Disable IPhone exchange sync

Hi there,

We have an employee who has an Iphone that connects to their mailbox. This person should not have access to their email through their Iphone or any type of remote email access for confidentiality reasons. They set it up themselves and were caught bragging about this to another employee. (idiot!)

How do I disable all types of email synchronization to their iphone?

I know about the Exchange features in Active Directory, done that. What am I missing?

Thanks,
Primus
PrimusPilusAsked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
What version of Exchange are you using?

You can disable it individually via Active Directory Users & Computers on Exchange 2003 (mailbox features), or under Exchange Management Console - Mailbox for the user, then Mailbox Features.

Turn off Mobile Messaging options.
0
 
Justin DurrantSr. Engineer - Windows Server/VirtualizationCommented:
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
PrimusPilusAuthor Commented:
Hi Alanhardisty,

I'm running Exchange 2003.

I did that but just want to make sure there is nothing else!

Thanks,
Primus
0
 
Alan HardistyCo-OwnerCommented:
That's your lot on 2003 unless you want to cripple the IIS Virtual Directory too and change the settings there, but that would probably be overkill, but would stop everyone from using Activesync.

The virtual directory is Microsoft-exchange-activesync.
0
 
Justin DurrantSr. Engineer - Windows Server/VirtualizationCommented:
It is overkill, but would ensure no one has access. :)
0
 
Matthew EnglandTechnology ConsultantCommented:
There's a few ways you can resolve this, however you need to ensure you're covering your bases.

1. Is the policy limited to certain users or all users?
If it pertains to all users, then disable the functionality on the server & at your firewall.
If it's for certain users, then control it under the mailbox properties for the user(s).

If you're not using OWA in the organization, you can block web access (http/https) to your Exchange server, directly on the firewall. This will prevent OWA, Outlook Anywhere, and ActiveSync from being able to connect from outside your organization.

If you do use OWA, you may still be able to block access to the Microsoft-Server-ActiveSync virtual directory from your firewall, depending on the functionality it provides. (ISA or TMG both will permit this.)

To disable access on a user basis, open Exchange Management Console (assuming 2007), and right click on the users mailbox, then select properties. On the Mailbox Features tab, Select Exchange ActiveSync, and then click the Disable button.

Before you do this you may want to right click on the mailbox for that user and select, Manage Mobile Device. At the bottom of the dialog box, select the "Perform a remote wipe to clear mobile device data" option, then click the Clear button. This will wipe data synchronized from Exchange, off of the users iPhone.

Keep in mind that the iPhone and most other devices can also connect via IMAP and POP3, if those services are enabled on Exchange & through your firewall. If you're not explicitly using those services then disable them both on the Exchange server (Exchange Management Console > Server Configuration > Client Access> POP3 & IMAP4 tab > right click on each and select properties, then on the Bindings tab, ensure no IP's are present in the two boxes) & ensure they're not permitted through the firewall, by blocking port 110 & 143.
0
 
Matthew EnglandTechnology ConsultantCommented:
Sorry. My previous response applies to Exchange 2007, although, you can & should still look in to blocking access to your server at the firewall, if it's not required.

0
 
PrimusPilusAuthor Commented:
Excellent guys.

The policy doesn't apply to everyone so I won't be blocking access to the server at the firewall level.

I did deny the user in question access to the virtual directory, would this work?

Thanks guys!
Primus
0
 
Alan HardistyCo-OwnerCommented:
Not ever tried it but can't see why that won't work.
0
All Courses

From novice to tech pro — start learning today.