Secure Mobile Access 12.4 Administration Guide

Enabling Exchange ActiveSync access on the appliance

The administrator can enable Exchange ActiveSync access for a community of iPhone or Android device users. This involves the following tasks:

  • Create a realm that uses an Active Directory authentication server. Realms that use chained authentication are not supported for Exchange ActiveSync.
  • Create a resource for Exchange ActiveSync using the Exchange Server Options section of the Add Resource page for a URL resource.

    The Exchange Server Options section allows the administrator to specify a custom FQDN, IP address, SSL certificate, and realm to use for providing Exchange ActiveSync access.

    The custom FQDN, IP address, and SSL certificate options function in the same way as those for Workplace sites that use these options. The custom FQDN provides a host/domain name through which ActiveSync connections or sessions can be established.

    The IP address is a virtual IP address hosted by the appliance, and must be on the same subnet as the external interface (or the internal if single-homed) of the SMA appliance so that it is reachable via the public interface of the appliance.

    The SSL certificate can be a wildcard certificate or you can configure a server certificate that matches the host name.

    The only realms that appear in the Realm drop-down menu are those that use an Active Directory authentication server. Realms that use chained authentication do not appear in the menu. A realm used for Exchange ActiveSync cannot be changed to provide chained authentication or to use an authentication server other than Active Directory.

  • Define a Device Profile for end point control of Exchange ActiveSync devices from the EPC page in AMC. You can select Exchange ActiveSync as the device profile type.

    The only attribute that can be configured for this device profile is Equipment ID. The device serial number is used as the identifier. Equipment ID retrieval uses the underlying operating system hard disk drivers. All driver updates should be applied to ensure that Equipment ID retrieval works reliably.

    The Exchange ActiveSync device profile can be included in any zone for evaluation.

    ActiveSync clients will not be able to connect on zones that have Device authorization enabled.

  • View the Network Settings page to see all custom IP addresses used for virtual hosting, the FQDNs that listen on these addresses, and the associated Resources or WorkPlace Sites.

    The Resources and WorkPlace Site items are links to the configuration page for easy navigation and editing.

  • View the User Sessions page, which displays Exchange ActiveSync sessions as belonging to the Exchange ActiveSync Access Agent. Exchange ActiveSync is an option in the Agent list under Filters.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.