Exchange '10 ActiveSync External Access, How to Lock Down to LAN-Only?

By default I believe that ActiveSync is enabled in Exchange '10 (SP3 Ent), as well as for all newly created users, which is fine. We have a third-party solution that will be relaying e-mail and phone policies via ActiveSync and so we do not need to expose ActiveSync out to the Internet, nor would we like to. Presently only OWA is published externally over SSL.

What would be the best way to lock down ActiveSync to only internal LAN use?
LVL 2
RTM2007Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You can use Access Restrictions on the Microsoft-Server-ActiveSync virtual directory to block access from the internet. Just ensure that you allow your entire internal subnet access.

Simon.
0
 
Stelian StanNetwork AdministratorCommented:
You could disable ActiveSync for all users an then enable just those users you want to have ActiveSync enabled.
get-Mailbox -resultsize unlimited | set-CASMailbox -ActiveSyncEnabled:$False

Open in new window


To enable a set of users in the text file:
Get-content C:\users.txt | set-CASMailbox -ActiveSyncEnabled:$True

Open in new window

0
 
Stelian StanNetwork AdministratorCommented:
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
Alan HardistyCo-OwnerCommented:
Activesync is either enabled for a user or disabled.  If you want to restrict it to the LAN only, you will have to close port 443 on your Firewall so that it can't communicate, but then you will also lose Outlook Anywhere too.

You could setup Activesync to use a different FQDN that externally doesn't resolve anywhere or resolves to an invalid IP Address, but internally does.
0
 
RTM2007Author Commented:
Is it possible to lock down/restrict ActiveSync via IIS?
0
 
Alan HardistyCo-OwnerCommented:
In what way?

What do you want to allow / disallow?
0
All Courses

From novice to tech pro — start learning today.