Jamf Nation Community

bbergstein · ‎05-16-2013

A little background:
We have begun deploying iPad minis to our stores for use with an ordering app we wrote. We have run into an issue with a number of our store managers picking these devices up and trying to put their email and such on there. The problem with this is we dont have exchange licensing for these users to put their email on the iPads, and the iPads are supposed to be shared devices, without anyone's information on it.

Now, the question:
is there a way to enable the account restrictions either via MDM (nothing that i can see in Casper 8.62, so I'm assuming not) or via somehow restoring the manually set restrictions? We found that they dont carry over if we set them and then do a capture in Configurator (which is what we're using to configure these devices before they go out).

Thanks!

bentoms · ‎05-16-2013

Which version of exchange are you using?

You could just disable ActiveSync on their accounts or maybe enable exchange active sync device blocking.

bbergstein · ‎05-17-2013

We're on exchange 2010. The problem is, some of these guys have other devices that use activesync, so we can't just turn it off for their accounts. We looked into scripting a sort of block on the exchange side, but we would have to do it for a number of accounts because, according to our Exchange admins, there is no good way to do a system-wide device block.

bentoms · ‎05-17-2013

If you're wishing to secure ActiveSync you should look @ http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx

We use AirWatch for our MDM, so our devices are allowed when enrolled.

I guess you could enable ActiveSync device quarantining on those accounts & only allow the approved devices.

You can do this company wide, but you would need to block all devices & then allow. This would stop an unapproved device from using ActiveSync on anybody's account.

Jamf Nation Community

iOS Account Restrictions