Solved

How to limite mobile accesss/activesysnc only to allowed devices on office 365.

Posted on 2014-12-08
6
185 Views
Last Modified: 2015-01-12
We have office 365 with 70 users. Up to know, anyone has been allowed to connect both company and personal devices to Exchange and setup work email. We have been using the default policy without changes.  I would like to now limit this to only company mobile devices. This means that if I need to do something that if anyone decides to setup exchange account on their phone, we would allow it and somehow know that its our phone and not personal. If I somehow get that done, what happens to the existing phones.( d0 the existing phones have to be approved ). I still have to figure out a way which existing  phone and mobile is personal or company owned as there  phone number nor the IMEI number is being listed in Exchange or powershell . Thank you,
0
Comment
Question by:netcomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40487865
You need to setup the Allow / Block / Quarantine configuration for mobile devices and you can do this with help from the following link:

https://support.office.com/en-gb/article/Set-up-and-manage-mobile-access-for-your-users-478a9944-ae8e-4a95-937d-11a0c5ee1b6c?ui=en-US&rs=en-GB&ad=GB

Once configured - anyone adding a device will have to be approved before being allowed to use their device.

Alan
0
 
LVL 1

Author Comment

by:netcomp
ID: 40487889
The issue is that office 365 does not show nay serial, phone,IMEI, number. How would I know if this is or company owned device. We only buy Iphones for staff, but so many others do personally as well.  
Also, if I do configure the allow/block/quarntine, what happens to existing devices? Thanks,
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40487911
When the ABQ is configured, you can configure a recipient or several recipients who will receive and email and they allow or deny the request to sync.

You should know who has been given devices and thus should know who to approve.

Existing devices will need to be disabled / disallowed from syncing or you can disable Activesync for all users other than those who have been given company devices.

The ABQ will show you the Make / Model of device trying to connect to 365 so you should be able to figure out which ones to allow or block.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 1

Author Comment

by:netcomp
ID: 40487975
How do i disable existing devices ? Would they be able to connect  back to Exchange again after having been disabled. ?Thanks
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40488383
Please have a read of the following MS article for details of how to disable Activesync:

http://support.microsoft.com/kb/2795303

If Activesync is disabled for a user - they won't be able to use their mobiles as it will stop working.

You can (optionally) go through 365 and get a list of users / mobile devices that have been added and then manually delete them via OWA (logged in as each user), then you can re-enable activesync and allow the ABQ to govern access.
0
 
LVL 5

Expert Comment

by:John Christopher
ID: 40489017
As mentioned above by Alan - you can disable and same way enable by changing the $false to $true
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Microsoft is moving in-place eDiscovery & hold from ECP to EOP console under Content Search in Search and Investigation Options.  In this post, I will be showing you how to export emails to a PST file using the Content Search Options.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question