CA Mobile Device Management Configure Access Control for Using Exchange PowerShell cmdlets

Similar documents
How to Deploy and Use the CA ARCserve RHA Probe for Nimsoft

BRM Accelerator Release Notes - On Premise. Service Pack

CA SSO. Agent for Oracle PeopleSoft Release Notes. r12.51

CA SiteMinder. Advanced Password Services Release Notes 12.52

CA Cloud Service Delivery Platform

CA PMA Chargeback. Release Notes. Release

CA Cloud Service Delivery Platform

CA Nimsoft Service Desk

CA Cloud Service Delivery Platform

CA Cloud Service Delivery Platform

CA Nimsoft Monitor. Probe Guide for DHCP Server Response Monitoring. dhcp_response v3.2 series

CA Workload Automation Agent for Micro Focus

CA Cloud Service Delivery Platform

CA Cloud Service Delivery Platform

CA Cloud Service Delivery Platform

CA Nimsoft Monitor. Probe Guide for iseries Job Monitoring. jobs v1.3 series

CA Cloud Service Delivery Platform

CA Clarity Project & Portfolio Manager

pvs Release Notes All series

CA GovernanceMinder. CA IdentityMinder Integration Guide

CA Workload Automation Agent for Databases

CA SiteMinder Web Access Manager. Configuring SiteMinder Single Sign On for Microsoft SharePoint 2007 Using Forms-based Authentication

CA Desktop Migration Manager

CA ERwin Data Modeler

CA Open Space. Release Notes. Release

CA VM:Secure for z/vm

CA SiteMinder. Advanced Password Services Release Notes SP1

CA TPX Session Management

BrightStor ARCserve Backup for Linux

CA Agile Vision and CA Product Vision. Integration Guide

CA IdentityMinder. Glossary

CA Data Protection. De-duplication Filter for Symantec Enterprise Vault Configuration Guide. Release 15.0

CA IDMS Server. Release Notes. r17

CA ERwin Data Modeler

CA Spectrum. Policy Manager User Guide. Release 9.4

CA Spectrum. Remote Operations Suite User Guide. Release 9.3

WANSyncHA Microsoft Exchange Server. Operations Guide

CA ERwin Data Modeler

CA DLP. NBA Release Notes. Release 14.0

CA File Master Plus for IMS

CA ehealth Integration for HP OpenView

CA Productivity Accelerator 13.0 SYSTEM REQUIREMENTS. Type: System Requirements Date: CAP13SYR1

CA SiteMinder. SDK Overview Guide 12.52

CA TPX Session Management

Connector for Microsoft SharePoint Product Guide - On Premise. Version

CA Performance Management for OpenVMS

Connector for Microsoft SharePoint Product Guide - On Demand. Version

CA Output Management Web Viewer

Personalizing CA Clarity PPM User Guide. Release

CA CloudMinder. Identity Management User Console Design Guide 1.51

Nimsoft Monitor. qos_processor Guide. v1.2 series

CA Nimsoft Unified Management Portal

CA InterTest Batch Release Notes r8.5

CA Nimsoft Monitor Snap

SPECTRUM. QoS Manager User Guide (5165) r9.1.1

CA Unified Infrastructure Management

Microsoft Operations Manager

8) Subroutines and functions

CA InterTest Batch. Release Notes. Release

CA Workload Automation Agent for Oracle E-Business Suite

CA Performance Center

Release Notes r12.5, Second Edition

CA ARCserve Backup for Windows

BrightStor ARCserve Backup for Windows

CA ARCserve Backup for Windows

QuickBooks Merchant Services Integration. User Guide

CA Performance Management Data Aggregator

CA ehealth and CA SPECTRUM

CA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5

APM Import Tool. Product Guide

CA Datacom Tools CA Datacom Server New and Enhanced Features for 15.x

Connector for CA Unicenter Service Desk & CA Software Change Manager for Distributed Product Guide. Service Pack

SPECTRUM. Control Panel User Guide (5029) r9.0.1

CA IdentityMinder. Programming Guide for Java. r12.6.1

CA ARCserve Replication and High Availability for Windows

CA Spectrum Multicast Manager

CA Spectrum Infrastructure Manager

CA InterTest Batch Release Notes Release

CA Workload Automation Agent for Databases

CA Clarity PPM. CA Clarity-Xcelsius Implementation Guide. v

CA ARCserve Backup for Windows

CA-VTERM for VM. Security Administrator Guide 3.3 R104MC33SAE B E

Arcserve Backup for Windows

SPECTRUM. Multicast Manager User Guide (5132) r9.0

CA MIA Tape Sharing for z/vm

CA Identity Manager. User Console Design Guide. r12.5 SP8

CA Automation Suite for Clouds Base Configuration

CA Automation Point. Release Notes. Release 11.5

CA Output Management Web Viewer

Release Notes. Release 12.2

CA Gen. Gen Studio Overview Guide. Release 8.5. Third Edition

CA Network Flow Analysis

CA Spectrum MPLS Transport Manager

CA Workload Automation Agent for Remote Execution

CA ARCserve Backup for Windows

Arcserve Backup for Windows

CA Clarity Project & Portfolio Manager

CA ERwin Data Modeler

CA Adapter. CA Adapter Installation Guide for Windows 8.0

CA SiteMinder Federation

Transcription:

CA Mobile Device Management Configure Access Control for Email Using Exchange PowerShell cmdlets

This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational purposes only and is subject to change or withdrawal by CA at any time. This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA and may not be disclosed by you or used for any purpose other than as may be permitted in (i) a separate agreement between you and CA governing your use of the CA software to which the Documentation relates; or (ii) a separate confidentiality agreement between you and CA. Notwithstanding the foregoing, if you are a licensed user of the software product(s) addressed in the Documentation, you may print or otherwise make available a reasonable number of copies of the Documentation for internal use by you and your employees in connection with that software, provided that all CA copyright notices and legends are affixed to each reproduced copy. The right to print or otherwise make available copies of the Documentation is limited to the period during which the applicable license for such software remains in full force and effect. Should the license terminate for any reason, it is your responsibility to certify in writing to CA that all copies and partial copies of the Documentation have been returned to CA or destroyed. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION AS IS WITHOUT WARRANTY OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. The use of any software product referenced in the Documentation is governed by the applicable license agreement and such license agreement is not modified in any way by the terms of this notice. The manufacturer of this Documentation is CA. Provided with Restricted Rights. Use, duplication or disclosure by the United States Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their successors. Copyright 2014 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. Configure Access Control for Email Using Exchange PowerShell cmdlets 2

Table of Contents About this Document... 5 Business Scenario... 6 Supported Devices... 7 Configure Access Control for Email... 8 Configure Exchange Admin Center... 8 Test PowerShell Connection to Exchange Server or Office 365... 9 Configure CA MDM Server... 10 Verify Allow and Block Feature in Access Control for Email... 11 Configure Access Control for Email Using Exchange PowerShell cmdlets 3

Configure Access Control for Email Using Exchange PowerShell cmdlets About this Document Business Scenario Supported Devices Configure Access Control for Email Configure Exchange Admin Center Test PowerShell Connection to Exchange Server or Office 365 Configure CA MDM Server Verify Allow and Block Feature in Access Control for Email Configure Access Control for Email Using Exchange PowerShell cmdlets 4

About this Document This document describes how to configure access control for local or hosted Microsoft Exchange using Exchange PowerShell cmdlets. Configure Access Control for Email Using Exchange PowerShell cmdlets 5

Business Scenario To control email access for the mobile devices under management, use Exchange API (Exchange PowerShell cmdlets) in the following scenarios: When a device comes under management, add it to the "Allow" list. Exchange allows it to get email. If a device is found to be out of compliance, add it to the "Blocked" list. Exchange prevents it from getting email. When a device comes back into compliance, remove it from the "Blocked" list and move it to "Allowed" list. Exchange allows it to get email again. Configure Access Control for Email Using Exchange PowerShell cmdlets 6

Supported Devices The PowerShell Exchange cmdlets are supported only for Android, ios, and Windows Phone 8 devices. For more information, see System Requirements. Android Email Exchange policy is available only for LG and Samsung devices, therefore the access control for email is applicable only on these devices. Configure Access Control for Email Using Exchange PowerShell cmdlets 7

Configure Access Control for Email The Office 365 and Local Exchange account can be used for email access control in the same tenant. Set up access control for hosted email by configuring Office 365 or local email using the Microsoft Exchange PowerShell cmdlets. To perform this procedure, verify the following points: The Access Control for Email filter is not installed. Local Email Server: Access Control for Email support Microsoft Exchange Server 2010 and Microsoft Exchange Server 2013. The Hosted Email is Microsoft Office 365. The PowerShell Host Server is Microsoft PowerShell Version 2.0. The PowerShell virtual directory is created when you install Exchange. Enable the PowerShell by enabling Basic Authentication on the virtual directory in IIS. E-mail services are available locally and through the Internet (third-party). E-mail servers or related CA MDM components are not available in the enterprise network or DMZ for email services that are hosted through the Internet. The CA MDM Server communicates with the Exchange server for updating device status. CA MDM uses the following API calls on the Exchange server: Get-ActiveSyncDevice Get-CASMailbox Set-CASMailbox For more information about Microsoft Exchange server API calls, refer the Microsoft Exchange documentation. CA MDM sends set up commands to initiate the remote PowerShell session with the Exchange server. Configure Exchange Admin Center Perform the following prerequisite procedure on the Exchange Admin Center (EAC) to configure the mobile device access. Follow these steps: Configure Access Control for Email Using Exchange PowerShell cmdlets 8

1. Log in to EAC using your Administrator credentials. 2. 3. Internal URL: https://<casservername>/ecp External URL: https://mail.contoso.com/ecp Navigate to Mobile. The Mobile Device Access page appears. Click Edit. The Exchange ActiveSync Access Settings pop-up appears. 4. 5. 6. Select Quarantine. Click Save. (Only for Exchange Server) Navigate to Server, Virtual Directory and click Edit PowerShell (Default Web Site). 7. (Only for Exchange Server) Copy the Internal URL. This URL is used to connect from the CA MDM Server. 8. (Only for Exchange Server) Navigate to Server, Authentication, and select Basic Authentication and click OK. Test PowerShell Connection to Exchange Server or Office 365 As a prerequisite, use the Get-Host cmdlet to verify that the version number is Windows PowerShell version 2.0. Perform the following procedure to test the connection to the Exchange Server or Office 365. Follow these steps: 1. Open the Management Shell command prompt. Configure Access Control for Email Using Exchange PowerShell cmdlets 9

2. Enter the following command to create a persistent connection: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUR I <Uri> -Credential <PSCredential> -Authentication Basic -AllowRedirection The parameters are explained: -ConnectionURI<Uri>: Specifies a Uniform Resource Identifier (URI) that defines the connection endpoint for the session. The URI must be fully qualified. Based on your configuration, specify the internal URL of the Exchange Server or the Office 365 URL. For this scenario, specify the URL copied from step 7 of the Configure Exchange Admin Center procedure. -ConnectionUri https://<servername>.example.com/powershell The following is an example URL for Office 365: -ConnectionUri https://ps.outlook.com/powershell The following is an example URL for Exchange Server: https://<servername>.example.com/powershell -Credential: Specifies a user account that has permission to perform this action. The default is the current user. The following is an example for -Credential: -Credential $LiveCred -Authentication<AuthenticationMechanism>: Specifies the mechanism that is used to authenticate the user's credentials. -AllowRedirection: Allows redirection of this connection to an alternate Uniform Resource Identifier (URI). 3. Enter the following command to import from another session to the current session: Import-PSSession $Session 4. Enter the following command to view the client access settings: Get-CASMailbox where {$_.HasActiveSyncDevicePartnerShip} select name,activesyncallowed*,activesyncblocked* ft -auto You have successfully tested the connection to the Exchange Server or Office 365. Configure CA MDM Server As a prerequisite, verify the following points: Create a Configuration Policy (ios, Android, or Windows). Note: For more information view the Manage Configuration Policies and Examples for Using Substitution Variables When Creating or Editing an Android or ios Configuration Policy. Create a Group. Create an Enrollment Policy. Configure Access Control for Email Using Exchange PowerShell cmdlets 10

Map all Policies to the created Group and select the Enrollment Policy from the Self-Service Portal. Follow these steps: 1. 2. Log in to CA MDM Administration Console, navigate to Server, Configuration, Server, MS Exchange, and click Add. Enter the URL of the hosted or local exchange server, Account Username, and Password. Note: Ensure that Microsoft Exchange account credentials have Administrator privileges. 3. To authenticate the account credentials and test connectivity, click Test connection. 4. Click Save. When Microsoft Exchange triggers email blocking using access control, the Microsoft Exchange takes 10 minutes for Exchange to block email messages. 5. 6. 7. To specify hosted services Exchange ActiveSync Access Settings, select Always allow or Always block or quarantine services. Click Save. (Optional) To change or delete a record, click Edit, or Delete. After a device is enrolled in CA MDM, it uses the access policy that is set for the device. Verify Allow and Block Feature in Access Control for Email To verify Allow and Block feature in Access Control for Email, perform the following steps: 1. Enroll user through Self-Service Portal and provide the Exchange Email ID during enrollment. 2. 3. 4. The Email is configured automatically (Exchange Email policy Applied to Enrolled Device). The user email account in mobile device is disable or blocked by default. To verify the Allow feature, perform the following steps: a. b. From the CA MDM Administration Console, navigate to Server, Configuration, Component, Access Control Option. Click the Groups tab, and enable Only allow selected Groups. c. From the Available Groups, move the group in which device is mapped or linked to the Selected Groups, and Click Save. The user email account is activated. The user sends and receives mails from the mobile device. Note: The CA MDM Server takes up to 10 minutes to allow or block email for a mobile email account of a user. Configure Access Control for Email Using Exchange PowerShell cmdlets 11

5. To verify the Block feature, perform the following steps: a. b. c. From the CA MDM Administration Console, navigate to Server, Configuration, Component, Access Control Option. Click the Groups tab. In the Blocked selected groups section, from the Available Groups, move the group in which device is mapped or linked to Selected Groups. d. Click Save. The user email account in mobile device is disable or blocked. The user receives a mail with blocked information. Note: The CA MDM Server takes up to 10 minutes to allow or block email for a mobile email account of a user. Configure Access Control for Email Using Exchange PowerShell cmdlets 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback