We block ActiveSync externally and use GOOD Technology for iPhones here. We are looking at a BYOD policy here. On Mon, Apr 9, 2012 at 12:36 PM, Bob Fronk <b...@btrfronk.com> wrote:
> The SEG takes the place of your OWA, etc.**** > > ** ** > > ** ** > > ** ** > > *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] > *Sent:* Monday, April 09, 2012 3:08 PM > > *To:* NT System Admin Issues > *Subject:* RE: MDM - Tablet/BYOD**** > > ** ** > > Perfect, I think that makes sense now as an architecture. I'm still a > little unsure how you'd stop them from using ActiveSync directly assuming > that you need to leave ActiveSync enabled, and you have your Exchange > facing the Internet for OWA and RPC over HTTPS but I'm assuming there are a > few ways such as blocking access to the ActiveSync Virtual Directories > other than to the Airwatch IP. **** > > ** ** > > I'll have a word with Airwatch I think - their SaaS solution looks very > cheap but I expect there are some costs that aren't listed.**** > ------------------------------ > > *From:* Bob Fronk [b...@btrfronk.com] > *Sent:* 09 April 2012 7:57 PM > *To:* NT System Admin Issues > *Subject:* RE: MDM - Tablet/BYOD**** > > Yes. (Both are VM)**** > > **** > > *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] > *Sent:* Monday, April 09, 2012 2:46 PM > *To:* NT System Admin Issues > *Subject:* RE: MDM - Tablet/BYOD**** > > **** > > Thanks Bob, so the "secure mail gateway" is what, some sort of AirWatch VM > or something that the app talks to?**** > ------------------------------ > > *From:* Bob Fronk [b...@btrfronk.com] > *Sent:* 09 April 2012 6:30 PM > *To:* NT System Admin Issues > *Subject:* RE: MDM - Tablet/BYOD**** > > In my setup, we have a secure mail gateway. If the user removes the > AirWatch App, they no longer get email from our server. They cannot bypass > this as the secure gateway requires the app.**** > > **** > > Once we are fully deployed, there will be no other way to get Active Sync > as this port will not be open externally and will be blocked / redirected > to the secure gateway internally.**** > > **** > > BF**** > > **** > > *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] > *Sent:* Monday, April 09, 2012 12:29 PM > *To:* NT System Admin Issues > *Subject:* RE: MDM - Tablet/BYOD**** > > **** > > Bob, how does Airwatch (or any other MDM if anyone reading has any > experience) stop people from simply bypassing it and connecting their > device directly to your ActiveSync without bothering with the MDP app? *** > * > > **** > > Thanks,**** > > Paul**** > ------------------------------ > > *From:* Bob Fronk [b...@btrfronk.com] > *Sent:* 06 April 2012 3:57 AM > *To:* NT System Admin Issues > *Subject:* RE: MDM - Tablet/BYOD**** > > Using Airwatch for IOS devices. No BYOD though. Airwatch supports > several OSs. **** > > **** > > So far, it has been able to do everything we need, save one – Add a proxy > to Safari. The settings are there, it just does not work. Hopefully they > will fix the bug and this will work soon.**** > > **** > > BF**** > > **** > > *From:* Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] > *Sent:* Thursday, April 05, 2012 8:36 AM > *To:* NT System Admin Issues > *Subject:* MDM - Tablet/BYOD**** > > **** > > Are any of you using a third party MDM such as MaaS/MobileIron/AirWatch > with either your company owned or BYOD tablets and phones?**** > > **** > > I’m about to look at tablets, most likely iPads, with an eye on possible > BYOD for mobiles. These days if someone walks through the door with a > personal device it’s an Apple with the odd Android or Windows > Mobile/Windows Phone device.**** > > **** > > I can’t easily trial every MDM out there, and right now I don’t even know > *exactly *what policies we’d want to enforce, but I know that ActiveSync > can be variable with device support and devices can basically lie/ignore > settings in some situations.**** > > **** > > Thanks,**** > > Paul**** > ------------------------------ > > *MIRA Ltd***** > > **** > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England**** > > Registered in England and Wales No. 402570**** > > VAT Registration GB 100 1464 84**** > > **** > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. If you receive this e-mail in error, please delete > it and notify us either by e-mail, telephone or fax. You should not copy, > forward or otherwise disclose the content of the e-mail as this is > prohibited.**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin