Benefits of using Sentry in your deployment include the following:
Using Standalone Sentry, you can choose how the user authenticates with the ActiveSync server or the backend resource. You can choose password authentication, certificate authentication, or Kerberos Constrained Delegation.
UEM applies security, privacy, lockdown, and sync policies to registered devices. These policies ensure that devices can connect only if they comply to your organization’s security requirements. Standalone Sentry gets device posture and compliance information from UEM, and allows access based on the device posture.
When you use Sentry for ActiveSync, you also have the option to configure an ActiveSync policy that is applied to the device. The ActiveSync policy determines, for example, the password requirements for devices, whether you require device encryption, and whether devices can access email using a browser.
An ActiveSync device is typically registered. However, for devices that cannot support the Core-provided policies, you can use the ActiveSync policy to support your organization’s security requirements.
When using Standalone Sentry for ActiveSync or AppTunnel, devices access the backend resource through Standalone Sentry. Because of this single point of access, Standalone Sentry knows which devices and users are accessing backend resources.
Standalone Sentry for ActiveSync creates a unique record for each combination of user and device accessing the ActiveSync server. Standalone Sentry then associates the ActiveSync record to a device and user in UEM. Without Sentry, a user could configure multiple devices to access the ActiveSync server, and you would have no automated way of knowing about all the devices or managing access for these devices.
Standalone Sentry for AppTunnel creates a unique AppTunnel session (connection) for each unique combination of user, app, and device. For example, Standalone Sentry creates an AppTunnel for UserA using AppA on DeviceA, and a new AppTunnel for UserA using AppB on DeviceA. Each AppTunnel provides visibility into the user, device and the backend resources being accessed.
You can take actions on ActiveSync devices. For example, you can block email access on a device, or wipe the device (reset it to factory defaults). You can take these actions regardless of whether an ActiveSync device is registered with Core.
You can also take action on AppTunnels. You can Allow or Block an AppConnect app on a device from accessing the backend resource. You can also Remove an AppTunnel.
If there are policy violations, registered ActiveSync devices and AppTunnels can be blocked. You can take Allow, Block, and Remove actions on unregistered ActiveSync devices.