How to block the iPhone from Exchange Activesync

Now by now we should all know that the iPhone is a major security risk on any corporate network. The device stores passwords in plain text, it remembers VPN passwords which are meant to be entered by the user each session, it shipped with the ability to bypass the devicelock passcode easily, it has no full device encryption at all, and its being swarmed over by hackers like flies over, well…, you know what.

No sane network admin would have a device with such a poor security record on their network. Unfortunately, due to Exchange Activesync configuration being so easy, many users sneak the device in under the nose of the admins, placing the whole network at risk. Fortunately there is a way to block this behavior.

If you are using ISA as your firewall then you can block an iPhone by inspecting the HTTP header. One simply need to click on the Activesync rule, choose Configure HTTP, add a signature which will be found in the Request Header, and search for iPhone in the same header. The picture below should make it clear. Afterward sleep peacefully at night knowing your corporate secrets are safe at last.

Via JasonLangridge’s weblog