RTM2007
asked on
Exchange '10 ActiveSync External Access, How to Lock Down to LAN-Only?
By default I believe that ActiveSync is enabled in Exchange '10 (SP3 Ent), as well as for all newly created users, which is fine. We have a third-party solution that will be relaying e-mail and phone policies via ActiveSync and so we do not need to expose ActiveSync out to the Internet, nor would we like to. Presently only OWA is published externally over SSL.
What would be the best way to lock down ActiveSync to only internal LAN use?
What would be the best way to lock down ActiveSync to only internal LAN use?
Also you can do this based on AD Group: http://www.ldap389.info/en/2012/04/19/powershell-enable-disable-activesync-ad-group-rbac-exchange-scheduled-task/
Activesync is either enabled for a user or disabled. If you want to restrict it to the LAN only, you will have to close port 443 on your Firewall so that it can't communicate, but then you will also lose Outlook Anywhere too.
You could setup Activesync to use a different FQDN that externally doesn't resolve anywhere or resolves to an invalid IP Address, but internally does.
You could setup Activesync to use a different FQDN that externally doesn't resolve anywhere or resolves to an invalid IP Address, but internally does.
ASKER
Is it possible to lock down/restrict ActiveSync via IIS?
In what way?
What do you want to allow / disallow?
What do you want to allow / disallow?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window
To enable a set of users in the text file:
Open in new window