06-18-2012 11:12 AM
Hi All. It appears that Mobile Fusion does most of everything that I expected it to do. One question though....If I were a savvy end user, what would be in place to stop me from simply setting up ActiveSync directly to the Exchange Server and bypassing MobileFusion altogether? Suggestions?
thank you in advance.
I'm rockin the BlackBerry PRIV, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700
06-19-2012 02:35 PM
I ave this issue now with Exchange 2003.
Not much we can do until we get on 2010 which can filter out devices you dont want on it.
I also dont let SSL certs out, no cert no email. we had an emergency need on a ithing and that profile was distributed to everyone.
going to be fun when they have to use a new cert with 2010 and they can just add what they want.
BESAdmin's, please make a signature with your BES environment info.
BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V
07-05-2012 06:17 PM
Could you please ellaborate on this.
I have Exchange 2007 installed. Activesync enable for Playbooks, ios and andriod devices.
If I change EAS to certificate based, how does it know which certificate is valid?
07-10-2012 11:55 AM
I have the same issue with Exchange 2007 and activesync. How can you prevent the clients from going around UDS and activating with ActiveSync directly? Still searching for a solution
07-10-2012 01:45 PM
unfortunately I came to the conclusion that there's absolutely no easy way to do this with Exchange 2007 and UDS. The solution is that I've had to replace my plans for implementing Mobile Fusion and gone instead with a competitor. This competitor can be set to auto quarantine new devices (ie block further access to the Exchange server until an administrator approves the device).
I hope this is helpful to someone.
07-26-2012 12:30 AM
I meant to post a reply to this a while back, but have been tied up with work.
You can stop a user from using EAS by configuring the Exchange features on the user in AD. There will be an option to enable/disable Outlook Mobile Access'
07-31-2012 03:03 PM
Yes you can prevent a user from accessing EAS - but the point is to prevent a non -authorized device ----
perhaps a certificate based authentication would work - and then push certificate via UDS - but .... if user removes device from uds - they would keep the cert by default I believe ?
07-31-2012 03:23 PM
exactly. Thanks for clarifying that for everyone Rebootin.
EAS is either on or off. Mobile Fusion requires that it be set to on to allow the deployed profile to work (the profile simply tells your device where to go to get mail), This won't stop anybody from adding as many devices as they want to with a direct connect to the Exchange Server. Apple devices for instance will ask you if you want to set up your new iPad like your iPhone which leads to the Exchange specific settngs being input into the new device (minus the device being enrolled with mobilefusion).
I haven't looked into controlling this via certificates, generally because there is already a competing solution that takes care of this for me. If anyone is interested, they can PM me for more details.
08-01-2012 02:11 AM
All user in our AD have Outlook Mobile access disabled.
Only users who are in our UDS have it enabled.
That, in conjunction with certfifcate based authentication via our UDS locks the access down to only endorsed users.