Link to home
Create AccountLog in
Avatar of Albert Widjaja
Albert WidjajaFlag for Australia

asked on

How to prevent device connecting to Exchange Server using Active Sync ?

Hi,

How is it possible to prevent non approved device to connect to the Exchange Server 2007 using Active Sync ?
Avatar of Amit
Amit
Flag of India image

Avatar of Tushar Darwatkar
Tushar Darwatkar

Hello,

Please refer the below link..

http://www.msexchange.org/articles-tutorials/exchange-server-2007/mobility-client-access/uncovering-exchange-activesync-enhancements-exchange-server-2007-service-pack-1.html

Do let us know if you are looking to block particular device using active sync.
SOLUTION
Avatar of SreRaj
SreRaj
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Albert Widjaja

ASKER

well yes,

I'd like to use the existing Threat Management Gateway 2010 Standard to allows only Phone and iPad.

is that possible ? my HT-CAS server are Unicast NLB clustered in the internal zone, the TMG 2010 is in DMZ-I would that be working ?
is it possible to enforce globally which device that are registered can be allowed for the existing Active Sync while blocking the rest ?
Check below link...

http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx

Do let us know if further assistance required..
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
you can enabled the ABQ list in your organization , below article for your reference

http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx
@SreRaj: thanks for the advice, how can I do this in TMG 2010 ?

@vijayhakcers: I'm using Exchange Server 2007 so I guess the ABQ is irrelevant.
Hi

I didnt notice , Exchange 2007

If Exchange 2007

New-ActiveSyncDeviceAccessRule -QueryString "iOS 6.1 10B142" -Characteristic DeviceOS -AccessLevel Block
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thanks all !
SreRaj,

Does in this case I will have to run the powershell to disable the ActiveSync in a regular basis in case there is new user created ?
That is not required. This rule works by analyzing headers and it will block all the traffic which meets the signature configured.
Ok cool, so in this case I can then just add the new device signature as it is available to allow it.
Rule will be blocking the devices whose signatures are added. So if you want to allow a particular type of device, for example all Nokia devices, then you should remove the signature "Nokia" from the rule.