We currently have an issue where there are multiple people using the OWA address to connect their personal blackberries to our exchange server. We run a BES server and issue blackberries to authorized people, but need to block unauthorized access by these other blackberries. Blackberry's support has said the only way is to turn OWA off for the people you don't want to have access. Unfortunately, this is not a solution as we allow people access to OWA.Does anyone know how to block these unauthorized blackberries from making connection?Thanks,Mike

If they are using the OWA address to configure BB that means they are using the active sync. Basically in BES you need to add their account on BES server in order to access emails. Disable the active sync feature for these users Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

Any update on the thread?

Vinod possibly you mean Autodiscover, which blackberry use to find the details of the user. I was not aware that blackberry can use ActiveSync (like Android, iPhone etc.). At least not until Blackberry software version 10. If the Blackberry can use ActiveSync then it is better to use the Access Rules in Exchange 2010 to control this, documented here: http://howdouc.blogspot.co.uk/2010/09/activesync-device-access-rules-in.html However you can enter the OWA website manually on the device. BIS will then connect directly to OWA without Autodiscover or ActiveSync and download all emails to the device which I can see is a problem without enforcing policies like device encryption and passcode lock (which we use BES for). My suggestion as follows: Use your firewall to block communication between the Blackberry Internet Service (BIS) and Exchange on TCP port 443 and 80. The current networks used by BIS as follows: http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=EECD721D0F71835C63018A076F85B0ED?noCount=true&externalId=KB11036&sliceId=2&dialogID=69199896&cmd=displayKC&docType=kc&stateId=0+0+692+01325&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl In case RIM remove their KB11036 article the list at the moment is: 206.51.26.0/24 193.109.81.0/24 204.187.87.0/24 206.53.144.0/20 216.9.240.0/20 67.223.64.0/19 93.186.16.0/20 68.171.224.0/19 74.82.64.0/19 173.247.32.0/19 178.239.80.0/20 180.149.149.0/22 180.168.204.0/22 This is not perfect as BIS could of course use other networks to access Exchange in the future, but it is a good start. However, remember to still allow these networks access to your Blackberry Enterprise Server (BES) on port 3101. The Blackberry Enterprise Service uses the same networks as BIS as documented here:http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=6F2286092E14CB90968C3CAB08F486D6?noCount=true&externalId=KB03735&sliceId=2&cmd=displayKC&dialogID=22502&docType=kc&isLoadPublishedVer=&stateId=22508&docTypeID=DT_SUPPORTISSUE_1_1&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl Matt.