Anyone reconcile Exchange ActiveSync logins against MDM enrollment?

pehlen
New Contributor

We're trying to write a report (using OBIEE but that's not important) that would take a dump from Exchange listing all ActiveSync mailbox accesses and reconcile it against iOS devices that are enrolled in MDM. Our policy states that all company owned devices must be enrolled, and that users can't connect any device that's not company owned. therefore any device that's not enrolled, but that accessed a mailbox, must be in violation of our policy.

Given # 1: We can generate a simple dump from excahnge with device serial #, mailbox accessed, and last date accessed.

Given #2: We can query the JSS database and get a listing of all devices.

Problem 1: the devices in the database are not linked in an easily determined fashion to the users. Note I'm referring to a db query and not referring to the JSS UI. There's a table with devices, and another table with users, but we didn't find how they're linked together. We got a copy of the mysql schema from support but haven't peeled back the layers yet.

Problem 2: We'd also like to check this against our AT&T bill. So really a 3 way match: if a device connects to a mailbox, is it also enrolled on the JSS? If not, is it on the AT&T bill? If the answer to both of these questions is No, then the device is not company owned and is in violation of the policy. if it is on the bill but not enrolled, it's simply out of compliance with the enrollment policy, not quite as bad.

So this is all a rambling sort of way of asking if anyone has set up anything similar, and if so how? We have about 900 iPhones and iPads and no other method currently of restricting access of non-compliant devices.

0 REPLIES 0