Hi,

We found that "Cloud Magic" app for IOs & Android is becoming threat to corpoarte world by allowing configuring email without enabling any feature like - ActiveSync, OWADevice, OWA

How to disable this organisation wide

Regards,

Hi

You can create a device access rule to block the connections from cloud magic

Look at the mobile phone partnership on Exchange you can see the Cloud Magic being listed as a Device.

Follow this excellent blog to create the device access rule

http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx

Also you can use this below script which will block all the active sync query urls coming up with the subject cloud magic.

This will exactly suffice your needs

New-ActiveSyncDeviceAccessRule -AccessLevel Block -Characteristic DeviceType -QueryString CloudMagic

Also configure a rule in your reverseproxy/firewall to drop the connections coming wiht the query url's cloud-magic

Later after running up the above command log into your  reverse proxy perform a filter and see if this query type with cloud magic is getting blocked(definetely it should be)

Thanks for the info Sathish.

We have already configured the rule as suggested & also we have created Org Config rule to block EWS with "CloudMagic" name.

But even after this we tested users by configuring the app, IT WORKSSSSSS

Again for finding users who configured already, we are unable to trace them in the server. I mean the device is not showing in the server (Both in O365 & OnPremise, by the way we have Hybrisd Setup of exchange)

& about firewall blocking could you please provide morre info.

Thanks

Hi Manju,

If thats the case better i would suggest that we can block this connection on the IIS level so that we wouldn't worry about this.


Edit the web.config file on the mailbox server and add the below string to block the users accessing the cloud magic app

<denyStrings>

     <add string="CloudMagic" />

</denyStrings>

do an iisreset after this 

Also create a rule in the firewall 

To find the users who are using this app perform the following :-

Filter the active sync requests in your firewall or reverse proxy accordingly and start the query 

usually in most of the firewall and reverse proxy it will show you the source,destination and the request after the filter.

You need to concentrate on the request alone


Below is an example of normal active sync request

POST http://domain.com/Microsoft-Server-ActiveSync?User=userID&DeviceId=00ijhsad6564g2fd&DeviceType=iPhone&Cm

If the user device is connected through cloudmagic you can see the word "cloud magic" in the request URL. By this way you can identify the users . It should be easy.

Also additionally create a rule in the firewall stating that any activesync requests that come with the url "cloud magic" drop the connection and do not proceed.

This will solve your issue