[NA] ActiveSync. Help Please.

Discussion in 'Hangar Talk' started by OkieFlyer, Jan 15, 2018.

  1. OkieFlyer

    OkieFlyer En-Route

    Joined:
    May 16, 2011
    Messages:
    2,676
    Location:
    Lindsay, OK
    Display Name:

    Display name:
    Andrew L.
    About a week ago, I got a notification on my phone saying that my Microsoft Exchange account needed me to update security settings, or something like that. I ignored it for the time being and opened up my work e-mail account. When Exchange opened up, I got a pop-up wanting me to enable ActiveSync. I didn't know what that was, so I went on to the next step to see what permissions ActiveSync wanted. It said the following:

    [​IMG]

    So, being a non-IT type, this kind of thing is about equivalent to giving a some stranger the keys to my house. I assume this is something the network administrators at work are requiring now to access our company e-mail on our devices. Does that sound right? Is there a way around it? If this is what it takes to open company e-mail, I'll just not do it, but I thought since POA is made of 90% IT guys, I'd ask about here.
     
  2. John221us

    John221us En-Route

    Joined:
    Jan 5, 2012
    Messages:
    4,051
    Location:
    Rocklin, CA
    Display Name:

    Display name:
    John
    This is a legacy implementation of Mobile Device Management (MDM). Your company should have a policy that company email belongs to the company. It is routine and common and if they don't have that policy, they should. In any case, they are acting like they do.

    In the old days, it was more common for a company to issue a company owned mobile device. In that case, the companies ability to wipe the device if it is lost, stolen or you leave the company would not be in question. In today's world, it is now more common for a company to have a policy of bring your own device (BYOD), possibly giving you a stipend for your company use of that device. Tools for managing company data on these devices have improved, as well (MDM). I have worked with a large healthcare company, who offered BYOD, but did not want to pay the premium for modern MDM tools, so, their policy was, if you want company email on your personal device, then back it up, because we can wipe it. Obviously, that isn't a user friendly policy. Modern MDM tools are capable of selective wipe, where corporate data (including email) is siloed and can be wiped without wiping the whole phone. There are several popular implementations of this and MDM is included with Office 365, if you happen to host your email online. With Office 365, it is included, but you need to implement it and enroll the devices.
     
  3. OkieFlyer

    OkieFlyer En-Route

    Joined:
    May 16, 2011
    Messages:
    2,676
    Location:
    Lindsay, OK
    Display Name:

    Display name:
    Andrew L.
    Thanks for the reply. I totally get that they should be able to wipe the email data if they think there is a breech of some kind or a if I get fired, but to want the ability to wipe my whole phone is a bit much. Now, if we were on the company network, then I get it, but our personal devices aren't even allowed on the network, so we're just talking about e-mail. Surely there is a way to secure the e-mail without requiring us to hand over our entire phone to some jackwagon in the home office.
     
  4. John221us

    John221us En-Route

    Joined:
    Jan 5, 2012
    Messages:
    4,051
    Location:
    Rocklin, CA
    Display Name:

    Display name:
    John
    Like I said, there is now, but the free tool built into Exchange on premise wipes the whole phone. It would take additional investment to deploy a more sophisticated tool that can do selective wipe.
     
  5. OkieFlyer

    OkieFlyer En-Route

    Joined:
    May 16, 2011
    Messages:
    2,676
    Location:
    Lindsay, OK
    Display Name:

    Display name:
    Andrew L.
    Roger, Roger. I appreciate the input. I just wanted to get a little info about it. Thought it was kind of weird it just showed up after 4 years with the company.
     
  6. John221us

    John221us En-Route

    Joined:
    Jan 5, 2012
    Messages:
    4,051
    Location:
    Rocklin, CA
    Display Name:

    Display name:
    John
    They may have just activated the policy controls.
     
  7. OkieFlyer

    OkieFlyer En-Route

    Joined:
    May 16, 2011
    Messages:
    2,676
    Location:
    Lindsay, OK
    Display Name:

    Display name:
    Andrew L.
    It would appear so. Thanks again. I reckon they can call or text if they want to reach me from now on ;)