0

I have an unknown ActiveSync device attempting to authenticate against an account and locking it out repeatedly. I would like to set a rule which prevents this particular DeviceID from attempting to log in but do not know if that is possible.

IP address has changed a few times so I don't think I can block it in that fashion.

Any ways to prevent this? I've even disabled activesync on that mailbox/user but it still allows authentication attempts to fail.

Abraxas
  • 1,229
  • 1
  • 16
  • 25

1 Answers1

2

Set ActiveSync to quarantine. That will stop it from synchronising. Then get the user to find the device they are obviously no longer using and remove their account.

A more evil answer would be to change the password back to what it was in the past, so the device is able to successfully sync, then send a wipe command.

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • So my concern is that they will not find the device - they refuse to acknowledge it even exists. I was able to go in to the IIS logs and find the DeviceID, User-Agent, etc. of the device but can't find a way to enforce a block on that. If I had the mac address, this would be easy lol – Abraxas Oct 17 '16 at 19:50