Lost and Stolen Active Sync enabled Devices and procedure to handle them in EAS environment

Active Sync May 4, 2015 Leave a comment

Today mobile devices comes up in different flavours , versions , operating systems , hardwares etc,..This creates a big security hole in terms of managing the Active Sync devices enabled on these devices.

If we plan up to bring a MDM solution then lots of study on the product needs to be done since it comes up with different platforms , console, management, vendors , licenses , team to handle and finally cost factor in terms of resources and hardware is also considered.

So planning for managing this mobile devices is very much important.

In this article lets have a look at the best procedure to handle the lost and stolen active sync enabled devices.

There are many best practices to be followed in the web and i have mentioned few points that can be taken.

 

Note : – This point is applicable only of we have EAS enabled devices without any MDM and EMM integration.

If a user lost/stolen his EAS enabled device below procedure can be handled

 

First Run the below command to check what are all the EAS devices associated with the users account

Get-ActiveSyncDevice -Mailbox “email address” | select Name

ACSPNG

 

Run the command Get-ActiveSyncDeviceStatistics -Mailbox “Email Address” to see the last sync time of the device

ACSPNG1

If the user changes his password as soon as the device is lost then there is no way that the device can be authenticated , synced with his mailbox and will not receive the remote wipe command.

So it is better to leave the victim’s password unchanged so the sync attempt is successful and the device gets wiped

 

Run the below command to send you a notification email when the device is wiped out

 

Clear-ActiveSyncDevice -Identity Name -NotificationEmailAddresses administrator@domain.com

 

Note :

EAS doesn’t have the option to delete only the emails and the remote wipe command deletes the entire data present on the phone. Its better to inform the user before  you perform this action to ensure that he will be losing all of his data present on the device.

Also you can make use of the log parser tool along with this excellent script which will give you detailed information on Active sync devices in which you can see the last connection attempts made if any

http://blogs.technet.com/b/exchange/archive/2012/01/31/a-script-to-troubleshoot-issues-with-exchange-activesync.aspx

Thanks 

Sathish Veerapandian

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: