Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 12756 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable access from devices without Sophos App

mmclane

Someone esle setup MDM on our UTM but I have been asked to get this piece working.  I am new to Sophos's MDM solution so please excuse me if I use the wrong term or phrase.  I have only just started to look into the problem.

Basically a user can download the app and install it on the phone/device and connect and everything works great.  They can also not install it and still get access to company email.  We would like to restrict access to the email server to only those devices with the Sophos MDM client.  What is needed to achive that?  We have currently restricted ActiveSync access to a group of users who we know have the client but once they are in the group they can connect other devices.

Thanks for your help.

Matt

:56250


This thread was automatically locked due to age.
  • 0

    Hi Matt,

    in general Sophos Mobile Control provides an EAS Proxy which verifies if a device is compliant and allowed to receive emails via the EAS Proxy. So the server check per device whether it is allowed to connect to your exchange or not.

    Within SMC you can configure compliance rules and based on the compaliance grant or deny email access for devices.

    In these compliance rules you can also configure mandatory apps. So you can configure the Sophos Mobile Control app as a mandatory application and then tick the check box in the "Deny ActiveSync" column for this setting.

    Using this configuration, the Sophos Mobile Control EAS Proxy will only grant email access to those devices which have the Sophos Mobile Control app installed.

    Hope this helps.

    Best regards

    Stefan

    :56300
  • 0

    What keeps someone from pointing thier device directly at the exchange server?

    :56348
  • 0

    OK, so thank you for clueing me into the EAS Proxy.  That has gotten me far this morning.  I think I understand that I need to setup the EAS Proxy and then go into Exchange and point the External Address for Active Sync to it.  This will force all Active Sync connections to use the proxy.  Here are my outstanding questions.

    1. Can I install the EAS Proxy on the exchange server?
    2. We are using a cloud based version of SMC.  The documentation says the EAS proxy needs to have the Sophos Mobile Control database.  How can I get it access to the cloud based server?  
    3.  Will we need to touch everyone's phone to implement the EAS Proxy?
     
    Thanks, 
    Matt
     
    :56350
Unfiltered HTML