2

I am doing a desktop application for Mobile Device Management which monitors Exchange Server activities. Specifically, i want to know which devices attempted to connect to Exchange active sync i.e "who had attempted to connect a mobile device to their mailbox". Upon detecting a new device i plan to perform an auto quarantine feature.

My problem is: How can i detect when a device is connected to Exchange through Active Sync in real time?

I am using Visual Studio 2010 and C# as a language.

Yotam Omer
  • 15,310
  • 11
  • 62
  • 65
user1577269
  • 41
  • 7

1 Answers1

0

The only way "real time" will be to have some network hardware inspecting the traffic as they connect. The devices present identifying information so you could use this to pin point devices and tie them to users.

You can also query Exchange for this information via Powershell, and it's not hard to embed this into your application. While not real time, it's incredibly accurate, and you can also fire the quarantine commands in this channel.

djcreedy
  • 210
  • 1
  • 6
  • Thanks djcreedy, I have been trying some Powershell scripts to query exchange but they don't seem to detect when a device connects. Can you point me to some resources where it shows me how to do the task. I have been searching the web, but with no luck. – user1577269 Oct 01 '12 at 11:47
  • You won't be able to get it to detect when they connect live. But you can probably poll at an interval to get the last connect time. – djcreedy Oct 01 '12 at 22:32
  • Actualy you can. You can monitor the IIS logs. There you get the method, user, device id, os-version, etc. – Daro Jan 14 '13 at 14:07
  • All the data you're looking for is the reqests' get-parameters. These can sometimes be in a custom binary format (which in turn is Base64-encoded), though I haven't seen any devices use the latter format. HTTP requests generally look like this: `POST /Microsoft-Server-ActiveSync?User=user@example.com&DeviceId=SERIAL&DeviceType=iPhone&Cmd=FolderSync`, where you want to keep track of `User` and `DeviceId`, which together should uniquely identify a new 'client' in the Exchange server. – Morten Siebuhr May 23 '13 at 11:33