We are excited to announce that Scalefusion now offers Conditional Email Access (CEA) for Exchange Online. With Conditional Email Access (CEA), your organization can limit its corporate email access to devices managed by Scalefusion MDM. Incorporation of this feature makes Scalefusion the sole point of control for allowing or denying access to corporate email across the fleet of your devices. This feature allows controlling corporate email access for devices running on Android, iOS and Windows.
What is Conditional Email Access for Exchange Online?
Exchange Online is a cloud-hosted email solution from Microsoft that offers features similar to a traditional on-premise Microsoft Exchange Server. Conditional Email Access (CEA) for Exchange Online is a specific offering from Scalefusion that targets Microsoft Exchange Online to control access to the various mailboxes that are hosted on Exchange Online.
Conditional Email Access (CEA) for Exchange Online leverages Exchange ActiveSync protocol to manage email clients’ access to a mailbox.
Who can use Conditional Email Access for Exchange Online?
For an organization to start using Conditional Email Access for Exchange Online, the organization must have an appropriate Microsoft 365/Office 365 license with Exchange Online subscription.
How does Scalefusion Achieve Conditional Exchange Access?
With the advent of remote working, the BYOD culture has gained popularity. Conditional Email Access is a necessity to secure corporate email access to allow the BYOD work culture to thrive. Scalefusion enables IT teams to better manage BYOD or Company-Owned Devices (COD) that end-users use to access emails on Microsoft’s Exchange Online mail server.
Conditional Email Access lets IT Admins enforce the users to enroll their unmanaged (Personal Devices) to Scalefusion before they can access the corporate emails. Scalefusion offers the following configurations to set up the Conditional Email Access policy for your organization.
- Default Global Access Policy: All new devices of users are quarantined by default. Scalefusion takes over the responsibility to allow or deny mailbox access to a particular device based on the configuration parameters set by the IT administrator.
- Grace Period for Existing Devices: Scalefusion has a provision to extend a grace period of 15 to 30 days for all existing devices of users as at the time of applying CEA policy. If configured, during the grace period, users with devices that are already accessing corporate emails are allowed to retain their access however they are expected to enroll their device with Scalefusion to continue accessing their corporate mailbox beyond the grace period. Once the grace period expires and if the device is not registered with Scalefusion, such device will be blocked from accessing the corporate mailbox.
- Grace Period for New Devices: Scalefusion has a provision to extend a grace period of 15 to 30 days for all new devices. If configured, during the grace period, users are allowed to access their corporate emails using the new device however they are expected to enroll their device with Scalefusion to continue accessing their corporate mailbox beyond the grace period. Once the grace period expires and if the device is not registered with Scalefusion, such device will be blocked from accessing the corporate mailbox.
- Target Users: Scalefusion has a provision for IT administrators to choose to apply the CEA policy either across the entire organization or only to a specific set of users. This option provides flexibility to IT administrators to try out the CEA policy within a control group before rolling it out to a broader user-base or across the entire organization.
- Reminder email templates: If a grace period has been provided by IT administrators, they can craft the content of reminder email templates that are sent periodically to the users to prompt them to enrol their device with Scalefusion. The frequency of the reminder emails can be configured by IT administrators as well.
- Block Email Access from Outlook: Scalefusion has a provision for IT administrators to block email access using the Outlook app on selected platforms. It’s recommended that administrators block email access using the Outlook app on Android, iOS and Windows platforms.
- Block Outlook Web Access: Scalefusion has a provision for IT administrators to block email access using the Outlook Web Access. It’s recommended that administrators block Outlook Web Access.
Understanding Conditional Exchange Access with Scalefusion
Before Conditional Email Access (CEA) is enabled for the first time using the Scalefusion dashboard, any device accessing Exchange Online till such time is considered an existing Device. Access to corporate email from such an existing device is controlled as per the below flowchart.
Once a device is enrolled with Scalefusion, Exchange Online is updated to allow connection to the stated mailbox from the enrolled device. Subsequent access to the mailbox from the enrolled device goes through successfully.
Conditional Email Access (CEA) policy can be applied either across the entire organization or only to a specific set of users. If the policy is applied to a specific set of users, such target users’ access to the corporate email is controlled by Scalefusion. Other non-target users continue to access their email as usual.
Closing Lines
Conditional Email Access is the ideal way to secure your corporate email and allow your employees to work flexibly from anywhere. Get started on Conditional Email Access (CEA) for Exchange Online with Scalefusion. Refer to the help document to know more!
