Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Manage ActiveSync Access

 

Manage ActiveSync Access

ActiveSync Access allows users to perform secure, multi-factor authentication-based management of their ActiveSync devices.

For ActiveSync Access to operate correctly, you must configure your Microsoft Office 365 server as follows:

Enable Quarantine Mode for new ActiveSync devices

Edit the Quarantine Email Content to include the Identity as a Service URL for users to log in and approve the quarantined device, for example, https://<mycompany>.<region>.trustedauth.com/#/myprofile/devices

Attention: If you have not made use of the Exchange Server quarantine mode beforehand, enabling this functionality will put all your existing ActiveSync devices in quarantine mode and your end-users will have to reapprove their existing devices.

To configure Identity as a Service to allow users to approve Exchange ActiveSync devices, you must do the following:

Step 1: Configure Quarantine Mode on Microsoft Exchange ServerStep 1: Configure Quarantine Mode on Microsoft Exchange Server

By default, Microsoft Office 365 allows new ActiveSync devices to connect. This procedure describes how to configure Exchange Server to set new ActiveSync devices into Quarantine mode and send a quarantine email to the user when it attempts to connect.

Log in to the Exchange Admin Center (EAC).

In the navigation pane, click Mobile. The Mobile Device Access page appears.

Click Edit. The Exchange ActiveSync access settings dialog box appears.

Click + to add users that will receive copies of the quarantine emails. Repeat this procedure for all users.

Note: The user email attribute in Identity as a Service must match the Microsoft Exchange email address. See Create and manage user attributes for more information.

In the Text to include in messages section, enter the message users receive.

Example: You can approve the quarantined device by logging in to your Identity as a Service account at https://<mycompany>.<region>.trustedauth.com/#/myprofile/devices Consult the Identity as a Service Online Help for instructions on how to approve your device.

Click Save.

Step 2: Enable ActiveSync Access in Identity as a ServiceStep 2: Enable ActiveSync Access in Identity as a Service

When configuring the admin userid and password for ActiveSync Device Management, the userid used should come from a Managed Domain (and cannot come from a Federated domain). Typically this is an admin account in the onmicrosoft.com domain.

Click > Configuration > ActiveSync Access. The ActiveSync Access page appears.

Select the Enable ActiveSync Access check box to allow your users to manage their Exchange ActiveSync devices on Identity as a Service.

Connect as follows:

Click Authorize. The Microsoft Authorization dialog box appears. Copy the code provided and then click the Sign in to Microsoft link.

Enter the code in the Microsoft window and then click Next.

Enter your Exchange administrator username and password.

Close the  Microsoft Authorization dialog box.

Enter the Connection Uri to connect to the Exchange online PowerShell.

Accept the default unless you are using the following:

For Office 365 operated by 21Vianet, use the Connection Uri value: https://partner.outlook.cn/PowerShell

For Office 365 Germany, use the Connection Uri value: https://outlook.office.de/powershell-liveid/ 

For Office 365 Government Community Cloud High (GCC High), use the Connection Uri value: https://outlook.office365.us/powershell-liveid/ 

Click Test Connection to ensure that you can connect to your Microsoft Office 365 server.

Click Save. Once you save the changes, UPN and Tenant ID values appear automatically.

When enable ActiveSync Access is set, a Devices tab appears on the user's My Profile page. Users can then allow, block, or delete ActiveSync Devices.