Anyway to make it so I can only setup the corporate exchange email if this MDM is installed?
Corporate Outlook Email?
Posted 29 February 2016 - 01:47 PM
I want to be sure I understand the question.
Are you asking if you can configure a single Exchange account and restrict the user from adding any additional email accounts on the device?
Posted 29 February 2016 - 02:11 PM
Not quite, I saw where I can set up Exchange server accounts, but I would need a way to block users form setting it up on their own. I don't want to restrict users from using their personal gmail or yahoo mail.
Posted 29 February 2016 - 03:55 PM
There is not a way via MDM to prevent a user from manually entering ActiveSync settings while also allowing them to make other account modifications (like adding personal email accounts).
Depending on your use case there could be some things you can do on the Exchange server side. Is the goal here to only allow specific users to connect with their mobile devices or are you trying to accomplish something else?
Posted 29 February 2016 - 04:03 PM
I'm looking to prevent users from accessing Activesync. I already have enabled my ok -to-use users in Exchange. I was hoping to lock this down further using this MDM.
I suppose I could create a MDM profile per user, grant them exchange access and what other email they want (gmail, yahoo) and block the email controls. That seems like a lot of work though.
Posted 29 February 2016 - 04:42 PM
Also, the restriction that we are talking about is not just for mail. It prevents the user from changing many of the iOS settings including but not limited to iCloud, iTunes, Messages, and social media accounts. I should also note that the device must be supervised in order to apply this restriction. Putting a device in supervised mode requires a factory reset and is not suitable for BYOD scenarios. https://techlib.barr...vicesupervision
There is a setting in Exchange (I believe Phone & Voice section of Exchange Control Panel) where you can Block or Quarantine mobile devices and then allow the users/devices you want to have access. This also requires some work manually whitelisting, but could be an option.
Posted 29 February 2016 - 04:46 PM
So the device HAS to be factory reset in order to block the mail application?
Posted 29 February 2016 - 04:58 PM
Yes, unless the device is already in the Supervised state.
Posted 29 February 2016 - 04:59 PM
Yikes, then that's out...Well, I do appreciate the information.