Taking Actions on ActiveSync associations
Actions applied on a record in the ActiveSync page only impact the user associated with the device in that record. If the user is also available on another device, the user on that device is not impacted.
Allow, Block, and Wipe actions override Ivanti EPMM’s automatic decision-making about a device’s ability to access the ActiveSync server. For more information, see Assign policy.
Ivanti recommends applying ActiveSync actions to devices other than iOS, Android, and WP8 devices. Wipe, Assign Policy, and Revert Policy are ActiveSync actions. The Assign Policy and Revert Policy actions are applied to the device, not to the user.
Procedure
1. | In the Admin Portal, go to Devices & Users > ActiveSync. |
Figure 1. ActiveSync association actions
2. | Select an ActiveSync record. |
3. | Click Actions, then click one of the following: |
- | Allow |
- | Block |
- | Wipe |
- | Register |
- | Remove |
- | Link To |
- | Assign Policy |
- | Revert Policy |
4. | Enter a note in the pop-up dialog. |
5. | Click the ActiveSync action button in the pop-up dialog. |
•Allow.
•Wipe
•Linking an ActiveSync device to a managed device
Allow
The Allow action allows:
•blocked ActiveSync devices to access the ActiveSync server.
•the ActiveSyncy association to access the ActiveSync server, regardless of possible security policy violations.
Block
The Block action blocks the selected ActiveSync association from accessing the ActiveSync server even if it is not in violation of its security policy.
Wipe
Wiping an ActiveSync phone sends an ActiveSync Wipe command to the phone, which removes all data from the phone, returning the phone to factory defaults. Once you wipe a phone, its status changes to Wiped, and the only valid action you can apply is Remove.
The wipe behavior differs depending on the platform. For example, for any Android device, the Email+ client does not support ActiveSync Wipe.
Returning the phone to factory defaults removes all data. Once a wipe has started, do not restart your phone. Interfering with the wipe process can render your phone non-functional.
The device is wiped only when it attempts to sync, or the user takes an action. For example, the device is wiped when the device user attempts to send an email.
Register
Registering an ActiveSync phone with Ivanti enables device management and intelligence functions for the phone. See “ActiveSync device registration” in the Ivanti EPMM Device Management Guide.
Remove
Removing an ActiveSync device removes the association between the phone and the ActiveSync mailbox. All information about the phone is removed, including any previously configured Allow, Block or Wipe commands.
For more information about using Remove, see Assign policy.
Linking an ActiveSync device to a managed device
In most cases, Ivanti automatically matches the device record on the ActiveSync server to the corresponding device record on Ivanti EPMM. If this link does not happen automatically, you can use the Link To feature to link a device in the ActiveSync page to a device in the Devices page to establish this match.
Procedure
1. | Select the device in the ActiveSync page. |
2. | Click Actions > Link To. |
3. | Select the corresponding device from the popup. |
If the corresponding device is already linked to another ActiveSync entry, you will be presented with the option to either Replace the previous association with the selected device, or Duplicate to additionally associate the selected device.
4. | Click Link To. |
Assign policy
You have to manually apply an ActiveSync policy to a device. If an ActiveSync policy is not applied to a device, the Default ActiveSync Policy behavior configured in Settings >Sentry > Preferences is applied to the Sentry interaction with the ActiveSync server.
Apply this action only to devices other than iOS, Android, and WP8 devices.
Revert policy
Reverting an ActiveSync policy reverts the device to the Default ActiveSync Policy behavior configured in Services > Sentry > Preferences. The default behavior is applied only when the device engages in an ActiveSync Provision.
Overriding and re-establishing Ivanti EPMM management of a device
Ivanti EPMM automatically makes decisions to perform allow, block, or wipe actions based on the following:
•the device’s security policy
•whether the maximum number of devices per mailbox has been exceeded
•whether you specified to auto block unregistered devices
However, you can override Ivanti EPMM’s management by manually selecting Allow, Block, or Wipe.
Reestablishing Ivanti EPMM management
Once you select the Allow, Block, or Wipe for the device, Ivanti EPMM no longer automatically makes these decisions. You can reestablish Ivanti EPMM management of the device by removing the device from the ActiveSync page. The next time the device accesses its email, Ivanti EPMM adds the device back to the view, and once again manages the device based on its security policy.
Procedure
1. | In the Admin Portal, go to Devices & Users > ActiveSync. |
2. | Select the ActiveSync association, then click Remove. |
Ivanti EPMM removes the device from the ActiveSync page.
Determining if a device was recently blocked or allowed
You can determine if a device was recently blocked or allowed, and if it was a manual or automatic action.
Procedure
1. | In the Admin Portal, go to Log > Browse All. |
2. | Look for Block or Reinstate (which means allowed) in the Action column. |
The message column indicates if the action was due to the security policy. If the action was manual, the message column is either empty, or contains a note added by the administrator who performed the manual action.