0

Here is the setup:

Parent Company parentcompany.com

Child Company childcompany.com

Currently childcompany.com is a trusted domain with parentcompany.com. childcompany.com uses parentcompany's exchange server for email.

Childcompany is trying to implement a MDM email solution, that would require email to go through a secure email gateway (proxy). This would make sure you could not just configure your phone with your credentials and get around using the MDM email application.

MDM company has suggested setting up exchange to only allow active sync connections from a certain IP. (ie the secure email gateway)

However, parentcompany.com is not ready for MDM. They have way more users and its not in the budget. So parentcompany can't just across the board only allow active sync communication from the secure email gateway. Is there a way to filter ActiveSync communicatons by domain name instead of IP?

Any help would be appreciated.

Improve this question

1 Answer 1

Reset to default
0

Your best option here is to quarantine every ActiveSync connection (presuming Exchange 2010 or higher - version information is always helpful). There are scripts which can approve all existing devices, so only new ones are connected. Then build rules to allow the connection.

Simon.

Improve this answer
4
  • Sorry about that. Yes it is Exchange 2013. The thing is, I only want to quarantine or restrict access for clients connecting tochildcompany mail server ip or domain. I do not want to quarantine machines connecting to parentcompany ip or connecting to parent company domain.
    – lasmith
    Jan 5, 2016 at 1:21
  • That isn't really going to be possible. Exchange doesn't care about the email address. The ActiveSync quarantine is all about the device, not the user, so you can put in an exemption based on the user, and on the device. However you cannot do anything at a wider group level.
    – Sembee
    Jan 5, 2016 at 14:46
  • So I can't quarantine users who try to connect to say mail.childcompany.com and not quarantine users who connect to mail.parentcompany.com? Each would have a different outside routable IP.
    – lasmith
    Jan 6, 2016 at 23:25
  • No. Quarantine all or nothing. A lot of MDM products are able to manage the quarantine for you - so you set the server to quarantine everything, but the act of adding the user to the MDM product means when the user connects, the MDM product clears the quarantine for you.
    – Sembee
    Jan 7, 2016 at 9:48

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .