Block ActiveSync (only externaly, allow internally) but allow OAW/OWA (externally and internally) on Exchange

activesyncexchange-2010mdm

We have the following setup:

Exchange 2010 SP3
An external IP adress & DNS name for OWA (bound to our Hardware Load Balancer)
An external IP adress & DNS name for OAW & Active Sync (bound to our Hardware Load Balancer)
Two internal Exchange 2010 SP3 CAS Server
A mobile device Management which bring an own ActiveSync access point

Question:
How can we ensure that only the Mobile device management (MDM) offer active sync? We couldn´t block access on the 2nd external IP adress as this offer also the needed OAW access.

I currently hope we can somehow reconfigure the activesync virtual directory to implement that.

Best Answer

It's possible, simply don't put anything in the External URL of ActiveSync. Something among the lines of:

Get-ActiveSyncVirtualDirectory -Server "ExchangeServerName" | Set-ActiveSyncVirtualDirectory -InternalURL https://mail.example.com/Microsoft-Server-ActiveSync -ExternalURL $null

Best Answer

Related Solutions

Exchange 2010 CAS (OWA) in Exchange 2007 Environment

How to investigate sustained high CPU usage by Microsoft.Exchange.Rpc.ClientAccess.Service.exe

Related Topic