[bdj6020]

I'm moving this thread over here. This is the referenced post:

http://www.blackberryforums.com/gene...ml#post1268336

Essentially it describes how to enter your Exchange OWA credentials into the BIS server and thus circumventing having to attach your BB to a BES.

Does anyone know of a way to block this sort of activity? We don't want our BB users accessing exchange anyway other than via the BES connectivity. We certainly don't want them storing their passwords and userIDs at a 3rd party site like this.

Thanks

[TargetIT]

You have to block the IP's of the carriers at your firewall. I believe there's a list of them somewhere on this site.

[SoUnCool]

here is list of IP's and servers used by BIS, you block them on your firewall or use ISA to publish OWA, BIS wont pssthrough ISA (known RIM issue)

View Document

[dpeters11]

If these are blocked at the firewall, users would still be able to use BIS on their device for personal email accounts right?

[SoUnCool]

Quote:

Originally Posted by dpeters11

If these are blocked at the firewall, users would still be able to use BIS on their device for personal email accounts right?

yes right, you cannot stop them from getting personal emails

if their devices are on your BES< you can setup IT policy to use only your email service, in this way they wont be able to reply using BIS provided email service, i think the policy is in service exclusivity group > other message services, once this is set to false they can only use your BES provided email server to send outgoing emails,

no stopping for BIS incoming emails from gmail, hotmail or any other web mail

[DavidAdams]

Unfortunately I suspect the OP's end users aren't on the BES in the first place and so a policy can't be sent. If they are on the BES why connect via OWA/BIS as well? Sorry we are Domino here, so my OWA knowledge is limited, and also we have absolutely no access into our mail from outside that is not through a VPN, an account for which requires several signatures.

[SoUnCool]

Lucky you that you have a controlled envoirnment

we have OWA , and VPN and Citrix gateway too many ways for a user to get access

few of our users started to use their personal BB device on BIS via OWA and we had to stop them using firewall block

[WMedley]

Quote:

Originally Posted by SoUnCool

Lucky you that you have a controlled envoirnment

we have OWA , and VPN and Citrix gateway too many ways for a user to get access

few of our users started to use their personal BB device on BIS via OWA and we had to stop them using firewall block

You know. If it wasn't for those pesky end users our jobs would be easy!!!

[knottyrope]

Quote:

Originally Posted by WMedley

You know. If it wasn't for those pesky end users our jobs would be easy!!!

you would have no job if that were true

[WMedley]

Quote:

Originally Posted by knottyrope

you would have no job if that were true

True.

[knottyrope]

WORD

Peace out

[jyindc]

Just out of curiosity, why do you want to block OWA on staff personal blackberries. In your firm, is OWA not normally available to regular staff, or is there an additional security concern for OWA on handhelds?

[TargetIT]

Well one reason is that if the personal BB is compromised, and it's not on BES, you can't wipe it, you can't lock it. You have no control over it.

[Frank Castle]

it's not persay OWA access via the browser. BIS uses OWA as a means to pull email to the device.