How can I lock down access to Exchange mailboxes to force users to go through the K3000 appliance only?
Hello all,
I have been trialling the K3000 appliance and have been able to work it out faily well, creating and uploading custom profiles, etc.
My question to all is if there is anyway to lock down access to the Exchange mail server so that the exchange users are forced to go through the K3000 appliance ONLY? wondering if there perhaps is any case studies done on this that may serve as a guide?
As we all know, it only takes the user knowing the the OWA url and there is really nothing stopping them from manually adding their mailbox to however many smart devices they wish. I want to be able to lock this down so that we can let users acces their mailboxes on their smart devices ONLY if they go through the K3000 enrollment first.
Any advice on this would be greatly appreaciated, thank you!
-
This is a really important question that should be addressed that I don't believe the admin guide goes over. How do we prevent any other device from being able to connect? I will imagine many others will want to know how to do this as well. - matthewk24 10 years ago
Answers (1)
Hello
If you want to completely lock down exchange active sync access to particular users, you can require exchange activesync to require a client certificate, and in that case, you would use the apple iphone configuration utility to sync down the certificates that are required for using a profile. You can import the profile that you created with those certificates using the K3000 and then sync that down to the device. When you remove the profile from the device by doing an enterprise wipe, people will no longer be able to “manually” enter exchange active sync credentials and get access to the exchange server. They will also need a certificate and they won’t have it on their device because the profile with it has been removed.
