standalone EAS Proxy - HAFNUM hardening


We have setup a standalone EAS Peoxy for Ms ActiveSync to Exchange. 

Next step would be to use the Sophos Mobile Secure E-mail cliënt to only allow known Sophos Secure E-mail Clients. But configuring Mobile MDM is not that straight forward. 

Is the standalone EAS Proxy in itself a secure solution over direct Ms ActiveSync to Exchange? Or is it just an open pass tru also exposing the Exchange vulnerabilities? 

regards,

Fred