none
Exchange ActiveSync device access using the Allow/Block/Quarantine list

    Frage

  • Hi,

    I was reading the following article about controlling Exchange ActiveSync devices

    http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx

    We are facing the following request and I was wondering if we are going to be able to use Allow/Block Quarantine List in order to get it done.

    We would like to lock down users per devices, basically USERA has an iPhone that is company issued but USERA has also an iPad a Droid and a Galaxy tablet (LOL!).

    We only want the user to use Active Sync with the iPhone because is the company issued phone and the only one that we support. That being said, can we use A/B quarantine list to do something like this:

    iPhone Group -> userA

    DroidModel1 -> userB,userC

    DroidModel2 ->userB, user D

    So basically users are added into groups and groups are assigned to models to allow or deny access to AS.

    Any thoughts?

    Thank you!

    Dienstag, 24. April 2012 17:00

Antworten

  • I have to admit, Im not completely sold on using the ABQ abilities to manage devices yet.

    If I was doing this and I wanted to ensure that each user was only allowed to sync with his company device, I would probably initiate a simple quarantine model and allow access on a ad-hoc basis  and also set the throttling policy to only allow one EAS connection

    The EASMaxDevices parameter specifies a limit to the number of Exchange ActiveSync partnerships that a user can have at one time. By default, each user can create 10 Exchange ActiveSync partnerships with their Exchange account. After users exceed the limit, they must delete one of their existing partnerships before they can create any more new partnerships. An e-mail error message describing the limitation is sent to the user when the limit is exceeded. Additionally, an event is logged in the Application log when a user exceeds the limit.
    • Als Antwort markiert post Dienstag, 24. April 2012 20:13
    Dienstag, 24. April 2012 17:43
    Moderator

Alle Antworten

  • I have to admit, Im not completely sold on using the ABQ abilities to manage devices yet.

    If I was doing this and I wanted to ensure that each user was only allowed to sync with his company device, I would probably initiate a simple quarantine model and allow access on a ad-hoc basis  and also set the throttling policy to only allow one EAS connection

    The EASMaxDevices parameter specifies a limit to the number of Exchange ActiveSync partnerships that a user can have at one time. By default, each user can create 10 Exchange ActiveSync partnerships with their Exchange account. After users exceed the limit, they must delete one of their existing partnerships before they can create any more new partnerships. An e-mail error message describing the limitation is sent to the user when the limit is exceeded. Additionally, an event is logged in the Application log when a user exceeds the limit.
    • Als Antwort markiert post Dienstag, 24. April 2012 20:13
    Dienstag, 24. April 2012 17:43
    Moderator
  • Hi,

    That sounds good. We are going to be managing Android phones and by looking at the following post  http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_clients we have seen that Block/Allow/Quarantine List (device info) for Android devices prior to 4.0 is not supported.

    Does that mean that ABQ will not function with any devices prior to 4.0? Have you ever test or implement ABQ with Android phones?


    • Bearbeitet post Dienstag, 24. April 2012 18:57
    Dienstag, 24. April 2012 18:57
  • Hi,

    That sounds good. We are going to be managing Android phones and by looking at the following post  http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_clients we have seen that Block/Allow/Quarantine List (device info) for Android devices prior to 4.0 is not supported.

    Does that mean that ABQ will not function with any devices prior to 4.0? Have you ever test or implement ABQ with Android phones?


    Honestly, I cant tell you, That is something you will have to test to see how well the ABQ stuff works. I like to keep it simple and if their devices are allowed as they connect on an ad-hoc basis and you limit them to one max connection, that keeps it simple  - at least for me  :)

    Dienstag, 24. April 2012 19:36
    Moderator