• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2007 Iphone/ActiveSync

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> Mobility >> Exchange 2007 Iphone/ActiveSync Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2007 Iphone/ActiveSync - 18.Jan.2011 11:12:36 PM   
kuay5

 

Posts: 3
Joined: 12.Feb.2009
Status: offline
Hi All, I've been informed to look into implementing the use of iphone/ipad with Exchange 2007. Specifically i have been told to look into the security aspect of it. I am totally clueless about using iphone with Exchange 2007.

My limited knowledge is this, it uses activesync, i need to publish a external URi, i can extend my current CAS cert to the external connections. I can wipe/manage devices via a web portal.

Now, my question:

1) How can i control which mobile device can connect (I know once sync, we can control the allowed device ID). But i want to prevent a device from even connecting if it is not authorized. Probably i can explore stuff and tokens/certs, but i am totally clueless about this, how do i implement a cert control? Personal cert installed manually into the iphone device? How is this managed?
Post #: 1
RE: Exchange 2007 Iphone/ActiveSync - 1.Feb.2011 4:32:07 AM   
mrflash

 

Posts: 47
Joined: 24.Jun.2009
Status: offline
You will be wanting to block non-provisioned devices to start with, which verifies the device can apply the active-sync policies before it allows it to connect.

Some details here: http://msexchangeteam.com/archive/2009/09/22/452592.aspx

There are flaws in the iphone OS though with regards to security:

http://www.informationweek.com/news/personal_tech/iphone/showArticle.jhtml?articleID=210201068

ANd as for only allowing certain devices, you could use the Set-Casmailbox <mailbox> -ActiveSyncAllowedDeviceIds <DeviceID>
on each users mailbox to explicitly allow certain devices.

(in reply to kuay5)
Post #: 2
RE: Exchange 2007 Iphone/ActiveSync - 11.Mar.2011 7:49:50 AM   
petasand

 

Posts: 8
Joined: 11.Mar.2011
Status: offline
What sort of non-provisioned devices can be started with?

_____________________________

San Diego Chiropractor

(in reply to mrflash)
Post #: 3
RE: Exchange 2007 Iphone/ActiveSync - 26.Mar.2011 8:09:09 AM   
Dream Merchant

 

Posts: 20
Joined: 8.Jun.2009
Status: offline
You can disable Exchange ActiveSync (EAS) globally and then allow only devices that you really want too, if EAS is disabled globally noone can connect using Exchange ActiveSync till the time an Administrator allows him that explicit access.

To disable Exchange ActiveSync Globally you can use the following command
get-Mailbox | set-CASMailbox -ActiveSyncEnabled:$False

(in reply to kuay5)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> Mobility >> Exchange 2007 Iphone/ActiveSync Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter