Disabling access to Public Folders fromEntourage with Web Services clients

[pjlewis]

Version: 2008 Operating System: Mac OS X 10.6 (Snow Leopard) Processor: Intel Email Client: Exchange Hi,

We have a small Mac user base at my company, who have recently started using Entourage with Web Services to access their mail, and bypass our two-factor VPN/OWA authentication. However, we recently discovered that Entourage also allows access to Public Folders using only domain, username and password. Unfortunately, we have customer contracts which stipulate that Public Folder access is via two-factor authentication only, for security reasons. To meet our contractual obligations we have disabled EWS entirely in the short term, but our Mac user base has kicked up quite a stink because of this.

My question is this: is it possible to have Mail access (and also GAL, Out of Office access) enabled, while disabling access to Public Folders, so that we can meet our contractual obligations? So far, I have been able to find anything that hints whether this is possible or not, but I live in hope!

Some of our users also pointed out that now Mail.app on the Mac supports mail/calendar/contact access via EWS, but does not allow access to Public Folders, and so we have also cut these people off when they were not a security risk in the first place.

Unfortunately, all the of Macs in question are personal PCs, and so we cannot do anything policy-based, such as blocking Entourage.app and only allowing Mail.app.

Any suggestions are appreciated.

Thanks,

Paul

 

[William Smith [MVP]]

We have a small Mac user base at my company, who have recently started
using Entourage with Web Services to access their mail, and bypass our
two-factor VPN/OWA authentication. However, we recently discovered that
Entourage also allows access to Public Folders using only domain,
username and password. Unfortunately, we have customer contracts which
stipulate that Public Folder access is via two-factor authentication
only, for security reasons. To meet our contractual obligations we have
disabled EWS entirely in the short term, but our Mac user base has
kicked up quite a stink because of this.

I don't think this is necessarily EWS allowing the problem to happen.
They are using your Outlook Web Access (OWA) service, which requires no
VPN authentication. Access to your public folders is probably possible
using just OWA too.

My question is this: is it possible to have Mail access (and also GAL,
Out of Office access) enabled, while disabling access to Public Folders,
so that we can meet our contractual obligations? So far, I have been
able to find anything that hints whether this is possible or not, but I
live in hope!

Mail cannot access public folders at all. It can access the GAL using
EWS. It cannot set Out of Office, but that can be done via OWA.

Some of our users also pointed out that now Mail.app on the Mac supports
mail/calendar/contact access via EWS, but does not allow access to
Public Folders, and so we have also cut these people off when they were
not a security risk in the first place.

Unfortunately, all the of Macs in question are personal PCs, and so we
cannot do anything policy-based, such as blocking Entourage.app and only
allowing Mail.app.

You wouldn't really be able to do that anyway.

I suggest posting your question in the microsoft.public.exchange.admin
newsgroup and ask if it's possible to restrict access to public folders
to internal users only and not via OWA.

Hope this helps!

--

bill

Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Twitter: follow <http://twitter.com/meck>