IOS 7.0: To Block or Not to Block? (updated)

Posted on by
11

iPhone iOSWith the meeting and log flooding issues caused by certain IOS 6.x versions still fresh in memory, one may prefer to adopt a more conservative strategy when it comes to new IOS releases interacting with your Exchange infrastructure – or any mobile OS for that matter.

After Apple released IOS 7.0 this week, some shops consider blocking or quarantining this version until it’s been approved after proper testing and monitor online communities for potential issues during a small waiting period.

In an earlier article, I mentioned how to accomplish (temporarily) blocking IOS 6.x on Exchange 2010 or TMG; here’s how to achieve this for IOS 7.0 on current platforms:

To distinguished IOS 7.0 from earlier versions, you need to check the DeviceOS field as returned by Get-ActiveSyncDevice (Exchange 2010) or Get-MobileDevice (Exchange 2013). For example, here’s how to return current partnered EAS devices:

#Exchange 2010:
Get-ActiveSyncDevice | Where {$_.DeviceOS -like"IOS 7.0*"}

#Exchange 2013:
Get-MobileDevice | Where {$_.DeviceOS -like "IOS 7.0*"}

To block or quarantine IOS 7.0 devices you can utilize Exchange’s Allow/Block/Quarantine (ABQ) mechanism using the New-ActiveSyncDeviceAccessRule cmdlet in conjunction with the DeviceOS, DeviceModel or UserAgent string. When using DeviceOS, it requires specifying the full device OS string, which can vary per device or IOS.

For example, when the DeviceOS is iOS 7.0 11A465 (meaning build 11A465) or 7.0.1 11A470a, the cmdlet for setting up the quarantine rule would be (for blocking replace Quarantine with Block):

New-ActiveSyncDeviceAccessRule -QueryString “iOS 7.0 11A465″ -Characteristic DeviceOS -AccessLevel Quarantine
New-ActiveSyncDeviceAccessRule -QueryString “iOS 7.0.1 (11A470a)″ -Characteristic DeviceOS -AccessLevel Quarantine

For the exact strings consult Get-ActiveSyncDevice/Get-MobileDevice output.

For examples of alternative blocking methods using TMG or F5, check this article. More information on ABQ here. Note that users utilizing the OWA for iPhone or iPad apps won’t be blocked after implementing this measure.

Be advised there are already reports of issues with iOS 7.0 such as substantial reduction of battery life and slow devices. What’s far worse is that you can also bypass the lock screen, similar to the lock screen glitch in IOS 6.1.3. L’histoire se répète.

Update (21Sep): According to reports, iOS 7 allows you to make calls despite the lock. How’s that for a potential corporate smart phone.

Update (26sep): Apple has released security update iOS 7.0.2 (build 11A501, all devices) which fixes the lock screen glitch. Another good reason to block earlier iOS 7.0 / 7.0.1 versions, only allowing iOS 7.0.2 devices to retrieve company data.

Outlook.com gets IMAP & OAuth support

Posted on by
Reply

Outlook 2013 IconToday Outlook.com, Microsoft’s free web-based e-mail service and evolution of hotmail.com after Microsoft bought the equally named service in 1997, received support for IMAP (protocol for e-mail retrieval – and manipulation) and OAuth 2.0 (an authorization standard.). Outlook.com is reported to have a user base of over 400.000.000 accounts.

This could be interesting for IMAP-based services or clients lacking Exchange ActiveSync support or for which POP (retrieval only) won’t suffice. They can now provide IMAP-based services or applications which can not only operate with on-premises Exchange, Office 365 or 3rd party e-mail systems, but also mailboxes hosted on Outlook.com.

Here is the information to set up IMAP (and SMTP for sending out e-mail) services in your application or service:

IMAP

  • Incoming IMAP mail server: imap-mail.outlook.com
  • Incoming IMAP mail server port: 993
  • Encryption: SSL

SMTP

  • Outgoing SMTP mail server: smtp-mail.outlook.com
  • Outgoing SMTP mail server port: 587
  • Encryption: TLS

 

Exchange 2013 and .NET 4.5 fixes KB2803754 & KB2803755

Posted on by
7

Ex2013 LogoMicrosoft published an important hotfix for .NET 4.5 earlier this year. It wasn’t picked up on by many, therefor a quick write up on the matter.

Since Exchange 2013 is built on top of .NET 4.5, it is recommended to install the hotfix on all Exchange 2013 Mailbox and Multi-Role servers. The hotfix will reduce the memory consumption of the store worker processes.

If you’re using Windows Server 2008 R2, the hotfix is KB2803754 and can be requested here; when using Windows Server 2012 the hotfix is KB2803755 which can be requested here.

After installing the hotfix, you need to do one of the following things:

  • Set the following registry key:
    HKLM\Software\Microsoft\.NETFramework\DisableRetStructPinning=1 (REG_DWORD)
  • Set the COMPLUS_DisableRetStructPinning environment variable to 1

I’d prefer the first option. Note that you need to restart the server for the change to become effective.

Thanks to Tony Redmond for the heads up.

TechNet Subscriptions Changes

Posted on by
4

In the wake of Microsoft’s announcement to retire TechNet and more recently cancelling the MCM/MCSM/MCA certifications, Microsoft is offering some changes in the TechNet area, in what looks like a move to regain some trust from the community.

After the TechNet retirement announcement, in which Microsoft suggested IT Pros to switch to the far more expensive MSDN subscriptions, use time-bombed eval software or make use of the very limited Virtual Academy and Virtual Labs, the community cried foul which resulted in initiatives like a petition which currently has received over 10,000 signatures (if you haven’t signed yet, please do so).

The changes announced today are published in full here. In short:

  • Non-Volume Licensing program particpating subscribers who were active on September 1st, 2013 who’s subscription expires on or before September 30th, 2014, may extend their subscription for another 90 days for free;
  • 180 day limited previous versions of software will be made available through the Evaluation Center. No details yet on the number of software generations that will be made available.
  • Microsoft Certified Trainers (MCT) will also get a 90 day extension for their TechNet Professional subscription. In addition, a replacement is in the works in which MCT’s get access to non-time-bombed software for instructional/training purposes.

While still short of the original subscription, Microsoft is moving. However, if they can quickly make arrangements for MCTs, why not for IT Professionals and their TechNet subscriptions?

Looking at the way many fellows, myself included, work, that 180 day time-bombed is pretty useless or at least annoying and time consuming (like if I have nothing better to do than to redeploy and reconfigure lab environments).

With MCT nowadays mainly being a registration and fee donation process, I won’t be surprised to see a lot of “paper MCTs” after January, 2015 (September 2014 + 90 days) if the situation stays like this.

What do you think? Are these changes satisfactory?

The UC Architects Podcast Ep27

Posted on by
Reply

iTunes-Podcast-logo[1]We’re glad to announce the availability of episode 27 of The UC Architects podcast.

This episode is hosted by Steve Goodman, Pat Richard, Michael van Hoorenbeeck, John Cook, Serkan Varoglu, Tim Harrington, Johan Veldhuis and yours truly. Special guests are Andrew Higginbotham (Exchange MCM), Brian Reid (Exchange MCM, Instructor), and Jeff Guillet (Exchange MCM, MVP).

This is a special episode on the cancellation of the MCM/MCSM and MCA certifications by Microsoft, the impact on the certification market, MCM/MCSMs and those aspiring the certification and to the IT Professional community in general.

Special thanks to Andrew J. Price for some blitz editing.

More information on the podcast including references and a link to download the podcast directly here or you can subscribe to the podcasts using iTunes, Zune or use the RSS feed.

About
The UC Architects is a bi-weekly community podcast by people with a passion for Unified Communications; our main focus is on Exchange, Lync or related subjects.