cancel
Showing results for 
Search instead for 
Did you mean: 

Access Control in Afaria unable to Whitelist Outlook email accounts

Former Member
0 Kudos

Hi Experts

Tried testing Access control with Afaria to go for a implementation in prod scenario. Afaria works awesome with  Native email app on the Android and iOS devices. However if those devices have exactly same email account configured in Outlook app, then the email account in the Outlook app simply gets quarantined(i think this is because the setting in Exchange is set to quarantined so that only Afaria can Allow them).

So how can Outlook email account be whitelisted.

Thanks in Advance...

Regards

Batish M 

Accepted Solutions (1)

Accepted Solutions (1)

tracy_barkley
Employee
Employee
0 Kudos

Batish,

Are these accounts showing up indeterminate?  When we configure accounts through Afaria, we should automatically unblock them as you mentioned.  These outlook accounts I would expect to come in in the indeterminate state since they may be manually configured prior to Afaria being installed.   Once we have a connection to the Exchange server, and Afaria is on the device, you should be able  check the Allow Afaria to make matches on ambiguous devices on the Server>Configuration>Server>MS Exchange page for your exchange server that is defined.

For iOS on the device screen, select unmatched email device.  You can manually match these there if needed.  Please see section 5 of the following document for more information.

http://help.sap.com/Download/Multimedia/zip-afaria/SP5_Device_Management.pdf

Tracy

Former Member
0 Kudos

Hi Tracy

The accounts are getting indeterminate.

The settings that you mentioned are already enabled for ambiguous device.

Sharing the Snaps of the quarantined mail received from O365 to give you a better idea.

Details for Native mail app on device

Device model: iPad2C2

Device type: iPad

Device ID: DB2NNJO5FP5O9BLOD4HENPG9PC

Details from the same device and same email account when in Outlook email app

Device model: Outlook for iOS and Android

Device type: Outlook

Device ID: AC1BA910C040CEFF

Where is the outlook app pulling up these details. These are not present-in Afaria device inventory.

Regards

Batish

tracy_barkley
Employee
Employee
0 Kudos

Batish,

My understanding of this process is that exchange ActiveSync id is presented by the Exchange server to the application ( in this case outlook) on initial connection.   The known one to Afaria is actually the activesync id that is set by the act of applying an exchange policy.    For outlook we don't actually do that on the Afaria side, so it comes in as indeterminate.   The exchange server is the one actually providing the list of its devices.

I believe the only recourse to match it would be if we had some sort of identifier that is close enough to get a partial match and using the Unmatched email devices.

Does this make sense?

Tracy

chris_redel
Explorer
0 Kudos

Batish,

I asume you are using the Microsofts Outlook app for iOS. I'm sure Afaria is currently NOT supporting this client for MS access control. I suggest you to add this as a new product feature on our idea place: https://service.sap.com


/Chris

Former Member
0 Kudos

Thank you both for your assistance.

KBA- 2221053 has clarified that this is not possible to whitelist email account in Outlook app.

Would their be a workaround or some way that can make it work, to just whitelist the devices in Afaria as the Devices Ids are being populated in the database. If their is a workaround possible that would be really helpful currently for me.

Regards

Batish

tracy_barkley
Employee
Employee
0 Kudos

At this time, there is no workaround.  The application would have to be supported with work from development, so as Chris suggested, I would recommend a Product Enhancement request out on http://ideas.sap.com   That is the fastest vehicle to make your request known to development.

Tracy

chris_redel
Explorer
0 Kudos

Batish,

the only workaround I can think of is using the MS Powershell to identify the Outlook active synch ID from each mailbox account and to manual (Powershell) approve these connections (devices). This should be possible on the Afaria server if the Exchange service account is known.

br Chris

Former Member
0 Kudos

I've been successful in added all sorts of devices (BlackBerry, WM, custom devices etc) by using the normal "devices" view in Access Control Settings in Afaria. This then gets transferred to ISAPI filter or via PowerShell to Exchange and then the device is approved correctly

BR

Peter

chris_redel
Explorer
0 Kudos

Hi Peter,

you are right - this is also possible as workaround if the Exchange Identifier is known. What have you used as "OS"?

Chris

Former Member
0 Kudos

Hi Chris,

I've just used whatever the customer didn't already have 🙂 If they don't have WinPhone I use that. If they have WinPhone I use WinMobile. Just to be able to tell which devices are created by hand and which are from Afaria's inventory mgr

BR

Peter

Answers (0)