Controlling Activesync Access Exchange 2010 SP1
As smartphone become more and more popular with their ever increasing power to connect to various messaging services, the demand to have email access on phones is greater than ever before. People expect to be connected at all times. The Exchange Activesync technology continues to evolve as a product and it is an integral part of the Exchange 2010 SP1 infrastructure. Knowing how to control and administer Activesynce is crucial if you are an Exchange admin. We want to look at a few areas of administering the Activesync environment and how you can effectively manage user connections, phones, and privileges with Activesync.
There are several built-in tools in Exchange 2010 SP1 that allow administrators to control ActiveSync environments. This includes:
- Controlling the default behavior on accepting EAS connections
- Control which Family of devices as well as models are able to connect to the ActiveSync Service
- Control which users are able to connect via EAS
- Remove devices from a user’s mailbox profile
- Remotely wipe devices from the Exchange console
After logging into Outlook Web Access as an Exchange Administrator, you can “Manage the Organization” from within the Outlook Web Access Options. This menu can be found on the right hand side by pulling down the menu underneath the username…..click See All Options
Then look for the Manage My Organization
After clicking the “My Organization” tab you have access to manage the EAS Access and Policy
Default Exchange ActiveSync Settings – defining what you want the default behavior to be when a device attempts to connect via EAS. This can also be done via the EMS
Set-ActiveSyncOrganizationSettings –DefaultAccessLevel Quarantine –AdminMailRecipients AdminEmailAddress
Device rules allow you to control which Family of phones and models are able to connect via the EAS service. An example of the EMS command also:
New-ActiveSyncDeviceAccessRule –AccessLevel Block –Characteristic DeviceType –QueryString PocketPC
The device Access Rules are really cool because you can specify which types (family, models, etc) are allowed to connect to EAS
Exchange builds a “memory” of phones that have been able to connect via the EAS policy and lists the devices under the “Family” of phones
Same goes for the model of phones….you can choose which models have access.
Removing and wiping a phone is very easy in the Exchange Management Console….simply right click on a user and choose “Manage Mobile Phone”
In the console you can see the agent that has connected to the EAS service. You can choose to “Remove mobile phone partnership” or “Perform a remote wipe to clear mobile phone data”.
Exchange provides really powerful native tools to manage ActiveSync access which is becoming more of a concern for administrators these days. Corporate policies are quickly changing and mandatory accepted devices are already in place for many organizations. System Administrators and Messaging Administrators do well to become familiar with the capabilities of controlling the EAS access and policy and if a particular organization does not have those controls in place now, they are sure to come.