This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Force usage of Sophos Secure Email App to Access Office 365 Mailbox

Hello,

we want to prevent our users from accessing their business mailboxes on private devices using the built-in or any other mail application. Instead, we want to force them to use only the Sophos Secure Email App. This way, mails and contacts are secured in a container and cannot be transferred to, for example, a private WhatsApp contact list.

As i understand the EAS proxy, this can be done for on-premise Exchange servers. The Exchange server is hidden behind the firewall, and all ActiveSync traffic is routed through the EAS proxy. Only the Secure Email App is allowed as a client.

How can this be achieved for Office 365 mailboxes ?

When using the EAS proxy with the Office 365 Powershell instance type, i can allow or block certain devices, but can i also block apps (except the Secure Email App) ?

As soon as a device is compliant, every ActiveSync connection from this device will be allowed.

Perhaps, the Secure Email App has a special ActiveSync-ID so Office 365 can differentiate ?

Has anyone else this use case ?

PS: we are using Sophos Central

Thank you and regards

Bodo

 



This thread was automatically locked due to age.
Parents
  • Hi  

    Once you check the box "Restrict to Sophos Secure Email", It will only allow Sophos Secure email app(For Android and iOS) to access the emails. For more information regarding the EAS proxy with Office 365, please check this article. Let us know if this helps. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Hello,

    for those who are interested: the Sophos Secure E-Mail App has a separate ActiveSync ID than the iOS-Native-App. You can see all ActiveSync IDs it in the mailbox properties of the Exchange mailbox (Mobile Access Details). The EAS Proxy (type "Powershell") correctly disables all other ActiveSync IDs in the mailbox.

    I had to manually activate Basic Authentication for the Powershell Virtual Directory in Exchange for this to work.

    I have tested this with an On-Premise-Exchange but i think it will work for Office 365 as well.

    Regards

    Bodo

Reply
  • Hello,

    for those who are interested: the Sophos Secure E-Mail App has a separate ActiveSync ID than the iOS-Native-App. You can see all ActiveSync IDs it in the mailbox properties of the Exchange mailbox (Mobile Access Details). The EAS Proxy (type "Powershell") correctly disables all other ActiveSync IDs in the mailbox.

    I had to manually activate Basic Authentication for the Powershell Virtual Directory in Exchange for this to work.

    I have tested this with an On-Premise-Exchange but i think it will work for Office 365 as well.

    Regards

    Bodo

Children