I think that cert authentication is the easiest way; As you have MobileIron changing to certificate-based authentication will be easier as you have the ability to push out the device profiles. As Clint says, it's a little tricky (I am not a mobileiron expert!) but it's easier than having to manually add the profile to each device.
Steve From: justino garcia [mailto:[email protected]] Sent: 20 March 2012 02:48 To: MS-Exchange Admin Issues Subject: Re: ActiveSync Certificate-Based Authentication: Anyone done this? Any easier way? Every time user password expire we get a ticket while they are on a bussiness trip I can't get I device email.. Please. Help!! Lol On Monday, March 19, 2012, Kleciak, Clint D A7IT <[email protected]<mailto:[email protected]>> wrote: > Justin: > > MobileIron can deploy certs to devices. Individual certs per user will be > tricky. > > > > _______________________________________ > > Clint Kleciak > > Infrastructure Engineer Mgr > Cigna IT > > [email protected]<mailto:[email protected]> > > 1-860-226-1386 > > > > Confidential, unpublished property of CIGNA. Do not duplicate or distribute. > Use and distribution limited solely to authorized personnel. > > (c) Copyright 2011 CIGNA > > > > > ________________________________ > From: justino garcia [[email protected]<mailto:[email protected]>] > Sent: Monday, March 19, 2012 6:36 PM > To: MS-Exchange Admin Issues > Subject: Re: ActiveSync Certificate-Based Authentication: Anyone done this? > > Steve, > > Cool > Do you think with our eMDM, it allow us to deploy the cert? > > Mobile iron? > > Thanks > > > > On Monday, March 19, 2012, Steve Goodman > <[email protected]<mailto:[email protected]>> wrote: >> Hiya, >> >> >> >> Yes, I've done this; basically you need to configure it on Exchange and >> generate certificates for each user, then using the iPhone Configuration >> Utility you can export the certificate as a device profile to the device. >> >> >> >> I don't mean this as a blatant plug but I've got a chapter that covers this >> in my forthcoming book (iPhone and Exchange Server 2010, Business >> Integration and Deployment) which is available from Amazon. Jeff Guillet has >> also written a series of blog posts covering an alternative approach. >> >> >> >> Steve >> >> >> >> From: justino garcia >> [mailto:[email protected]<mailto:[email protected]>] >> Sent: 19 March 2012 19:20 >> To: MS-Exchange Admin Issues >> Subject: ActiveSync Certificate-Based Authentication: Anyone done this? >> >> >> >> I am trying to avoid people having to enter thier password on IOS devices, >> when the password expires. Would >> >> ActiveSync Certificate-Based Authentication, allow Kerberos delgation >> (passthru Authentication, via Active Sync). >> >> I see this document, >> http://technet.microsoft.com/en-us/library/bb508836%28v=exchg.65%29.aspx but >> I don't see any that speaks about IOS devices. >> >> How are people on the list, configuring authentication, for Activesync on >> exchange 2010? >> >> >> Thanks. >> -- >> Justin >> IT-TECH >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to >> [email protected]<mailto:[email protected]> >> with the body: unsubscribe exchangelist >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to >> [email protected]<mailto:[email protected]> >> with the body: unsubscribe exchangelist > > -- > Justin > IT-TECH > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe exchangelist > > ------------------------------------------------------------------------------ > CONFIDENTIALITY NOTICE: If you have received this email in error, > please immediately notify the sender by e-mail at the address shown. > This email transmission may contain confidential information. This > information is intended only for the use of the individual(s) or entity to > whom it is intended even if addressed incorrectly. Please delete it from > your files if you are not the intended recipient. Thank you for your > compliance. Copyright (c) 2012 Cigna > ============================================================================== > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe exchangelist -- Justin IT-TECH --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe exchangelist
