Disable IPhone exchange sync

Hi there,

We have an employee who has an Iphone that connects to their mailbox. This person should not have access to their email through their Iphone or any type of remote email access for confidentiality reasons. They set it up themselves and were caught bragging about this to another employee. (idiot!)

How do I disable all types of email synchronization to their iphone?

I know about the Exchange features in Active Directory, done that. What am I missing?

Thanks,
Primus
PrimusPilusAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
What version of Exchange are you using?

You can disable it individually via Active Directory Users & Computers on Exchange 2003 (mailbox features), or under Exchange Management Console - Mailbox for the user, then Mailbox Features.

Turn off Mobile Messaging options.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Justin DurrantSr. Engineer - Windows Server/VirtualizationCommented:
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

PrimusPilusAuthor Commented:
Hi Alanhardisty,

I'm running Exchange 2003.

I did that but just want to make sure there is nothing else!

Thanks,
Primus
0
Alan HardistyCo-OwnerCommented:
That's your lot on 2003 unless you want to cripple the IIS Virtual Directory too and change the settings there, but that would probably be overkill, but would stop everyone from using Activesync.

The virtual directory is Microsoft-exchange-activesync.
0
Justin DurrantSr. Engineer - Windows Server/VirtualizationCommented:
It is overkill, but would ensure no one has access. :)
0
Matthew EnglandTechnology ConsultantCommented:
There's a few ways you can resolve this, however you need to ensure you're covering your bases.

1. Is the policy limited to certain users or all users?
If it pertains to all users, then disable the functionality on the server & at your firewall.
If it's for certain users, then control it under the mailbox properties for the user(s).

If you're not using OWA in the organization, you can block web access (http/https) to your Exchange server, directly on the firewall. This will prevent OWA, Outlook Anywhere, and ActiveSync from being able to connect from outside your organization.

If you do use OWA, you may still be able to block access to the Microsoft-Server-ActiveSync virtual directory from your firewall, depending on the functionality it provides. (ISA or TMG both will permit this.)

To disable access on a user basis, open Exchange Management Console (assuming 2007), and right click on the users mailbox, then select properties. On the Mailbox Features tab, Select Exchange ActiveSync, and then click the Disable button.

Before you do this you may want to right click on the mailbox for that user and select, Manage Mobile Device. At the bottom of the dialog box, select the "Perform a remote wipe to clear mobile device data" option, then click the Clear button. This will wipe data synchronized from Exchange, off of the users iPhone.

Keep in mind that the iPhone and most other devices can also connect via IMAP and POP3, if those services are enabled on Exchange & through your firewall. If you're not explicitly using those services then disable them both on the Exchange server (Exchange Management Console > Server Configuration > Client Access> POP3 & IMAP4 tab > right click on each and select properties, then on the Bindings tab, ensure no IP's are present in the two boxes) & ensure they're not permitted through the firewall, by blocking port 110 & 143.
0
Matthew EnglandTechnology ConsultantCommented:
Sorry. My previous response applies to Exchange 2007, although, you can & should still look in to blocking access to your server at the firewall, if it's not required.

0
PrimusPilusAuthor Commented:
Excellent guys.

The policy doesn't apply to everyone so I won't be blocking access to the server at the firewall level.

I did deny the user in question access to the virtual directory, would this work?

Thanks guys!
Primus
0
Alan HardistyCo-OwnerCommented:
Not ever tried it but can't see why that won't work.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.