Deny Access to email if sophos control app is not installed.

Question

Hello There, 
 My name is Pablo and we have setup SMC 6.0 in our environment, two thing I found some threat about it but no solution, we want to force the use the of sophos control and if a device doesnt have it deny access to email, I thing this is a two side conf, one from smc and one from exchange activesync but I havent found how to do it, and when i deny access to email to some devices even though they still can receive email, what i have to do to complete deny access to email.

SDU · Answer

Hi koolkuiet, 
 as a pre-requisite to successfully use the "Deny email" options within the compliance rules mentioned by Josip you have to use the Sophos Mobile Control server as EAS Proxy. This way, all email synchronization tries are first hitting the SMC server which will verify if the device / user is allowed to retrieve emails from the mail server. If that is given, you can use the compliance rules to dynamically grant or deny email access. 
 You can define required apps which devices must have installed or you can also use the minimum SMC client version or the sync interval as stated by Josip. 
 Best regards Stefan

SDU · Answer

Hi All, 
 to connect the internal EAS Proxy to an Exchange Server, log in as the super administrator of your SMC server. Then, go to the "Setup | System setup" section and switch to the "EAS Proxy" tab. Within the "Exchange/groupware server URL" enter the name of your Exchange / ActiveSync server. You can test if the SMC server is able to reach the server by using the "Test connection" button. 
 Once that is done, your SMC server will forward all traffic coming in for the page https://smcserver.company.com /Microsoft-Server-ActiveSync to your configured email server. 
 Within your email profiles / policies, enter as the email server the SMC server and the proxy functionality of the SMC server can be used. 
 Hope that helps 
 Best regards Stefan