|
RadioActiveLamb -> ActiveSync security question (27.Jun.2014 1:04:21 PM)
|
We have OWA secured with 2-factor authentication using a security token (Safeword). ActiveSync requires SSL, but has no security layer before credentials are passed through it. This is a security concern of ours, since it allows anyone to lock-out domain accounts by providing an incorrect password for a domain user account.
I'm curious how others are securing ActiveSync. As I understand it, it uses the same port 443 as OWA, on the same server. How could we block ActiveSync to the public without blocking OWA? We would still need to provide it internally, externally through the VPN and to the DMZ behind the Mobile Iron Sentry. ActiveSync policy is inadequate, since it requires the client to uphold that policy.
Thanks for any advice.
Jeff
|
|
|
|