS / iPadOS, installing both the client certificate and the intermediate certificate is required.
Android and Chrome OS are not supported.
Operational procedures and specifications for tools (such as MDM) used to distribute Shared Tenant Certificates are outside the scope of support.
HENNGE Cloud Protection
| Only the latest version of the browsers below | ||||
| Browser | Google Chrome |
|||
- For further details, please follow the provisions set forth in the WithSecure Elements Collaboration Protection License Agreement (https://www.withsecure.com/en-us/about-us/legal/terms).
HENNGE Tadrill
- If you have implemented email security services such as spam filters or URL/attachment detection, please configure whitelist registration, etc., on the security service side as needed when introducing separate products.
- The file opening detection of training emails distributed by HENNGE Tadrill has been verified to work with the latest version of Excel and Word in Microsoft 365 Apps.
Other desktop apps (such as Excel 2021) are not supported and may not function properly. - Regarding the Outlook desktop app, operation has been verified with the latest version of Outlook in Microsoft 365 Apps.
Other Outlook desktop apps (such as the one-time purchase Outlook 2021) are not supported and may encounter issues such as not functioning properly when clicking URLs.
HENNGE Tadrill Alert
| Microsoft 365 User License | Google Workspace User License | |||
| Outlook (Official App) |
Outlook on the web (Browser) |
Official App | Browser | |
| PC (Mac, Windows) |
Supported | Supported | - | Supported |
| Mobile (iOS, Android) |
Supported | Not Supported | Supported | Not Supported |
- Regarding the Outlook desktop app, operation has been verified with the latest version of Outlook in Microsoft 365 Apps.
Other Outlook desktop apps (such as the one-time purchase Outlook 2021) are not supported and may not function properly.
HENNGE Directory Sync Tool
The HENNGE Directory Sync Tool refers to the proxy settings of Internet Options.
Please log on to the server with the service startup account and configure the proxy settings.
For proxy settings, please check [Network].
Device Requirements
Meet one of the following device requirements.
- A machine that is part of a domain managed by Active Directory and supported by Microsoft Windows/Windows Server
- An Active Directory domain controller supported by Microsoft Windows/Windows Server
Software Requirements
- .NET Framework 4.0 or higher.
- Windows PowerShell 3.0 or higher.
- The latest version of the Windows PowerShell Active Directory module.
Communication Requirements
- Must be able to communicate via HTTPS (443) port externally.
- Not using an automatic configuration script on the proxy server.
- No user authentication upon connection.
- If installing the HENNGE Directory Sync Tool on a machine other than the Active Directory domain controller, ensure that the ports used by domain members as guided in the following Microsoft article are open between the installation environment and the domain controller.
Ports used in a domain environment
Active Directory Domain Controller Requirements
- Must be a Windows Server supported by Microsoft.
- The [unixUserPassword] attribute must exist in the user attributes of Active Directory.
- Active Directory Web Service must be running.
HENNGE Connect Agent
- OS: Must be a Windows Server supported by Microsoft.
For other operational requirements, please refer to the following Help Center.
Check Operational Requirements (HENNGE Connect)
Support Policy for Older Versions upon New Version Release
If you are using a version earlier than those listed in this article
Please update the version.
※ HENNGE does not intentionally block user service connections in principle, but the quality of the HENNGE One usage experience may gradually decline.
Handling of the Old Generation After the New Generation Release
-
Browser
When a new version is released, support for the latest version begins, and at the same time, the oldest version among the supported ones becomes unsupported. -
OS
- Windows : Operating systems supported by Microsoft are eligible for support.
- ChromeOS : Complies with Google's Auto Update Expiration (AUE). For the auto-update policy, please refer to here.
- iOS, iPadOS, watchOS, macOS, Android : Three months after the release of a major version, the oldest version among the supported ones becomes unsupported.
Network
Service FQDN (URL)
The FQDN / ports to be set to allow access for each service are as follows.
Please configure the communication permission settings for the FQDN and ports of the services you are using.
- When setting access permissions by URL, please write "https://" at the beginning of the FQDN and "/*" at the end.
- With wildcard specifications (FQDNs containing *), the destination FQDN changes dynamically, so permission settings with wildcards are required.
| Service Name | FQDN | Port Used |
| HENNGE Email DLP |
console.mo.hdems.com host.gross.hdems.com hennge-dlp-history.s3.amazonaws.com *.transfer.hennge.com |
TCP/443 |
| HENNGE Access Control | *.ssso.hdems.com ssso-v2015-02.s3.amazonaws.com ssso-spcfg-logo.s3.amazonaws.com japaneast-0.in.applicationinsights.azure.com *.auth.hennge.com cybertrust.deviceid.ne.jp www.hennge.com teachme.jp support.hdeone.com |
TCP/443 |
| *.lencr.org crl.deviceid.ne.jp ocsp.deviceid.ne.jp |
TCP/80 | |
| HENNGE Connect | *.connect.hennge.io | TCP/443 |
| HENNGE Connect Agent | *.ngrok.com *.ngrok-enterprise.com update.equinox.io *.ngrok-agent.com dns.google.com s3.amazonaws.com *.connect.hennge.io |
TCP/443 |
| crl.ngrok-agent.com | TCP/80 | |
| HENNGE Email Archive | console.hdems.com | TCP/443 |
| HENNGE Email Archive Modern | archive.hennge.com | TCP/443 |
| HENNGE Secure Transfer ※ HENNGE Secure Download (if HENNGE One is not contracted) |
*.transfer.hennge.com *.hennge-one.smtps.jp |
TCP/443 |
| HENNGE Cloud Protection | *.f-secure.com *.withsecure.com |
TCP/443 |
| HENNGE Tadrill | console.tadrill.com | TCP/443 |
| HENNGE File DLP | *.saascore.app | TCP/443 |
| IP Reverse Lookup Filter in Customer Environment | *.amazonaws.com | TCP/443 |
Service IP Addresses
Since HENNGE One services operate with dynamically changing IP addresses, it is necessary to set access permissions for all global IP addresses displayed at this link by specifying the range.
Please note that the list on the above link may change without notice in the future.
IP Addresses Accessible to the Service
| Service Name | Service Screen/Function | IPv4 Address | IPv6 Address |
| HENNGE Access Control | User Portal Screen Evaluation of Source IP Address during Access Control (※) |
○ | × |
| Management Screen | ○ | ○ | |
| Public API | ○ | ○ | |
| HENNGE Email DLP | All | ○ | × |
| HENNGE Email Archive | All | ○ | × |
| HENNGE Email Archive Modern | All | ○ | ○ |
| HENNGE Secure Transfer | All | ○ | × |
| HENNGE Tadrill | All | ○ | × |
| HENNGE File DLP | All | ○ | × |
※ Currently, only IPv4 is available as a condition for access control by HENNGE Access Control.
We are developing to support IPv6 addresses in the future.
Single Sign-On
HENNGE Access Control (SAML Authentication)
- Supports SAML2.0
- The NameID (user account information) of SAML authentication matches one of the user information items on HENNGE Access Control
- Supports both or either SP-Initiated SSO / IdP-Initiated SSO
- Can handle NameIDFormat as "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" or "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
- Supports SAML signature certificate with SHA-256 (SHA-2)
HENNGE Access Control (OpenID Connect)
- Is a Relying Party (certificate user trust) that supports Authorization Code Flow
- Is a Confidential client
- Client authentication is either client_secret_post or client_secret_basic
- Scopes are either openid, profile, email, offline_access
- ID token claims can use aud, iss, sub, iat, exp, hd, name, given_name, family_name, preferred_username, email, email_verified, zoneinfo, locale, updated_at, auth_time, nonce, custom attributes
- Redirect URI is an HTTPS format URL or localhost (including 127.0.0.1, [::1])
Compatible Email Services
HENNGE Email DLP / HENNGE Email Archive
- Exchange Online
※ Microsoft 365, Exchange Online, Edge, and Active Directory are trademarks or registered trademarks of Microsoft Corporation in the United States and other countries. - Google Workspace Business Gmail Webmail Service
※ Google Workspace, Gmail Webmail Service, and Chrome are trademarks or registered trademarks of Google LLC in the United States and other countries.