Solved

How to limite mobile accesss/activesysnc only to allowed devices on office 365.

Posted on 2014-12-08
6
170 Views
Last Modified: 2015-01-12
We have office 365 with 70 users. Up to know, anyone has been allowed to connect both company and personal devices to Exchange and setup work email. We have been using the default policy without changes.  I would like to now limit this to only company mobile devices. This means that if I need to do something that if anyone decides to setup exchange account on their phone, we would allow it and somehow know that its our phone and not personal. If I somehow get that done, what happens to the existing phones.( d0 the existing phones have to be approved ). I still have to figure out a way which existing  phone and mobile is personal or company owned as there  phone number nor the IMEI number is being listed in Exchange or powershell . Thank you,
0
Comment
Question by:netcomp
  • 3
  • 2
6 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40487865
You need to setup the Allow / Block / Quarantine configuration for mobile devices and you can do this with help from the following link:

https://support.office.com/en-gb/article/Set-up-and-manage-mobile-access-for-your-users-478a9944-ae8e-4a95-937d-11a0c5ee1b6c?ui=en-US&rs=en-GB&ad=GB

Once configured - anyone adding a device will have to be approved before being allowed to use their device.

Alan
0
 
LVL 1

Author Comment

by:netcomp
ID: 40487889
The issue is that office 365 does not show nay serial, phone,IMEI, number. How would I know if this is or company owned device. We only buy Iphones for staff, but so many others do personally as well.  
Also, if I do configure the allow/block/quarntine, what happens to existing devices? Thanks,
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40487911
When the ABQ is configured, you can configure a recipient or several recipients who will receive and email and they allow or deny the request to sync.

You should know who has been given devices and thus should know who to approve.

Existing devices will need to be disabled / disallowed from syncing or you can disable Activesync for all users other than those who have been given company devices.

The ABQ will show you the Make / Model of device trying to connect to 365 so you should be able to figure out which ones to allow or block.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:netcomp
ID: 40487975
How do i disable existing devices ? Would they be able to connect  back to Exchange again after having been disabled. ?Thanks
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40488383
Please have a read of the following MS article for details of how to disable Activesync:

http://support.microsoft.com/kb/2795303

If Activesync is disabled for a user - they won't be able to use their mobiles as it will stop working.

You can (optionally) go through 365 and get a list of users / mobile devices that have been added and then manually delete them via OWA (logged in as each user), then you can re-enable activesync and allow the ABQ to govern access.
0
 
LVL 5

Expert Comment

by:John Christopher
ID: 40489017
As mentioned above by Alan - you can disable and same way enable by changing the $false to $true
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now