Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

Questions on two Power Shell command to control ActiveSync connections

We run Exchange 2010 SP1. We have an established ActiveSync community with about 500 users connecting. The only thing we use to control connections is applying a policy to the devices. It is standard practice to use to have everyone including new users disabled for ActiveSync except the ones that are currently using it but this practice is not always followed.

I didn't think there was anything available to control access and then I read about the two Power Shell commands below:

Set-ActiveSync OrganizationSettings
New-ActiveSyncDeviceAccessRule

I don't know if the second command is anything like, or is, the ABQ (Allow, Block, Quarantine) that I have read about.

My question is since our current Org policy allows everything, if I set it to Quarantine to catch a new user that gets created with AS enabled and then tries to connect, will this have any affect on our current users?

As for the New-ActiveSyncDeviceAccessRule, if you establish a rule or rules for some devices, does this automatically block everthing else that tries to connect.
0
osiexchange
Asked:
osiexchange
  • 3
1 Solution
 
suriyaehnopCommented:
If not mistaken, new user maibox will have Exchnage Activesync disabled by default.
0
 
osiexchangeAuthor Commented:
That may or may not be true. We provision with ILM but still, there have been cases where users have been enabled either because someone in the Help Desk was asked or there at time of user creation and this catch all command would be nice to implement.
0
 
DeanUnitedCommented:
Good question. We have 25 users on activesync now but want to start implementing some sort of check so that not anyone can activate their home ipad on activesync and download all their work email. We'd like to setup a quarantine for all new devices so that we can approve them first, however I'm afraid turning this on will automatically quarantine all 25 users that are already currently active. Does anyone know a work around?
0
 
osiexchangeAuthor Commented:
We decided to stick with the manual process.  As part of the user account setup, once the mailbox has been provisioned we go in and disable ActiveSync manually until we get the OK to enable it again.
0
 
osiexchangeAuthor Commented:
We decided to stick with the manual process.  As part of the user account setup, once the mailbox has been provisioned we go in and disable ActiveSync manually until we get the OK to enable it again.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now