Exchange: Creating a device access rule

These instructions will enable you to set a device access rule in Exchange that prohibits devices from accessing the Exchange Server unless they are going through Forcepoint ONE SSE. This ensures complete compliance for users across all devices.

Note: These instructions assume that you are ready to move to Forced Migration (any users that have not yet migrated to Forcepoint ONE SSE will now be forced to do so). Also for hybrid deployments that are using both Exchange and Microsoft 365, you will need to ensure that the login format is set to UPN.

Steps

  1. Login to the Exchange control panel (typically https://<EXCHANGE_SERVER_ADDRESS>/ecp), click Manage My Organization and then click Users & Groups
    Find the user who's credentials were used to send the test connection to Forcepoint ONE SSE.


  2. Double click the User, select Phone & Voice Features and then Edit the Exchange ActiveSync feature.


  3. Highlight the Bitglass device and click Create a rule for similar devices...


  4. Leave the Device family and Only this model fields as-is. Select Allow Access then Save.


  5. In the left navigation column, select Phone & Voice then Edit under Exchange ActiveSync Access Settings.


  6. Select Block Access under connection settings. Specify customization text for block emails if desired. Click Save.