3

We have the following setup:

  • Exchange 2010 SP3
  • An external IP adress & DNS name for OWA (bound to our Hardware Load Balancer)
  • An external IP adress & DNS name for OAW & Active Sync (bound to our Hardware Load Balancer)
  • Two internal Exchange 2010 SP3 CAS Server
  • A mobile device Management which bring an own ActiveSync access point

Question: How can we ensure that only the Mobile device management (MDM) offer active sync? We couldn´t block access on the 2nd external IP adress as this offer also the needed OAW access.

I currently hope we can somehow reconfigure the activesync virtual directory to implement that.

BastianW
  • 2,848
  • 4
  • 19
  • 34

1 Answers1

-1

It's possible, simply don't put anything in the External URL of ActiveSync. Something among the lines of:

Get-ActiveSyncVirtualDirectory -Server "ExchangeServerName" | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.example.com/Microsoft-Server-ActiveSync -ExternalURL $null
Vick Vega
  • 2,398
  • 16
  • 22
  • That sounds to easy, could it be really so easy? :-) Will that really block the user from using that then or its only "hidden"? – BastianW Mar 19 '15 at 21:13
  • What you saying is that If someone manually will enter the details of the server in the smartphone - it's going to work and user will be able to connect. Yes, I believe that's true. In that case maybe look at limiting who can connect to the ActiveSync endpoint using either local restriction within the Exchange server or using filtering device such as TMG. – Vick Vega Mar 19 '15 at 21:23
  • hm i see ok, then this might not work. The users are very communicative. If they found out it works for one user then they spread it arround :-/ – BastianW Mar 19 '15 at 21:41
  • I suggest you perform a test and see if it's going to work or not. Since the requirement is to block access, switching it on or off will not cause any downtime. Just make sure to allow enough time for the changes to propagate. I would suggest waiting 20-30 minutes between each change. – Vick Vega Mar 19 '15 at 22:06
  • Tested that and it only "hide that" from the user, it didn´t really "disable" that. – BastianW Aug 14 '16 at 20:45