Secure corporate e-mails using Conditional Exchange Access

Introduction

Corporate email management is crucial to an organization's productivity and security. Many organizations implement Exchange to handle their emails and fulfill other purposes like managing contacts, calendar events, and tasks.

The widespread usage of Exchange, be it the on-premises or the cloud version, has made it vulnerable to security threats like spamming, phishing, and other types of malware attacks. IT admins need to safeguard all corporate data, especially the data stored in Exchange. A mobile device management solution like Mobile Device Manager Plus (MDM) streamlines this process with its Conditional Exchange Access (CEA) feature.

How CEA works?

As the name suggests, CEA enforces the condition that devices accessing Exchange must be first authorized by MDM. If a device is not authorized, its access is restricted immediately or after a grace period (if the admin so chooses). Thus, only those users whose devices are part of MDM network can retrieve corporate data stored on Exchange.

The Exchange ActiveSync (EAS) protocol is used to synchronize Exchange data with the native client present on employees' devices. MDM provides EAS support for apps like Gmail, Samsung Email, and Microsoft Outlook. These apps can be installed on the devices without any use EAS is supported for platforms like Android, iOS, Windows, and Samsung Knox.

Configuring Conditional Exchange Access lets you:

  • Bring devices under management
    Since users need to enroll their devices with MDM to access Exchange, applying the CEA policy indirectly brings employees' devices under management.
  • Monitor Exchange access
    Once you've configured CEA, the MDM server syncs with Exchange once every day to fetch the details of new devices. This lets you monitor the devices accessing Exchange even if the devices are not managed by MDM.
  • Apply policies selectively
    Apply a CEA policy to all users or just specific ones. For instance, you can exclude users like top-level managers from the policy.

Benefits of configuring Conditional Exchange Access

  • Automated EAS configuration
    Push the EAS policy from MDM prior to configuring the CEA policy. Even though users can manually configure EAS on their devices, the devices are only considered managed when the policy is configured using MDM.
  • Complete device inventory
    Maintain a record of all the devices accessing Exchange, even if they don't have a CEA policy applied to them.
  • Secure BYOD environment
    Ensure employees securely access corporate data, even in a BYOD environment, by applying CEA policies to employees' personal devices.
  • Single point of control
    Once CEA is configured in MDM, it becomes the single point of control; any access restriction applied using Exchange is overruled by the policies applied using MDM.