Exchange 2007 Iphone/ActiveSync (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Mobility



Message


kuay5 -> Exchange 2007 Iphone/ActiveSync (18.Jan.2011 11:12:36 PM)

Hi All, I've been informed to look into implementing the use of iphone/ipad with Exchange 2007. Specifically i have been told to look into the security aspect of it. I am totally clueless about using iphone with Exchange 2007.

My limited knowledge is this, it uses activesync, i need to publish a external URi, i can extend my current CAS cert to the external connections. I can wipe/manage devices via a web portal.

Now, my question:

1) How can i control which mobile device can connect (I know once sync, we can control the allowed device ID). But i want to prevent a device from even connecting if it is not authorized. Probably i can explore stuff and tokens/certs, but i am totally clueless about this, how do i implement a cert control? Personal cert installed manually into the iphone device? How is this managed?




mrflash -> RE: Exchange 2007 Iphone/ActiveSync (1.Feb.2011 4:32:07 AM)

You will be wanting to block non-provisioned devices to start with, which verifies the device can apply the active-sync policies before it allows it to connect.

Some details here: http://msexchangeteam.com/archive/2009/09/22/452592.aspx

There are flaws in the iphone OS though with regards to security:

http://www.informationweek.com/news/personal_tech/iphone/showArticle.jhtml?articleID=210201068

ANd as for only allowing certain devices, you could use the Set-Casmailbox <mailbox> -ActiveSyncAllowedDeviceIds <DeviceID>
on each users mailbox to explicitly allow certain devices.




petasand -> RE: Exchange 2007 Iphone/ActiveSync (11.Mar.2011 7:49:50 AM)

What sort of non-provisioned devices can be started with?




Dream Merchant -> RE: Exchange 2007 Iphone/ActiveSync (26.Mar.2011 8:09:09 AM)

You can disable Exchange ActiveSync (EAS) globally and then allow only devices that you really want too, if EAS is disabled globally noone can connect using Exchange ActiveSync till the time an Administrator allows him that explicit access.

To disable Exchange ActiveSync Globally you can use the following command
get-Mailbox | set-CASMailbox -ActiveSyncEnabled:$False




Page: [1]