asked on 12/6/2017

Chekcing After Hour Business Email - Constitutes Overtime pay ( a big no no).

Recently, the HR Department wanted me to prevent employees from being able to check their business email through OWA, as this (I guess) poses issues about overtime pay and employees accessing their business emails. My question, is what is the best method to not allow access to business emails after hours? I know that there are login settings that effect a user's time and day for logging onto the network, but not certain it that effects access to business emails as well.

Remote Access Networking

Last Comment

danberry1010

12/21/2017

John

12/6/2017

Probably the easiest way is just make clear that evening business email is frowned upon and in no case will overtime be paid. Do not check company email after 6:00pm and before 7:00am (or whatever hours).

Given all the ways to access email, it is difficult to stop other than turning the Exchange Server off each night (not practical).

Qlemo

12/6/2017

Since in most cases a firewall is between Exchange (resp. the IIS hosting the intranet site for it), that firewall can apply business hour rules on ingress SSL poilcies, cutting off any connection attempt outside of allowed hours.

ASKER CERTIFIED SOLUTION

Tom Cieslik

12/7/2017

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

mbkitmgr

12/7/2017

If this relates to Moble devices (Tablets/Phones) create a powershell script scheduled to run at the required times with

To Block
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $false

Then at the time you need them to regain access

To Reinstate
Set-CASMailbox -Identity<SMTP Address of user> -ActiveSyncEnabled $true

Ironically we were looking for the same thing :). I had posted to a few forums, but checked my Powershell reference - should have RTFM (read the flaming manual) first

mbkitmgr

12/7/2017

And for OWA

To Block
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$False

To Reinstate
Set-CASMailbox –Identity <SMTP Address of user> –OWAEnabled:$True

masnrock

12/7/2017

If your concern is logging into the network at all, then go with Tom's solution. If your concern revolves around only remote logins, then I would look into what your firewall can do in terms of schedule. Some of the only ports that need to remain open all the time such as port 25 in order to prevent the interruption of mail flow. Regardless, you're going to need an enforceable policy (which John named) that requires management and HR backing.

Qlemo

12/21/2017

Tom, my suggestion will not cut off email. I'm explicitly talking about the SSL (HTTPS) ports, and those are not used for sending or receiving mails.
However, it is an all-or-nothing approach, not allowing for detailled setup for specific users - which has not been asked for. If there is no need for exceptions or different business schedules, it is the best solution as being very simple and effortless.
Having said that, I would go with a specific setting as recommended by the other Experts myself - but I like scripting, so have no issues with dynamic aspects and mass processing ;-).

danberry1010

12/21/2017

ASKER

Best solution