Announcement

Collapse
No announcement yet.

Mobile Device Filter - blocking unauthorised phones

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mobile Device Filter - blocking unauthorised phones

    Hi Folks

    In my workplace we are trying to only allow company mobiles to connect to Exchange and with a lot of people now having personal phones capable of syncing with Exchange, we are concerned of potential security issues if they setup their own phones to sync with Exchange.

    Is there anyway to create a whitelist of mobile devices that are allowed to use activesync with Exchange 2003 sp2 and block all others? Even a third party add-in would suffice or would Exchange 2007 be required?

    Thanks

  • #2
    Re: Mobile Device Filter - blocking unauthorised phones

    This might help.....

    http://technet.microsoft.com/en-us/l...EXCHG.65).aspx

    see the sections on

    How to Enable or Disable Outlook Mobile Access at the Organizational Level.
    How to Enable or Disable Outlook Mobile Access at the User Level.


    Cheers
    MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

    Comment


    • #3
      Re: Mobile Device Filter - blocking unauthorised phones

      Hi Fergie

      Thanks for your reply but we already do this so only people who have company mobile phones can sync their phones with Exchange. The problem is when the users with company mobiles also have phones like iPhones and then try and use them to sync their mail with Exchange.

      Is there anyway to allow certain phones to access activesync and then block all others to prevent this?

      Thanks

      Comment


      • #4
        Re: Mobile Device Filter - blocking unauthorised phones

        There is no way of filtering at the device level on Exchange 2003.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Mobile Device Filter - blocking unauthorised phones

          Thanks for your reply, does Exchange 2007 provide this functionality? I've read that you can do it through a feature called "Allow by deviceID", is this correct?

          Thanks

          Comment


          • #6
            Re: Mobile Device Filter - blocking unauthorised phones

            Looks like it does......

            http://technet.microsoft.com/en-us/l.../bb232080.aspx

            MCP 2003, XP, MCP Exchange 2003, Sonicwall CSSA, ITIL V3

            Comment


            • #7
              Re: Mobile Device Filter - blocking unauthorised phones

              It does, but it is after the event.
              Therefore the user has to sync once, then you can set the Device ID value.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Mobile Device Filter - blocking unauthorised phones

                Originally posted by jclegs View Post
                Hi Folks

                In my workplace we are trying to only allow company mobiles to connect to Exchange and with a lot of people now having personal phones capable of syncing with Exchange, we are concerned of potential security issues if they setup their own phones to sync with Exchange.

                Is there anyway to create a whitelist of mobile devices that are allowed to use activesync with Exchange 2003 sp2 and block all others? Even a third party add-in would suffice or would Exchange 2007 be required?

                Thanks
                If you have the mobile admin pack installed for your Exchange you can block devices from there (small web based utility installed in IIS). BUT the device has to have connected first before you can block it. Exchange is arbitrary as to how it views active sync connections. If the account is allowed to syncronise in AD then it can do so with no awareness as to the physical device in question. You can though specify which accounts in AD are allowed to use active sync or not. It would be more practical to allow which ever you accounts you see fit the rights to sync wirelessly with exchange.
                Last edited by scurlaruntings; 10th July 2009, 17:01.

                Comment

                Working...
                X