Use cases for Exchange Extender

(imported topic written by NickGray)

I would like to be able to ‘allow’ devices which have been quarantined by Exchange. So the Exchange Active Sync (EAS) email client connects from a device for the first time and Exchange puts them into quarantine. Aftercorrelating the devices between Exchange and IEM, the device is un-quarantined in Exchange if we know they are managed by IEM and allowed email. I would expect this to be a batch process from IEM to Exchange using the remote management.

Is this possible/supported ? Seems like a natural use case but I can’t find documentation which really describes this or other uses of the Exchange Extender.

The overall device policy would be controlled by IEM - this is about A/B/Q of mailboxes from certain devices.

(imported comment written by Gary Mullin)

Hi, there is some information here which might help :!/wiki/Tivoli%20Endpoint%20Manager/page/Enhanced%20Exchange%20Email%20functionality%20in%20TEM

There are also a couple of new fixlets that might help with the process described above:

710 Deny Email Access for Non-Correlated Devices

711 Allow Email Access for Devices Denied Email Access Because No Correlated Device Was Found

(imported comment written by NickGray)

Hi Gary,

Thanks for replying…unfortunately the link is actually to this post rather than a related one. I would be very interested if you could fix this to point to the one you meant to use.

I was not sure if those fixlets will act upon Exchange accounts, or whether they are actions to apply to IEM-managed devices. What I think I need is IEM to control the Exchange Active Sync status, to move mailboxes/devices from ‘quarantined’ to ‘allowed’. Do you know if those two fixlets do that ?

We have an IEM environment being built for Dev and one for Production by a couple of experts from Software Group services, so may be they can get hold of those fixlets and see what they do.

(imported comment written by Gary Mullin)

Hi Nick, sorry, I fixed the link - pasted the wrong one.

There are 2 main fixlets used to manage Exchange access - Allow email access and Deny email access. I you target the “Allow email access” on quarantined device (which will be blocked), it should unquarantine the device and allow access.

The device correlation described bascally “embeds” information from the agent device into the Exchange device, allowing actions to be taken on the Exchange devices based on information from the agent.

The fixlets in the previous post make it easier to allow only those devices which are correlated, meaning they are managed by IEM and have an agent installed.

(imported comment written by NickGray)

Great, thanks Gary, that sounds like just what we need to be able to do.