Taking Actions on ActiveSync associations

Actions applied on a record in the ActiveSync page only impact the user associated with the device in that record. If the user is also available on another device, the user on that device is not impacted.

Allow, Block, and Wipe actions override Core’s automatic decision-making about a device’s ability to access the ActiveSync server. For more information, see Assign policy.

Ivanti, Inc recommends applying ActiveSync actions to devices other than iOS, Android, and WP8 devices. Wipe, Assign Policy, and Revert Policy are ActiveSync actions. The Assign Policy and Revert Policy actions are applied to the device, not to the user.

Procedure 

1. In the Admin Portal, go to Devices & Users > ActiveSync.

Figure 1. ActiveSync association actions

2. Select an ActiveSync record.
3. Click Actions, then click one of the following:
- Allow
- Block
- Wipe
- Register
- Remove
- Link To
- Assign Policy
- Revert Policy
4. Enter a note in the pop-up dialog.
5. Click the ActiveSync action button in the pop-up dialog.

Allow.

Block

Wipe

Register

Remove

Linking an ActiveSync device to a managed device

Assign policy

Revert policy

Allow

The Allow action allows:

blocked ActiveSync devices to access the ActiveSync server.

the ActiveSyncy association to access the ActiveSync server, regardless of possible security policy violations.

Block

The Block action blocks the selected ActiveSync association from accessing the ActiveSync server even if it is not in violation of its security policy.

Wipe

Wiping an ActiveSync phone sends an ActiveSync Wipe command to the phone, which removes all data from the phone, returning the phone to factory defaults. Once you wipe a phone, its status changes to Wiped, and the only valid action you can apply is Remove.

The wipe behavior differs depending on the platform. For example, for any Android device, the Email+ client does not support ActiveSync Wipe.

Returning the phone to factory defaults removes all data. Once a wipe has started, do not restart your phone. Interfering with the wipe process can render your phone non-functional.

The device is wiped only when it attempts to sync, or the user takes an action. For example, the device is wiped when the device user attempts to send an email.

Register

Registering an ActiveSync phone with Ivanti, Inc enables device management and intelligence functions for the phone. See “ActiveSync device registration” in the Core Device Management Guide.

Remove

Removing an ActiveSync device removes the association between the phone and the ActiveSync mailbox. All information about the phone is removed, including any previously configured Allow, Block or Wipe commands.

For more information about using Remove, see Assign policy.

Linking an ActiveSync device to a managed device

In most cases, Ivanti, Inc automatically matches the device record on the ActiveSync server to the corresponding device record on Core. If this link does not happen automatically, you can use the Link To feature to link a device in the ActiveSync page to a device in the Devices page to establish this match.

Procedure 

1. Select the device in the ActiveSync page.
2. Click Actions > Link To.
3. Select the corresponding device from the popup.

If the corresponding device is already linked to another ActiveSync entry, you will be presented with the option to either Replace the previous association with the selected device, or Duplicate to additionally associate the selected device.

4. Click Link To.

Assign policy

You have to manually apply an ActiveSync policy to a device. If an ActiveSync policy is not applied to a device, the Default ActiveSync Policy behavior configured in Settings >Sentry > Preferences is applied to the Sentry interaction with the ActiveSync server.

Apply this action only to devices other than iOS, Android, and WP8 devices.

Revert policy

Reverting an ActiveSync policy reverts the device to the Default ActiveSync Policy behavior configured in Services > Sentry > Preferences. The default behavior is applied only when the device engages in an ActiveSync Provision.

Overriding and re-establishing Core management of a device

Core automatically makes decisions to perform allow, block, or wipe actions based on the following:

the device’s security policy

whether the maximum number of devices per mailbox has been exceeded

whether you specified to auto block unregistered devices

However, you can override Core’s management by manually selecting Allow, Block, or Wipe.

Reestablishing Core management

Once you select the Allow, Block, or Wipe for the device, Core no longer automatically makes these decisions. You can reestablish Core management of the device by removing the device from the ActiveSync page. The next time the device accesses its email, Core adds the device back to the view, and once again manages the device based on its security policy.

Procedure 

1. In the Admin Portal, go to Devices & Users > ActiveSync.
2. Select the ActiveSync association, then click Remove.

Core removes the device from the ActiveSync page.

Determining if a device was recently blocked or allowed

You can determine if a device was recently blocked or allowed, and if it was a manual or automatic action.

Procedure 

1. In the Admin Portal, go to Log > Browse All.
2. Look for Block or Reinstate (which means allowed) in the Action column.

The message column indicates if the action was due to the security policy. If the action was manual, the message column is either empty, or contains a note added by the administrator who performed the manual action.