Solved

Controlling device access to Exchange server

Posted on 2014-09-23
7
144 Views
Last Modified: 2014-09-29
Hello, we are running Exchange 2010 that is accessed by Outlook on Win7 and a variety of handheld devices (Active Sync). All these clients can be setup just by using username/password, which means that if I have someone's credentials I can setup a connection to the server and access their email. The question is: Is there a way to add an additional level of security so that only "approved" devices will be able to access the server? What are my options? Thanks. -Christos
0
Comment
Question by:criskrit
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 4

Expert Comment

by:adez12
ID: 40340602
Sounds like you're looking for a MDM (Mobile Device Management) solution.  Namely: Maas360, MobileIron, or the  free MDM from Cisco called Meraki.
0
 
LVL 1

Accepted Solution

by:
Travis Martinez earned 500 total points
ID: 40340817
Enable a Device for Exchange ActiveSync

Restricting mobile handsets based on Device ID:

http://technet.microsoft.com/en-us/library/bb266947%28v=exchg.141%29.aspx
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 40341206
I use a combination for MDM and alloweddeviceids to prevent unauthorised devices.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 

Author Comment

by:criskrit
ID: 40341983
Hello and thanks for the answers. Just to clarify, I am not looking for network device management, I assume clients (laptops, smartphones) connect from anywhere on the planet through their home internet, a coffee shop WiFi, or their mobile provider. This is strictly between Exchange & the client. So yes, something like Device ID would be a good approach. Also has anyone heard of certificate-based authorization? ie Exchange accepting a device only if a manually-installed certificate is present. Many thanks!
0
 
LVL 12

Expert Comment

by:Steven Wells
ID: 40342606
A certificate option wouldn't work very well as the device can be configured to use untrusted Certs.
0
 
LVL 1

Expert Comment

by:Travis Martinez
ID: 40343183
You're correct but a 3rd part integrated system like BrotherSoft or Nitro Desk could.

Get out your checkbook though.  Anytime you see the "key management" it'll be the gift that annually keeps saying "you scratch my back and I'll tell you when to stop"...  

I guess the follow on question back is; what are you either trying to attain/accomplish or restrict/deny?

If the specific device target the employ has is of concern then this might help:  anything is possible, absolutely without a doubt it us...  however, highly unlikely thus the associated design costs, runrate, and support buckets - all tallied up equals, don't sweat it and continue with the standards of environment patch, release levels, reference architectures and the security umbrellas provided with each.

Remember, locks on your house are to keep those of us honest - remaining honest.  If an individual is capable and of the mindset to get in; the lock isn't going to stop them.

Similar with nework penitration and compromise.  Most all crimes are those of ease and opportunity.  With open source tools freely available and purpose built POSIX images with simple front ends.  The caliber of "attackers" is actually pretty low and to be fair insulting.

Anyone with $100 to buy a "Pineapple" doesn't have to know anything about Linux, networking,  how a Wireless signal works, none of it.  Follow the flash cards and set the dioseitches and viola - you're a "hacker".

Change defaults to one off and 99% will disappear having no clue what to do next.

Someone who's truly skilled and of the mindset and for whatever reason you've fallen inside their focus...  you can't defend against that type of person.  There's too many variables and attack surfaces.  Its a matter of time. I don't care who you, you're gonna get got.

My experience though is they're not scoundrels and more than likely; there's a real reason and nor just destruction or thievery.

If the other way and you want control of the asset.  Force provide it to your base and between you and the carrier you can harden however you'd like.  But. $$$$
0
 

Author Comment

by:criskrit
ID: 40350479
Okay guys, thanks. :-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange on iphone 16 49
Calendar and Email kept in Andriod 6 23
Document that shows Russian Security Threats 1 35
exchange, active directory 8 30
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now