Prevent users from accessing Exchange online from non ActiveSync Device
I will try and make this question as clear as I can-
We recently switched from an on-prem Exchange to Exchange online. Previously, the only three ways of accessing our email was VPN, ActiveSync and webmail. However, it now appears that any user can use any device that accepts an Exchange email account and
start getting their emails. I understand this is the idea of cloud email, but as a HIPAA organization, this presents a serious security risk. My question is this-how can I track how users access email? I know I can limit things based on IP(http://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx),
but then it would work if they had a VPN connection and we allow certain users to access our servers using their home PC if they use a VPN connection. But now they do not need that.
Is there any way to track what devices and users are accessing our hosted Exchange environment, or is this just the nature of hosted email?
Hi Dkurz8814,
using Office 365 / Exchange Online you are able to limit access to the Mailbox to OWA and ActiveSync only.
1. Please logon as an Administrator to the Office365 Admin Center and choose "Users" -> "Active Users".
2. Now click on your user and view the users properties. Choose more from the menu on the left.
3. Now choose "Edit Exchange Settings", and choose "Mailbox functions" on the left.
Now you find some Settings how to access to your mailbox. Disable POP3, IMAP, MAPI, .... so you can get the desired result. On that page you can also check for connected devices via ActiveSync.
You may also use the set-casmailbox to do the same
http://technet.microsoft.com/de-de/library/bb125264(v=exchg.150).aspx in case you need a more automatic tool.
Please let me know if that answered your question.
Regards,
Martin
Similar Messages
-
I have a friend who runs a small company with approximately 10 users. They are currently using Small Business Server 2003 and are using Exchange 2003 to a limited degree. They are using POP accounts with a hosting company for external email and
are using Exchange for internal email and calendar sharing. They have several different versions of Outlook including 2003, 2007, and 2010. Most of the users have two mail accounts configured in Outlook - one Exchange account and one account with a hosting
company which provides POP mail boxes. Their MX record currently points to the hosting company not their exchange server. As far as I know, they do not have any static IP addresses or if they do, they are not using them.
I do not believe Outlook versions about 2010 will work with Exchange 2003 and their server is getting older and probably needs an upgrade.
I think they should probably move to Exchange Online since they do not have an IT person on staff.
I've done some research and it looks like the recommended solution is a cut-over migration from Exchange 2003 but it looks like that would require some changes to the existing SBS 2003 / Exchange 2003 server and I'm not sure that we would be comfortable
making those changes.
Would it be possible to sign-up and create the user accounts using Exchange Online and just import the data from the user's PST files?
I tried doing some research it looks like it is possible but one post mentioned needing to modify the mailbox’s legencyDN or they may not be able to reply to old messages. How difficult is that? Can it be done after the messages have been migrated
to Exchange Online.
They only have about 10 users so we are looking for the simplest way to move to Exchange Online, not necessarily the fastest or most efficient.
Any advice would be greatly appreciated.Hi,
Based on your description, I understand that you want to migrate Exchange 2003 Public Folders to Exchange Online. We can get following messages from this article:
Public Folders in Exchange Online
You can’t migrate public folders directly from Exchange 2003. If you’re running Exchange 2003 in your organization,
you must move all public folder databases and replicas to Exchange 2007 SP3 RU10 or later. No public folder replicas can remain on Exchange 2003.
It seems that can’t migrate on-premise Exchange 2003 public folders to an Office 365.
àOn the client
side we are using Exchange 2007
Did you mean Outlook 2007? Please refer to the following thread and check if can help you.
Migrating Exchange 2003 Public Folders to
Wave 15 Office 365
Hope this helps.
Best regards,
Justin Gu -
Migrate exchange 2003 to exchange online from EAC.
Hi,
I have to migrate my local exchange 2003 to my new exchange online from office365.
I have to make a Cuteover migrate (complete migrate .... sorry for my english). I understand i have to use a batch to import my on-premise exchange to exchange 365. My question is : does the batch do a "cut-paste" or a "copy-paste" of
my local data to online data ? do i will lost all local user mailbox data(mail contact calendar) ?
Thanks you
JulienHi, first of all let me tell that the process from the ECP will create a single batch job for cutover migration, secondly, the process will consist of migrating Exchange mailboxes, contacts and Distribution Groups but the source content will remain as is
not a cut/paste operation.
If you want more info about the process I recommend you to read the following:
http://technet.microsoft.com/en-us/library/jj874016(v=exchg.150).aspx
Alberto Pascual MVP-MCSA-MCITP-MCTS-MCP-O365MS-MCC http://blogs.itpro.es/guruxp -
How can I transfer music from my iphone to other non apple devices
How can I transfer music from my iphone to other non apple devices ?
If this is music purchased through the iTunes Music Store, you would need to transfer the music to your computer using iTunes then transfer to the non-apple device according to the manufacturer's instructions.
-
How do i dissable a Windows XP user acount from accessing games online?
I'm trying to create a study user for my brother. I want to disable games so he just doesn't play online. I created a whole new Windows XP account and disabled as much games possible on the computer.
Try posting in the Boot Camp Forum and the Windows Compatibility Forum. The users over there should be able to help you keep your window enviroment clean & healthy.
Message was edited by: CMCSK -
I want to Fill a drop down with Outlook Meeting of Current log-in user in SharePoint 2013 web part for default credentials I am using the following code
ExchangeServiceBinding binding = new ExchangeServiceBinding();
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
binding.RequestServerVersionValue = new RequestServerVersion();
binding.RequestServerVersionValue.Version = ExchangeVersionType.Exchange2010_SP2;
binding.PreAuthenticate = true;
binding.UseDefaultCredentials = true;
binding.Credentials = CredentialCache.DefaultCredentials ;
string server = "https://*********/ews/Exchange.asmx";
binding.Url = server;
I Am Getting the Error "The request failed with HTTP status 401: Unauthorized."
but when I Replace the line
binding.Credentials = CredentialCache.DefaultCredentials ;
with
binding.Credentials = new NetworkCredential(userName, password, domain);
Its run fine. Is there any way I could able to use default credential.
Hi,
As this question is more relate to Exchange development, I suggest you post it to the corresponding forum, you will get more help and confirmed answers from there.
http://social.msdn.microsoft.com/Forums/office/en-US/home?category=exchangeserver
Best regards
Patrick Liang
TechNet Community Support -
Any option to access Exchange 2003 from OS X Lion?
Besides installing VMWare Fusion and running Outlook 2002 inside a VM (i.e., feel the pain), is there any native e-mail client on OS X 10.7 that can access an Exchange 2003 server ? I get the feeling that I'm stuck with this only one option. Apple Mail requires Exchange 2007 SP1 or later.
Thanks.
ChrisI know that every OS has a limit as to which Safari version can be installed, but before reinstalling Lion I was running Safari 6.x and I know I never upgraded to Mountain Lion, which means that Safari 6+ actually can be run on Lion.
Although it's definitely possible that Apple has changed that recently, so don't hold me to it. -
Cannot access exchange attribute from java
I have tried to access pwdLastSet attribute for a particular staff inside the Active Directory 2008, works fine. However when I try to access msDS-UserPasswordExpiryTimeComputed I get null pointer exception. The value associated with this attribute is available. Infact I am getting error for all msxxxx fields. I am unable to understand why I cannot, access these attributes.
Attribute attr=attrs.get("pwdLastSet"); ---> works fine
//Attribute attr=attrs.get("msDS-PrincipalName"); ---> throws an exception.
Would appreciate help to resolve my problem.//Attribute attr=attrs.get("msDS-PrincipalName"); ---> throws an exception.If that throws a NullPointerException it can only be because attrs is null. Or else you need to post the stack trace here.
-
When typing an iMessage from a Mac or other non iPhone device how do you get a subject field?
From the iPhone there is now an option to add a subject field to your iMessages. This can be nice but what about doing it from the MAC or other device. Also how do you insert a line break (which I'm told is alt/option enter) from an iPhone. Sorry two questions in one.
Hi,
The Messages app on the Mac has no means of indicating a "title" or subject matter.
It only sends messages be they iMessages to Contacts or IM (instant Messages) to Buddies on various services that you could join.
Re 1) The AIM service added the ability to use the "/me" lead in/pre-emptive text which adds the little grey center info text to AIM chats as my pics show.
In other services that do not support "/me" you see a sentence that starts "/me".
On the iPhone as an iMessages item it appears like this
They appear as Sent items due to the Sync process.
Re 2) No.
I am just suggesting using a feature that works in the Messages (and the previous iChat) App using an AIM Account in Messages (as it appears to work at your end all the time in any account) so that you can create something that can be used as a "subject" marker.
re 3) Yes.
The original premise was you sent something like "/me waves" which appears like the time stamps as "Your Name waves" (Your Name on the other depends on what they have in their Address Book or Contacts app as your details (you could appear as just a Buddy ID of some sort.)
Enlarging part of that earlier pic.
The so called Subject one.
Grammatically it could do with a 'has".
Re 4.
AOL (who Own AOL Instant Messenger) gave out AIM names with AOL accounts and with accounts with other companies that they owned.
At one time they owned Netscape Mostly Netscape referred to a Browser that was popular on the Mac at the time. It had a Messenger part added to what it could do and registration gave you an AIM ID (Screen Name)
This tended to be the Username part of your your account name which was an email.
We are talking when there were computers sold by Apple that could boot into OS 9 as easily as they did into OS 10.2.
iChat 2 that did the first Video chats was in OS X 10.3
At that point iChat was an AIM only client. This continued until iChat 3 which added Jabber (and that version required a small amount of work to add a GoogleTalk ID)
Basically when I bought the G4 Tower listed below I already had an AIM name by preferring to use Netscape over Internet Explorer.
At various points I have tried ProteusX (the Original Site seems to have gone now).
I have also tried AdiumX
Both these were and are text only multiple service apps.
I have used Psi This is a Jabber only app. It is a bit "windowsy" as it is a cross platform app written in Java (means you have to download and Install Java and keep it updated)
I got it for doing this http://allforces.com/2005/05/06/ichat-to-msn-through-jabber/
These instructions need you to be able to "register" for Transport on Jabber servers which then allows you to link to your MSN or other service account to in turn add those Buddies to your Jabber Buddy List.
I have tended to Stick with using my AIM name as my main form in iChat and Messages because it has the Privacy and Security settings that allow you to Block people, or have Allow Specific people or Allow Buddy List only people as ways of restricting who can see when you are on Line.
AIM also works with Apple IDs ending with @mac.com and iCloud linked @me.com and @icloud.com (Lapsed @me.com from MobileMe will not work)
You have to keep the password to 16 characters or less to work with the AIM servers.
There is also MeBeam which has been known as Koowy (coo-we) for a while and currently seems to promote itself as "CuSeeMe.tv"
It as a site you will need Flash for.
It then, when you allow it, has access to your Camera and Microphone and you can video to people in "rooms" (private URL) you create.
I have tried Skype in it's early days.
It shares your connection to the internet to make lots of connections to maintain a non centralised service.
This makes it vunerable to "Man-in-the-Middle" attacks becasue at time you are the man in the middle.
Each download used to list it's own Specified port to use but if you didn't set it it used port 80 (web Browsing or port 110 (mostly mail) to connect. Some see this as defeating your firewall or router as it is not made clear in the set up.
I have Office 2004, and 2008 and whatever the last one for Macs was called. (2011 I see on the box)
This has MSN Messenger which I have tried but don't like (Microsoft do some great Apple apps in the Office collection but MSN is not one of the).
Yahoo has been in some variant of Beta 3 for almost as long as the OS has been OS X (it is certainly about 8 years).
It never seems to get to a first GM release.
This can do "video" but broadcasts this to anyone and the Audio is then to one Buddy.
Basically iChat was the app I used first and an AIM name I already had.
Over the years I have created several Apple ID (some during a time when @mac.com name could be registered as "iChat Names" after the .Mac service had finished).
AIM have always been there.
Google has been there some of the way.
(Other jabber servers can come and go)
I do have my Yahoo account set up in Messages but it basically was as a test and I rarely use it (it is only text and does not do Video in the iChat 6 or Messages apps).
I am not a great phone user so iMessaging people is limited for me.
(I know about 2 people who I could iMessage outside of my family).
10:57 pm Saturday; March 15, 2014
iMac 2.5Ghz i5 2011 (Mavericks 10.9)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad -
I have searched but haven't come up with an answer yet.
Here's my situation: I use multiple calendars across multiple platforms (work and home, Exchange & iCal). To keep them in sync, I send an invite to one or the other (work email / personal email). While I can fairly reliably send an email from work (Outlook / Exchange) to my iCal via email (using Mail on iPhone, iPad or MacAir), I cannot do the reverse. The culprit, per se, is our corporate security policies. Since the invite comes from iCloud and to accept it (and have it added to my calendar), I have to communicate with iCloud. But alas, said communication is blocked (corporate stance: since it's possible to do file sharing it's been tagged as such and blocked).
While I would love to change the corporate policy, I am unable to do so
So, my question is how do I change the invite to not come from iCloud? I tried switching off iCal sync in iCloud, but when I do, the invitation option within iCal no longer exists.
Is there a preference switch somewhere that I am missing?Is the message saying to log into iCloud on her device and not only a computer?
To use iCloud on a you must have an Apple device that can use iCloud.
To enable iCloud on your Windows PC (Windows 7 or 8 required), first set up your iCloud account on your other iOS devices or Mac, then install iCloud for Windows.
To do what you want:
Share iCloud Calendar with PC user
http://computers.tutsplus.com/tutorials/techniques-to-share-apple-and-google-cal endars--cms-20057 -
Group Policy Prevent users to access DNS
Hello
I have a problem with DNS in windows 2008R2. there is a policy prevent DNS resolving name to IP and I can ping any computer by IP put I cannot ping it by name although when I use "nslookup" on cmd the computer can see DNS server. Another problem I
can join Computer to domain put when I want to add a domain user to local admin group the computer cannot see the domain and user show as s-1-5-21 if I could add user.I don't know the policy and how to delete it.thank's alot for your replaying.
But when any computer is in work group I can ping any computer on the domain using host name and IP . when I joined the computer to domain I can ping computers by Ip but when I ping it using host name I get this message
"Ping request could not find host ............. Please check the name and try again"
thank's
some thoughts...
check: System Properties > Computer Name > Change > More >
Primary DNS Suffix of this computer
Change primary DNS suffix when domain membership changes
http://technet.microsoft.com/en-us/library/cc794784(v=ws.10).aspx
also
http://gpsearch.azurewebsites.net/Default.aspx?PolicyID=203
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
I am new member , so please excuse me if this has already been asked
You don't.
This has never been a feature of ipd/ipad/iphone. -
I am trying to determine the best way to set up our imac so each user account can access the same media (songs, movies etc.) through itunes and also back up and manage their personal devices under their own personal user account. There are 4 users on our iMac. Me, my wife, and our 2 children. We have built an extensive library of music/media together using the same iTunes store account. I would like to establish a seperate apple id and iTunes store account for each of us going forward but have the ability for each of us to share our purchases. What is the best way to configure our system and devices in order to allow shared access to media and at the same time allow for individual management of devices including contacts, apps, photos, etc. Please help, I would like to do this once!
Thank you in advance!OK, seeing as no-one replied (presumably because a lot of this information is on the forums in bits elsewhere) here's how I've got on so far.
Applications - just went through them. About the only one I needed was my media server app. Just downloaded and re-installed, had a quick look back though my email to find the license key and it all went on fine. Installation never seemed quite right on my old machine so solved that problem too.
Movies - New iMovies just copied across the clips and projects into their respective folders. Seems to have worked but haven't checked it all that thoroughly. Some duplicate footage here but I can trim this out at some point when I get a chance to go through here.
Documents - Just copied these across.
Photos - used an app called iPhoto Library Manager. You can download for free but have to pay to use the part that consolidates your libraries. Possibly if I was willing to spend a bit more time I could have got away without using this but given I didn't know the state of my different libraries and just how many duplicates I had this was too much of a convenience to ignore. Also got my library into a state where I can now spend a few hours organising it a bit better with Faces / Events etc.
Not attempted Music or iPhone sync yet as been stuck trying to solve a problem with my power adapter. -
Can Anyone help to find a way?
http://answers.acrobatusers.com/How-call-Adobe-Reader-inside-application-avoid-operator-op en-save-doc-q13487.aspx
From inside my application that run on an Automation PC, under Windows O.S, I want to call Adobe Reader using a shell command to open up an PDF Document containing some informations.
Shell command like these
"C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" /A "<options>" "C:\mydoc.pdf"
or
cmd /c "C:\mydoc.pdf"
Operator is using a touchscreen.
I want to prevent user to access any option that can give him acces to filesystem (Open/save/save as).
I want also to prevent any change/add information to PDF document
Thank you in advance for the time you will spend for me.You can use the Installation Tuner for Reader to customize the UI elements provided to the user. Details on the Adobe web site.
-
HT1338 how do i lock my network home network to prevent others from accessing
How do i lock my network and prevent others from access the internet from my home system?
Several ways which can work toghether.
Setup the WiFi with a good password and a WPA safety.
Create an hidden network
Setup a list of MAC adresses whic are the only allowed to connect to your WiFI network.
Maybe you are looking for
-
Hi, I have a problem with filtering binary documents (.doc, .pdf, etc...). I use SQL*PLUS for remote access to Oracle 10.2 on Linux and I create table: CREATE TABLE test (id NUMBER PRIMARY KEY, text VARCHAR2(100)); I insert to this table: INSERT into
-
Payment Received Notification by email
Dear All Please let me know if any one has an experience of sending email notification of payment receipt to concerned user. Our requirement is that we will maintain a Z table where users email address will be maintained by profit center. As soon as
-
Cannot sort on a column in direct database request analysis
We are having an issue on sorting on a field. The analysis was created using a direct database request. Once the results are displayed in Table/Pivot table, users would like to sort on a particular column, but this is not working currently. Any idea
-
Active screen corner + incorrect password results in hibernation, help!
I've got the right top (active) screen corner set to sleep my display. And only recently noticed that, if after using that i try to move mouse or press any key it would ask me for password, which is OK, but the problem is that if after entering incor
-
Hello, Can someone please provide me the Basis Delta Functionality between SAP 4.7 to ECC 6.0 Upgarde. Thanks in advance. Br, Naresh.