As we move towards McAfee EMM as a company we have an obstacle of preventing users from bypassing McAfee and going straight through with Active Sync. What are other companies doing to prevent this?
Doesnt EMM create an active sync account when it is creates the relationship between the EMM hub and the Exchange Client Access Server.
Emm acts as a proxy between EAS and the Internet. It replaces what would be an internet facing MS TMG server that hopefuly sits between your exchange server and the Internet.
The two options that I see working well are either 1) pick a day to cut off access to EAS from the Internet. Send out directions on how to set up EMM On devices and notify users that it should be done before the cut date. 2) this requires a lot more work on your end but you can get people on emm individually and then shut off EAS on their mailbox in exchange mmc as you go.
When I disable Active Sync on Exchange I get a pop up for Exchange. Does anyone have a solution for this? I want to disable active sync and use EMM
You cannot disbale activesync and use EMM. EMM acts as a compliance proxy (ensures that your devices are complient before allowing the passing af data) between the devices and the active sync server. In otherwords mcafee uses active synce to pass PIM (email/contact/calendar) data between exchange and the devices. This ensures that noone has direct access to the activesync server but rather need to go through emm to access activesync.
Please see section 1 of the install guide available here for more info: https://kc.mcafee.com/corporate/index?page=content&id=KB74172&actp=LIST_RECENT
Thanks for the reply I really appreciate your input. If you cant disable Active Sync and an oraganization has external OWA (Outlook Web Access) then people can bypass McAfee by using the OWA URL and ISA. Have you any experience with this?
Yes. Either put owa and activesync on different servers or block activesync at the firewall. You may be able to do something with a transport rule or the likes. You could even use windows firewall to block activesync traffic from all but internal addresses.
What version of exchange are you using? How many exchange servers? What roles on which servers and where do they sit on your network? What version of windows?Message was edited by: mat.kordell on 5/3/12 10:45:01 AM CDT
Exchange 2k7 3 servers (Hub/Store/CAS) all Exchange servers sit interanl with a TMG (ISA) for OWA and McAfee Proxy for iPhone.