How to allow activesync, but block outlook iOS app?
To block that specific mobile app:
New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Block
To quarantine instead:
New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Quarantine
More detailed steps: http://exchangeserverpro.com/block-quarantine-outlook-ios-android-app-exchange-server-office-365/
More about the workings of that app: http://exchangeserverpro.com/outlook-for-ios-and-android/
I hope that helps.
Related videos on Youtube
Dog eat cat world
ACUKP WCKWX BPHXN PVPJR KIUMV ZVUOU PFBWP JGAJQ NHRZI HRJJK VWDCO WSJGW AFQBW BNZIT JJGJV HOFOY TSPSR PWTHV KFSUL XJURZ LWULP CUKDU CFQGW JXXWV UTYWS ZPRBH MMMDE JJBQI OCJZY UWTSE PGGSL YPYUL YYFHX FBLYK UULZS RHAUW ULYCF OOYFH ZFWZX HGVFS YMOMB FUFGX TRXZA KNVBA TAUWH
Updated on September 18, 2022Comments
-
Dog eat cat world over 1 year
An outlook application for iOS has just been released, and it seems like it is welcomed and rejoiced by many newssites:
https://itunes.apple.com/us/app/microsoft-outlook/id951937596?mt=8
There is also a blog article about this application, and the security implications it has. Apparently, everything is siphoned into the cloud, and to achieve this feat, microsoft also has to upload the user credentials to the cloud service.
For many companies (hopefully), the way this application operates is not acceptable for their security policy. Aside from Ross's recommendation (for those who have reverse proxy to filter connections to activesync), and a corporate security policy, are there any technical means that could stop users from synchronizing their corporate exchange to the cloud?
-
schroeder about 9 yearsThis sounds like a really specific Exchange question.
-
Sun about 9 yearsDoes that mean users have to use the iOS Mail app or OWA for iPad :( ?
-
-
schroeder about 9 yearswhile this might be technically correct, can you flesh out the answer at all? it's a little short.
-
Dog eat cat world about 9 yearsHow can I make the exchange server differenciate between a connection originating from a cloud service and from a device?
-
Sun about 9 yearsCloud service likely has the set IP or IP range. Everything not in that range is a device?
-
Paul Cunningham about 9 yearsHard to say. The app seems to interpret an ActiveSync "block" as an auth failure and re-prompts the user for credentials. I guess in theory that would suggest that it doesn't store the creds, since it assumes they are wrong. Removing the account from the app, which the user is also prompted to do when auth fails, should also remove the creds from the cloud service.
-
Paul Cunningham about 9 yearsIf you're concerned about users' creds getting stored I would recommend using a Quarantine action on your rule, getting the alert emails, and then for every user that triggers a quarantine alert you advise them to uninstall the app due to corporate IT policies and also you force a password change for their account.