Perfect, I think that makes sense now as an architecture. I'm still a little unsure how you'd stop them from using ActiveSync directly assuming that you need to leave ActiveSync enabled, and you have your Exchange facing the Internet for OWA and RPC over HTTPS but I'm assuming there are a few ways such as blocking access to the ActiveSync Virtual Directories other than to the Airwatch IP.
I'll have a word with Airwatch I think - their SaaS solution looks very cheap but I expect there are some costs that aren't listed. ________________________________ From: Bob Fronk [[email protected]] Sent: 09 April 2012 7:57 PM To: NT System Admin Issues Subject: RE: MDM - Tablet/BYOD Yes. (Both are VM) From: Paul Hutchings [mailto:[email protected]] Sent: Monday, April 09, 2012 2:46 PM To: NT System Admin Issues Subject: RE: MDM - Tablet/BYOD Thanks Bob, so the "secure mail gateway" is what, some sort of AirWatch VM or something that the app talks to? ________________________________ From: Bob Fronk [[email protected]] Sent: 09 April 2012 6:30 PM To: NT System Admin Issues Subject: RE: MDM - Tablet/BYOD In my setup, we have a secure mail gateway. If the user removes the AirWatch App, they no longer get email from our server. They cannot bypass this as the secure gateway requires the app. Once we are fully deployed, there will be no other way to get Active Sync as this port will not be open externally and will be blocked / redirected to the secure gateway internally. BF From: Paul Hutchings [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Monday, April 09, 2012 12:29 PM To: NT System Admin Issues Subject: RE: MDM - Tablet/BYOD Bob, how does Airwatch (or any other MDM if anyone reading has any experience) stop people from simply bypassing it and connecting their device directly to your ActiveSync without bothering with the MDP app? Thanks, Paul ________________________________ From: Bob Fronk [[email protected]] Sent: 06 April 2012 3:57 AM To: NT System Admin Issues Subject: RE: MDM - Tablet/BYOD Using Airwatch for IOS devices. No BYOD though. Airwatch supports several OSs. So far, it has been able to do everything we need, save one – Add a proxy to Safari. The settings are there, it just does not work. Hopefully they will fix the bug and this will work soon. BF From: Paul Hutchings [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, April 05, 2012 8:36 AM To: NT System Admin Issues Subject: MDM - Tablet/BYOD Are any of you using a third party MDM such as MaaS/MobileIron/AirWatch with either your company owned or BYOD tablets and phones? I’m about to look at tablets, most likely iPads, with an eye on possible BYOD for mobiles. These days if someone walks through the door with a personal device it’s an Apple with the odd Android or Windows Mobile/Windows Phone device. I can’t easily trial every MDM out there, and right now I don’t even know exactly what policies we’d want to enforce, but I know that ActiveSync can be variable with device support and devices can basically lie/ignore settings in some situations. Thanks, Paul ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
