1

We're trying to tighten security, and block users from accessing our mail server without having the proper MDM on their phones. With programs like Aqua Mail and CloudMagic, it seems like they go around ActiveSync settings and don't show up as phones, yet still pull mail.

Is there a way to find and block specific devices accessing exchange using non ActiveSync routes?

Joseph
  • 293
  • 2
  • 7
  • 14
  • Have you disabled POP and IMAP access? Do you want to cut off access through Outlook Anywhere and OWA too? – Rex Feb 21 '14 at 20:23
  • We just want to make sure devices can only access with clients that support remote wipe. Webmail is fine. – Joseph Feb 21 '14 at 20:27
  • So, again - have you disabled POP and IMAP? Those are usually the other ways most mobile device applications will use check mail. I have seem some weird apps that will basically screenscrape OWA as well though. Plus, a smartphone user could get their email directly through OWA on the browser on their phone - so unless you disable everything outside at the expense of functionality, you may not get everything. – Rex Feb 21 '14 at 20:29
  • I'm pretty sure we have a couple admin apps on the outside that use IMAP. So we're iffy to disable systemwide. For the user we found using AquaMail, we disabled IMAP and POP. What about blocking specific user agents or devices? – Joseph Feb 21 '14 at 20:31

3 Answers3

1

Came across this while searching to do the same - you can use the EWS Access policies, good article here:

http://blogs.technet.com/b/matabra/archive/2012/08/23/block-mobile-apps-that-use-exchange-web-services.aspx

CraigMcK
  • 11
  • 1
0

AquaMail and the like connect using IMAP and EWS.

For IMAP, disable it for all users except for the ones that truly need it. If all users need IMAP for a specific service, then you should create firewall rules that only allow access for that service.

You won't be able to block access to EWS (or apps that just scrape OWA) without also blocking access to OWA. Alternatively, put OWA behind two-factor authentication using TMG or something similar. That will make using the mail app too difficult.

longneck
  • 23,082
  • 4
  • 52
  • 86
-1

Please use Device Access Rules to either block or Quarantine devices. This blog has information on how to block unknown devices as well.

https://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx

Homebrew Hops
  • 182
  • 3