IBM MaaS360

 View Only
  • 1.  Outlook App Configuration - Attribute and Value

    Posted 18 days ago

    Hi,

    I would like to restrict outlook app (on both iOS and Android) platoform for the followings:

     - Only one corporate account with @mycompany.com be allowed to setup and prevent multiple email account added to the outlook app

     - Remove email forwarding

    So far, I tried two manual configuration (for iOS) and neither worked. I'm clueless on the Android side as well.

    com.microsoft.outlook.EmailAllowedAccounts                    @mycompnay.com       or mycompany.com (did not work)

    com.microsoft.outlook.EmailForwardingEnabled                 false                                                                    (did not work)

    Please help!

    Thanks,

    Adam



    ------------------------------
    Adam Afshar
    ------------------------------



  • 2.  RE: Outlook App Configuration - Attribute and Value

    Posted 17 days ago

    Hi Adam

    Just to confirm the basis. You add an app such as Outlook from the Microsoft/Apple/Google stores to the MaaS360 App Catalog, and distribute it to devices. When it is installed based on this, the app becomes managed and the configurations you push will take effect. 

    The app config that you can use is documented as a general approach here: https://www.ibm.com/docs/en/maas360?topic=configurations-creating-app-configuration

    Microsoft's documentation includes an initial reference to their equivalent product, ignoring this you will find the AppConfig recommendations for Outlook further down: 

    https://techcommunity.microsoft.com/t5/intune-customer-success/new-outlook-for-ios-and-android-app-configuration-policy/ba-p/370481

    Best regards



    ------------------------------
    Eamonn O'Mahony
    Client Success Manager
    IBM Security
    Dublin
    ------------------------------



  • 3.  RE: Outlook App Configuration - Attribute and Value

    Posted 10 days ago

    Hi Eamonn,

    Thanks for the response however I checked both links before and neither will give me the specific restriction I needed for the outlook app (iOS or Android). The security risk identified by our cyber party is a scenario where users tries to setup their personal email account under outlook app as a second email and able to forward content by changing the from field. The MaaS360 link does not have any specific on the configuration values and I googled alot to find a similar situation without any luck. I will appreciate your further advice for this matter.

    Thanks,

    Adam



    ------------------------------
    Adam Afshar
    ------------------------------



  • 4.  RE: Outlook App Configuration - Attribute and Value

    IBM Champion
    Posted 10 days ago

    There are settings at Exchange to address this.

     

    Thanks,

     

    Mitch Lauer

    Sr. Management Consultant

    connecTel  Wireless              

    216-970-6981 | Cell-US           416-801-3127 | Cell-Canada  

    412-339-5775 | Help Desk      412-339-5765 | Direct Dial

     






  • 5.  RE: Outlook App Configuration - Attribute and Value

    Posted 10 days ago

    Hi Mitch,

    Thanks for the response. Could you please provide the technical specifics for that please? Ideally I would like to stop activesync and use outlook for mobile devices. However, I would not sure if that ActiveSync blocking will affect outlook desktop app. Would it?

    Thanks again,

    Adam



    ------------------------------
    Adam Afshar
    ------------------------------



  • 6.  RE: Outlook App Configuration - Attribute and Value

    IBM Champion
    Posted 10 days ago

    So the Setting at exchange relates to active sync connections coming from the Outlook mobile app.  You will need to get these from your IT vendor.  This won't affect the use of the Outlook app on computers which is using the SMTP protocol for mail if using the desktop app or the web version which is using https. 

     

    My recommendation for best practice is to continue to use native email apps on the devices using Active Sync and block Outlook completely.  On iOS this will facilitate selective wipe and also allow you to prevent backups to iCloud. Using either a Work Profile or Device owner enrollment on an Android device in combination with native email, contacts etc. is much better and more secure.   

     

    Further you will know succinctly who is attempting to connect to your Exchange environment.   

     

    Depending on how granular your security requirements are you may also want to look at Cloud Extender.  This provides more visibility into Active Sync connections to Exchange and provides some very significant levels of additional control. 

     

    Thanks,

     

    Mitch Lauer

    Sr. Management Consultant

    connecTel  Wireless              

    216-970-6981 | Cell-US           416-801-3127 | Cell-Canada  

    412-339-5775 | Help Desk      412-339-5765 | Direct Dial

     






  • 7.  RE: Outlook App Configuration - Attribute and Value

    Posted 9 days ago

    Hi Adam

    Cloud Extender is MaaS360's OnPremise appliance which can do the job you need. 

    It is installed on a Windows VM or server and requires administrator rights to the Exchange platform. 

    On the basis of PowerShell scripts it uses the AutoQuarantine function on Exchange to control who can access mail. 

    Then you can use Compliance rules so that only devices enrolled in Maas360 can access mail, and if they are not enrolled the mail synch is blocked even if it was already working. 

    Documentation below. The following assumptions / conditions are valid: 

    • You need the necessary admin rights to Exchange, and Cloud Extender 'takes over' these rights. 
    • Cloud Extender is installed on a Windows server with 2016 or later version. 
    • Depending on the number of devices - for example for greater than 1000 devices connected to Exchange to be controlled - you may need extra Cloud Extender servers
    • The support applies equally for OnPremise Exchange as for Office365
    • If you want to control Windows PC's they would need to be enrolled into MaaS360 as well 

    https://www.ibm.com/docs/en/maas360?topic=modules-exchange-module

    Hope this helps. 



    ------------------------------
    Eamonn O'Mahony
    Client Success Manager
    IBM Security
    Dublin
    ------------------------------



  • 8.  RE: Outlook App Configuration - Attribute and Value

    IBM Champion
    Posted 17 days ago

    The outlook app uses a different protocol to communicate with Exchange compared with the native email app using ActiveSync.   Blocking the app's use is configured at Exchange. 

     

    MaaS360 installs using Cloud Extender will show the actual Outlook user record.  If Cloud extender is configured to do so,  you can quarantine the email account in this record. 

     

    Thanks,

     

    Mitch Lauer

    Sr. Management Consultant

    connecTel  Wireless              

    216-970-6981 | Cell-US           416-801-3127 | Cell-Canada  

    412-339-5775 | Help Desk      412-339-5765 | Direct Dial