IBM Security MaaS360

 View Only

  • 1.  AD Enrollemt

    Posted Thu March 12, 2020 02:08 PM
    Hi Guys,

    Got any ideas?

    Have any of you ever had this experience?

    How can you prevent ActiveSync approvals for non-enrolled devices without using the auto-quarantine function. For example, is there a check box in the admin settings that lets us disable the Exchange ActiveSync 'Approve' button when the device status is not 'Enrolled'.

    Many thanks,

    Jim

    ------------------------------
    JAMES DALY
    ------------------------------


  • 2.  RE: AD Enrollemt

    Posted Thu March 12, 2020 02:35 PM
    we are using Maas360 Email and have a compliance rule with a device group where my rule says block every active sync record which not contains mdmxx



    -------- Ursprüngliche Nachricht --------



    Original Message


  • 3.  RE: AD Enrollemt

    Posted Thu March 12, 2020 04:11 PM

    Compliance rules do allow for blocking devices that are in a "Not Enrolled" state.  This can be leveraged in lieu of auto quarantine, the downside here being that since it's via our systems and not a rule on the mail server side, there would be a brief period where users will have access to the mailbox before it is blocked.

    I would also leverage our admin roles to make sure that only people with a certain access level can see the "approve" option.



    ------------------------------
    Matt Shaver
    System Architect
    IBM
    mshaver@us.ibm.com
    ------------------------------

    Original Message


  • 4.  RE: AD Enrollemt

    IBM Champion
    Posted Fri March 13, 2020 09:21 AM

    Have you set up Cloud Extender?

     

     

     

    Mitch Lauer

    connecTel  Wireless  

    159 Perry Highway, Suite 200

    Pittsburgh, PA 15229

    216-970-6981 | Cell

    412-339-5775 | Help Desk

    412-339-5765 | Direct Dial

     




    Original Message