Today mobile devices comes up in different flavours , versions , operating systems , hardwares etc,..This creates a big security hole in terms of managing the Active Sync devices enabled on these devices.
If we plan up to bring a MDM solution then lots of study on the product needs to be done since it comes up with different platforms , console, management, vendors , licenses , team to handle and finally cost factor in terms of resources and hardware is also considered.
So planning for managing this mobile devices is very much important.
In this article lets have a look at the best procedure to handle the lost and stolen active sync enabled devices.
There are many best practices to be followed in the web and i have mentioned few points that can be taken.
Note : – This point is applicable only of we have EAS enabled devices without any MDM and EMM integration.
If a user lost/stolen his EAS enabled device below procedure can be handled
First Run the below command to check what are all the EAS devices associated with the users account
Get-ActiveSyncDevice -Mailbox “email address” | select Name
Run the command Get-ActiveSyncDeviceStatistics -Mailbox “Email Address” to see the last sync time of the device
If the user changes his password as soon as the device is lost then there is no way that the device can be authenticated , synced with his mailbox and will not receive the remote wipe command.
So it is better to leave the victim’s password unchanged so the sync attempt is successful and the device gets wiped
Run the below command to send you a notification email when the device is wiped out
Clear-ActiveSyncDevice -Identity Name -NotificationEmailAddresses firstname.lastname@example.org
EAS doesn’t have the option to delete only the emails and the remote wipe command deletes the entire data present on the phone. Its better to inform the user before you perform this action to ensure that he will be losing all of his data present on the device.
Also you can make use of the log parser tool along with this excellent script which will give you detailed information on Active sync devices in which you can see the last connection attempts made if any