I will try and make this question as clear as I can-
We recently switched from an on-prem Exchange to Exchange online. Previously, the only three ways of accessing our email was VPN, ActiveSync and webmail. However, it now appears that any user can use any device that accepts an Exchange email account and start getting their emails. I understand this is the idea of cloud email, but as a HIPAA organization, this presents a serious security risk. My question is this-how can I track how users access email? I know I can limit things based on IP(http://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx
), but then it would work if they had a VPN connection and we allow certain users to access our servers using their home PC if they use a VPN connection. But now they do not need that.
Is there any way to track what devices and users are accessing our hosted Exchange environment, or is this just the nature of hosted email?