Blocking devices from connecting directly to Exchange

Version 4

    Environment

    LetMobile 2.6 and above

    Exchange 2010, Exchange 2013, Office 365

     

    Question

    Now that I am enrolled in LetMobile, how can I block users from connecting directly to Exchange?

     

    Answer

    You can set up a Device Access Rule in the Exchange Admin Console in conjunction with an authentication "device type" property in the LetMobile Admin console that will block or quarantine all devices that do not get this property from LetMobile.

     

    NOTE -- The custom device type property from the LetMobile console ONLY gets set during enrollment so it is important to plan ahead to avoid having to re-enroll your devices. You could create this rule ahead of time and then slowly block or quarantine devices as you feel ready to do so.


    Follow these steps to implement this

     

    1. In the LetMobile Admin console go to Security Setting --> Authentication

     

    authent.JPG

     

    2. Scroll down to "other settings" and add a property to replace device type (I.e. LANDESK)

    LANDESK.JPG

    3. Go to the Exchange Admin Center and create a Device Access Rule to allow access for this device type.

    alloweddevices.JPG

    4. In the Exchange Admin Center create a mobile device access setting to block or quarantine all other (unknown) device types. (In this example I chose to quarantine devices)

    blocking.JPG

    Any devices that connects using LetMobile will get this "device type" property and will be allowed to receive emails. Devices that do not use LetMobile, or connect directly to exchange will show up in the quarantined list in the Exchange Center Admin Console.

    blockeddevices.JPG


    Blocked devices will also get the below notification email when trying to access emails from their device. This automated message can easily be customized for your environment.

     

    quarantined.JPG