Force usage of Sophos Secure Email App to Access Office 365 Mailbox

Hello,

we want to prevent our users from accessing their business mailboxes on private devices using the built-in or any other mail application. Instead, we want to force them to use only the Sophos Secure Email App. This way, mails and contacts are secured in a container and cannot be transferred to, for example, a private WhatsApp contact list.

As i understand the EAS proxy, this can be done for on-premise Exchange servers. The Exchange server is hidden behind the firewall, and all ActiveSync traffic is routed through the EAS proxy. Only the Secure Email App is allowed as a client.

How can this be achieved for Office 365 mailboxes ?

When using the EAS proxy with the Office 365 Powershell instance type, i can allow or block certain devices, but can i also block apps (except the Secure Email App) ?

As soon as a device is compliant, every ActiveSync connection from this device will be allowed.

Perhaps, the Secure Email App has a special ActiveSync-ID so Office 365 can differentiate ?

Has anyone else this use case ?

PS: we are using Sophos Central

Thank you and regards

Bodo

 

  • Hi  

    Once you check the box "Restrict to Sophos Secure Email", It will only allow Sophos Secure email app(For Android and iOS) to access the emails. For more information regarding the EAS proxy with Office 365, please check this article. Let us know if this helps. 

  • In reply to Shweta:

    Hello,

    for those who are interested: the Sophos Secure E-Mail App has a separate ActiveSync ID than the iOS-Native-App. You can see all ActiveSync IDs it in the mailbox properties of the Exchange mailbox (Mobile Access Details). The EAS Proxy (type "Powershell") correctly disables all other ActiveSync IDs in the mailbox.

    I had to manually activate Basic Authentication for the Powershell Virtual Directory in Exchange for this to work.

    I have tested this with an On-Premise-Exchange but i think it will work for Office 365 as well.

    Regards

    Bodo

  • In reply to Bodo Schenk:

    Hi  

    Thank you for sharing the detailed steps to resolve this issue. Feel free to contact us for any further concerns. 

  • In reply to Shweta:

    Thanks Shweta for your response! I have been searching for such an informative post for many days and it seems my search just ended here. Good work. Keep posting. This Article is Awesome. It's helped me a lot. Sir, Please keep up your good work. We always with you and Waiting for your new interesting articles. BRB

  • In reply to Isabella Jason:

    Exchange Hybrid, when configured properly, can provide almost seamless coexistence between Exchange Online and your on-premises Exchange environment. Part of this concept is that while you technically have two separate Exchange organizations myprepaidcenter balance