Hello, is there a way to only allow only iPhones and iPads and no other devices to connect to Exchange 2007 via ActiveSync? I know this is possible with Exchange 2010 but we have not been able to find a solution with Exchange 2007. Thanks!

I think you'll have to use something like ISA: http://msexchangeteam.com/archive/2008/09/05/449757.aspx

Yeah.. we do not have ISA

Hi RevoBasher, I would suggest you deploy an ISA if you would like to achieve the goal. If your current firewall can set the rule blocking according to User-Agent String, you also can do the trick. Please refer to the article provided by Andy. If you can’t restrict in firewall, you need to go to the next solution: Custom ISAPI filter: Since creating a custom ISAPI filter is both time consuming (you have to write custom code) and not a best practice, I'm not going to talk too much about it except mentioning that it is a possible solution. More details can be found here for those interested in exploring this option. A related thread for your reference: http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/c1545ebf-8bdb-4c1f-9b60-a645d4fdd419 Thanks, Elvis

Hi RevoBasher, I would suggest you deploy an ISA if you would like to achieve the goal. If your current firewall can set the rule blocking according to User-Agent String, you also can do the trick. Please refer to the article provided by Andy. If you can’t restrict in firewall, you need to go to the next solution: Custom ISAPI filter: Since creating a custom ISAPI filter is both time consuming (you have to write custom code) and not a best practice, I'm not going to talk too much about it except mentioning that it is a possible solution. More details can be found here for those interested in exploring this option. A related thread for your reference: http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/c1545ebf-8bdb-4c1f-9b60-a645d4fdd419 Thanks, Elvis

You can achieve this through policy. Turn off Activesync for everyone and then only turn it on for those you allow. If that is iphones and ipads, so be it. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. If the post wasn't the exact answer or was helpful in leading you to the answer, please vote it as helpful. This can be beneficial to other community members reading the thread.

You can achieve this through policy. Turn off Activesync for everyone and then only turn it on for those you allow. If that is iphones and ipads, so be it. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. If the post wasn't the exact answer or was helpful in leading you to the answer, please vote it as helpful. This can be beneficial to other community members reading the thread. But the policy applies to users, not devices.

^^ right... what Scott posted will not work. I guess I am stuck unless we use ISA

Depends on how you write the policy, yes it is a turn on turn off policy per user, but if your written policy is that the only supported devices on for activesync is iphones and ipads then that is written in the policy. It is up to the users to comply or be in a non-supported state if they choose to use a different device. I have this going on now with another client. They support WM and Iphone but not driod or anything else. If the user says i want access, IT turns it on. If the user then connects a driod to it, IT doesn't immediately know, but when they run the script below they will and then they can turn it off and send the user a nasty gram. Here is the policing script: Get-Mailbox -server -ResultSize:Unlimited |ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | ft identity,devicemodel,LastSuccessSync Or last option would be to deploy ISA. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. If the post wasn't the exact answer or was helpful in leading you to the answer, please vote it as helpful. This can be beneficial to other community members reading the thread.

Makes sense.. However, the problem is being in a non-supported state is not good enough.. we need to prevent anything other than iPhones and iPads from connecting at all.

ISA seems like the best bet then or upgrade to Exchange 2010 and you could do something like this http://blog.brightpointuk.co.uk/restricting-access-exchange-2010-activesync You might be able to configure a powershell script that runs on a set interval that looks for something like this if($_.DeviceType -ne "iPhone") set-casmailbox -activesyncenabled $false Where the script looks through all the activesync connections and if it finds something outside of iphone or ipad it disables the user's activesync access. But this too would leave a small window of access between the time the sync was started and the script ran. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. If the post wasn't the exact answer or was helpful in leading you to the answer, please vote it as helpful. This can be beneficial to other community members reading the thread.

Perfect.. thanks all!

Problem solved ! Found a cool manual How to Jailbreak iPad with Redsn0w 0.9.7 Untethered Jailbreak for iOS 4.2.1 ! I recommend , I have all turned out : ) http://ipadshouse.com