Restricting/Controlling access to EAS, e.g. by user
-
Tuesday, March 06, 2012 4:43 PM
Hello, I'm relatively new to working with Exchange Activesync and mobile devices so please bear with me. (i.e. exchange 2010)
Basically, in the current situation, if my users know the Client Access Server name, they can setup any EAS-enabled device and access their work email on it (e.g. nokia, android, windows, apple iOS etc).
I am trying to find some way of restricting or having greater control over this process, but which does not involve an expensive third-party software solution. I understand that you can block or quarantine types of mobile devices, http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx. But I am looking for a little more control. e.g. is it possible to quarantine users when they first try to connect with each new device, and then permit then permit them access afterward on a case-by-case basis?
Or any similar solutions that people may have in place to allow for greater control.
Thanks in advance
All Replies
-
Wednesday, March 07, 2012 9:34 AM
Hi,
I know it is possible to block EAS user based and device based. Device based you have allready found the blog article. But for user based you can do this by changing the mailbox properties.
But there is not an automated process which can approve users. You will have to create a manual process.
Kind regards,
Bart Timmermans
Bart Timmermans | Technical Consultant at KPN Consulting
Follow me @ My Blog | Linkedin | Twitter
Please mark as Answer, if my post answers your Question. Vote as Helpful, if it is helpful to you.- Proposed As Answer by Fiona_LiaoMicrosoft Contingent Staff Thursday, March 22, 2012 8:57 AM
- Marked As Answer by Fiona_LiaoMicrosoft Contingent Staff Tuesday, March 27, 2012 9:30 AM
-
Wednesday, March 07, 2012 10:53 AM
Thanks Bart. I meant to say I was aware of that setting in that tab. But was concerned that it could affect Outlook Web Access?
If this did not affect Outlook web access, it would be possible to disable this settings for all users, and enable it on an as-needed basis?
If there are any other suggestions out there they are welcome!
-
Wednesday, March 07, 2012 10:23 PM
It won't effect OWA.
You can use the Get-CASMailbox | Set-CASMailbox -ActiveSyncEnabled $False to set for all users at once.
http://technet.microsoft.com/en-us/library/bb125264.aspx
Sukh
- Proposed As Answer by Fiona_LiaoMicrosoft Contingent Staff Thursday, March 22, 2012 8:56 AM
- Marked As Answer by Fiona_LiaoMicrosoft Contingent Staff Tuesday, March 27, 2012 9:30 AM
-
Wednesday, March 07, 2012 10:44 PM
Hi Dude,
Agree with Sukh. The setting does not affect OWA in any way. So this shouldn't be a problem.
Good luck!
Bart Timmermans | Technical Consultant at KPN Consulting
Follow me @ My Blog | Linkedin | Twitter
Please mark as Answer, if my post answers your Question. Vote as Helpful, if it is helpful to you.- Proposed As Answer by Fiona_LiaoMicrosoft Contingent Staff Thursday, March 22, 2012 8:56 AM
- Marked As Answer by Fiona_LiaoMicrosoft Contingent Staff Tuesday, March 27, 2012 9:30 AM
.png)
