Solved

Controlling device access to Exchange server

Posted on 2014-09-23
7
145 Views
Last Modified: 2014-09-29
Hello, we are running Exchange 2010 that is accessed by Outlook on Win7 and a variety of handheld devices (Active Sync). All these clients can be setup just by using username/password, which means that if I have someone's credentials I can setup a connection to the server and access their email. The question is: Is there a way to add an additional level of security so that only "approved" devices will be able to access the server? What are my options? Thanks. -Christos
0
Comment
Question by:criskrit
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 4

Expert Comment

by:adez12
ID: 40340602
Sounds like you're looking for a MDM (Mobile Device Management) solution.  Namely: Maas360, MobileIron, or the  free MDM from Cisco called Meraki.
0
 
LVL 1

Accepted Solution

by:
Travis Martinez earned 500 total points
ID: 40340817
Enable a Device for Exchange ActiveSync

Restricting mobile handsets based on Device ID:

http://technet.microsoft.com/en-us/library/bb266947%28v=exchg.141%29.aspx
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 40341206
I use a combination for MDM and alloweddeviceids to prevent unauthorised devices.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:criskrit
ID: 40341983
Hello and thanks for the answers. Just to clarify, I am not looking for network device management, I assume clients (laptops, smartphones) connect from anywhere on the planet through their home internet, a coffee shop WiFi, or their mobile provider. This is strictly between Exchange & the client. So yes, something like Device ID would be a good approach. Also has anyone heard of certificate-based authorization? ie Exchange accepting a device only if a manually-installed certificate is present. Many thanks!
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 40342606
A certificate option wouldn't work very well as the device can be configured to use untrusted Certs.
0
 
LVL 1

Expert Comment

by:Travis Martinez
ID: 40343183
You're correct but a 3rd part integrated system like BrotherSoft or Nitro Desk could.

Get out your checkbook though.  Anytime you see the "key management" it'll be the gift that annually keeps saying "you scratch my back and I'll tell you when to stop"...  

I guess the follow on question back is; what are you either trying to attain/accomplish or restrict/deny?

If the specific device target the employ has is of concern then this might help:  anything is possible, absolutely without a doubt it us...  however, highly unlikely thus the associated design costs, runrate, and support buckets - all tallied up equals, don't sweat it and continue with the standards of environment patch, release levels, reference architectures and the security umbrellas provided with each.

Remember, locks on your house are to keep those of us honest - remaining honest.  If an individual is capable and of the mindset to get in; the lock isn't going to stop them.

Similar with nework penitration and compromise.  Most all crimes are those of ease and opportunity.  With open source tools freely available and purpose built POSIX images with simple front ends.  The caliber of "attackers" is actually pretty low and to be fair insulting.

Anyone with $100 to buy a "Pineapple" doesn't have to know anything about Linux, networking,  how a Wireless signal works, none of it.  Follow the flash cards and set the dioseitches and viola - you're a "hacker".

Change defaults to one off and 99% will disappear having no clue what to do next.

Someone who's truly skilled and of the mindset and for whatever reason you've fallen inside their focus...  you can't defend against that type of person.  There's too many variables and attack surfaces.  Its a matter of time. I don't care who you, you're gonna get got.

My experience though is they're not scoundrels and more than likely; there's a real reason and nor just destruction or thievery.

If the other way and you want control of the asset.  Force provide it to your base and between you and the carrier you can harden however you'd like.  But. $$$$
0
 

Author Comment

by:criskrit
ID: 40350479
Okay guys, thanks. :-)
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With healthcare moving into the digital age with things like Healthcare.gov, the digitization of patient records and video conferencing with patients, data has a much greater chance of being exposed than ever before.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question