Exchange

Controlling Activesync Access Exchange 2010 SP1

As smartphone become more and more popular with their ever increasing power to connect to various messaging services, the demand to have email access on phones is greater than ever before.  People expect to be connected at all times.  The Exchange Activesync technology continues to evolve as a product and it is an integral part of the Exchange 2010 SP1 infrastructure.  Knowing how to control and administer Activesynce is crucial if you are an Exchange admin.  We want to look at a few areas of administering the Activesync environment and how you can effectively manage user connections, phones, and privileges with Activesync.

There are several built-in tools in Exchange 2010 SP1 that allow administrators to control ActiveSync environments.  This includes:

  • Controlling the default behavior on accepting EAS connections
  • Control which Family of devices as well as models are able to connect to the ActiveSync Service
  • Control which users are able to connect via EAS
  • Remove devices from a user’s mailbox profile
  • Remotely wipe devices from the Exchange console

After logging into Outlook Web Access as an Exchange Administrator, you can “Manage the Organization” from within the Outlook Web Access Options.  This menu can be found on the right hand side by pulling down the menu underneath the username…..click See All Options

activesync9

Then look for the Manage My Organization

activesync10

After clicking the “My Organization” tab you have access to manage the EAS Access and Policy

activesync3

 

Default Exchange ActiveSync Settings – defining what you want the default behavior to be when a device attempts to connect via EAS.  This can also be done via the EMS

Set-ActiveSyncOrganizationSettings –DefaultAccessLevel Quarantine –AdminMailRecipients AdminEmailAddress

activesync4

Device rules allow you to control which Family of phones and models are able to connect via the EAS service.  An example of the EMS command also:

New-ActiveSyncDeviceAccessRule –AccessLevel Block –Characteristic DeviceType –QueryString PocketPC

activesync5

 

The device Access Rules are really cool because you can specify which types (family, models, etc) are allowed to connect to EAS

activesync8
Exchange builds a “memory” of phones that have been able to connect via the EAS policy and lists the devices under the “Family” of phones

activesync6

Same goes for the model of phones….you can choose which models have access.

activesync7
Removing and wiping a phone is very easy in the Exchange Management Console….simply right click on a user and choose “Manage Mobile Phone”

activesync2

In the console you can see the agent that has connected to the EAS service.  You can choose to “Remove mobile phone partnership” or “Perform a remote wipe to clear mobile phone data”.

activesync1

Final Thoughts

Exchange provides really powerful native tools to manage ActiveSync access which is becoming more of a concern for administrators these days.  Corporate policies are quickly changing and mandatory accepted devices are already in place for many organizations.  System Administrators and Messaging Administrators do well to become familiar with the capabilities of controlling the EAS access and policy and if a particular organization does not have those controls in place now, they are sure to come.

 

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.