dkurz8814
asked on
prevent users from accessing Exchange online from non activesync device
I will try and make this question as clear as I can-
We recently switched from an on-prem Exchange to Exchange online. Previously, the only three ways of accessing our email was VPN, ActiveSync and webmail. However, it now appears that any user can use any device that accepts an Exchange email account and start getting their emails. I understand this is the idea of cloud email, but as a HIPAA organization, this presents a serious security risk. My question is this-how can I track how users access email? I know I can limit things based on IP(http://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx), but then it would work if they had a VPN connection and we allow certain users to access our servers using their home PC if they use a VPN connection. But now they do not need that.
Is there any way to track what devices and users are accessing our hosted Exchange environment, or is this just the nature of hosted email?
We recently switched from an on-prem Exchange to Exchange online. Previously, the only three ways of accessing our email was VPN, ActiveSync and webmail. However, it now appears that any user can use any device that accepts an Exchange email account and start getting their emails. I understand this is the idea of cloud email, but as a HIPAA organization, this presents a serious security risk. My question is this-how can I track how users access email? I know I can limit things based on IP(http://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx), but then it would work if they had a VPN connection and we allow certain users to access our servers using their home PC if they use a VPN connection. But now they do not need that.
Is there any way to track what devices and users are accessing our hosted Exchange environment, or is this just the nature of hosted email?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Mind that win8 client is ActiveSync Based.
Setting device access rules might help - here is the 2013 version http://justaucguy.wordpress.com/2013/02/25/exchange-2013-configure-your-mobile-device-mailbox-policy/
ansd here is the blog that should give you some insight: http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx.
Depending on exactly you need to achieve, other types of filtering/block might be needed, I am thinking here at get-CasMailbox settinhd - http://technet.microsoft.com/en-us/library/bb125264(v=exchg.150).aspx
Hope it helps.