Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Connect Mobile Device
  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
hello guys, all android mobile devices is supported by Kerio Connect for remote wipe?

I have installed a Kerio on my android phone but it's not displayed on the list of mobile devices on my user account on Kerio Connect administration page.

any ideas?

Thanks.
  •  
Radek Sip (Kerio)

Messages: 1319
Karma: 48
Send a private message to this user
In the list are devices connected via Exchange ActiveSync.

I guess your Android is connected via IMAP/CalDAV/CardDAV

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
Hi Radek, thank you so much for your reply.

Okay, if the Android is connected via IMAP/CalDAV/CardDAV is there a way to check those devices?

Is it possible to do a remote wipe for devices connected via IMAP?

Thanks. Smile
  •  
JJJCR

Messages: 110
Karma: -6
Send a private message to this user
Kerio Connect remote wipe everything on the phone or only the Kerio Connect email account?
  •  
Radek Sip (Kerio)

Messages: 1319
Karma: 48
Send a private message to this user
http://kb.kerio.com/product/kerio-connect/email-clients/mobi le-devices/managing-mobile-devices-1307.html

"Since the device types and operating systems are different, it depends on these conditions whether it is possible to reset the device completely or only to clear out synchronized folders."

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
howdy

i am still not quite clear on what gets deleted when "wipe" is initiated

we have multiple people access our servers using multiple devices (iPhone, android, windows mobile, iPad etc)... and they are typically their own devices

they are reluctant to agree to the company having total control over their device... in so much as we can delete the entire contents of the phone.... and not just kerio sync'ed data

what are the options here?

also... is there a way of having the built-in email app (on whichever device) requiring a password each time to connect to the server... with no data being downloaded to the device.. sort of like webmail / kerio connect client but better... the problem with kerio connect client on an iPhone is that is doesn't seem to scale to the screen... is cumbersome... or am i missing something

thanks

yukioMishima
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
It appears that a "wipe" process removes all data from the device. If a user selects "reset" themselves, then the device is restored to factory. EAS is required for this functionality. With EAS the Kerio Connect user profile usually has a setting for # of days to sync (mine is set to 3 days). As a result, this setting determines your potential risk window.

If you don't want to completely wipe the device, you may consider just removing it (rather than wipe) and change the user's password so that the device can no longer sync without the new password. In this way, no additional mail or info will be sync'd and the device's registration is removed from the server.

You might also consider a special User Access Policy that is reserved and assigned to users who have had a mobile device compromised so that Connect denies/allows specific access types (perhaps only temporarily).

Ken Snyder
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
thanks for the reply

all good options... HOWEVER... the user still has to opt-in to the fact that their personal device can be completely wiped... at any time... by the kerio server admin if they are to use a mobile devices built-in email app... correct?

are there any other options.... or is this it?

thanks

yukioMishima

[Updated on: Thu, 09 April 2015 19:24]

  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
If they don't want to agree to that, then they don't have to connect the device using EAS. They can use IMAP.

At the end of the day this is an education issue for admins on when it's appropriate to perform a wipe. If the company owns the device and an employee is terminated and hands over the device...wipe it. If the device is lost or stolen, the user can decide to use "find my phone" functionality (if supported by manufacturer), or they can wipe the whole thing themselves (hopefully they make backups), or ask an Admin to wipe it for them. Or they can change the password themselves (or ask an admin).

If the employee is terminated and using their own device, it's obviously not appropriate for an admin to wipe it. Instead, remove the device registration and disable the user account.

Is there something that I'm missing in terms of scenarios?

I'd encourage you to develop a policy for what needs to happen under certain circumstances, publish it, and stick to it. Using EAS provides some severe emergency wipe capabilities, but there are dozens of other things that users and admins can do depending on the severity and urgency of the situation.

[Updated on: Thu, 09 April 2015 20:08]


Ken Snyder
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
ken

thanks for the detailed reply

yep.. plenty of scenarios to ponder

i guess the main concern is not so much on the admin side... but the end user who is using their own device to connect to the office kerio... and then having to accept that their device is then totally at the mercy of a kerio admin viz-a-vie having their phoned wiped... of ALL data... not just kerio related data

thanks again

yukioMishima

[Updated on: Mon, 13 April 2015 20:02]

  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Yes - any argument against the way this is implemented is more appropriately directed at Microsoft and the way EAS conducts remote wipes and perhaps even the device manufacturer.

A couple of quick Google searches leads me to believe that all device manufacturers interpret *any* remote wipe commands as being applicable to the whole device and not just to corporate data. Some device manufacturers may also interpret the wipe command as being applicable to any storage cards.

Encourage users to backup their devices regularly...it's just a smart thing to do under any circumstance.

[Updated on: Mon, 13 April 2015 20:39]


Ken Snyder
Previous Topic: mitigating BEAST attack in 8.4.1
Next Topic: MAPI_E_NOT_FOUND attempting to open Outlook w/ KOFF
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue May 30 09:27:31 CEST 2017

Total time taken to generate the page: 0.02768 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.