Citrix Endpoint Management

ActiveSync Gateway

ActiveSync is a mobile data synchronization protocol developed by Microsoft. ActiveSync synchronizes data with handheld devices and desktop (or laptop) computers.

You can configure the ActiveSync Gateway rules in Citrix Endpoint Management. The ActiveSync gateway keeps a list of ActiveSync IDs for all devices configured in Citrix Endpoint Management. Based on the rules you configure, you can allow or deny devices access to ActiveSync data, based on those ActiveSync IDs. For example, if you activate the rule Missing Required Apps, Citrix Endpoint Management checks the App Access Policy for required apps. If the required apps are missed, the policy denies access to ActiveSync data. For each rule, you can choose either Allow or Deny. The default setting is set as Allow.

For more information about the App Access device policy, see App access device policy.

Citrix Endpoint Management supports the following rules:

Anonymous Devices: Checks if a device is in anonymous mode. This check is available if Citrix Endpoint Management can’t reauthenticate the user when a device tries to reconnect.

Forbidden Apps: Checks if a device has forbidden apps, as defined in an App Access policy.

Implicit Allow and Deny: This action is the default for the ActiveSync Gateway. The gateway creates a Device List of all devices that do not meet any of the other filter rule criteria. The gateway then allows or denies connections based on that list. If no rule matches, the default is set as Implicit Allow.

Inactive Devices: Checks if a device is inactive as defined by the Device Inactivity Days Threshold setting in Server Properties.

Missing Required Apps: Checks if a device is missing the required apps, as defined in an App Access policy.

Non-suggested Apps: Checks if a device has non-suggested apps, as defined in an App Access policy.

Noncompliant Password: Checks if the user password is compliant. On iOS and Android devices, Citrix Endpoint Management can determine whether the password currently on the device is compliant with the passcode policy sent to the device. For instance, on iOS, the user has 60 minutes to set a password if Citrix Endpoint Management sends a passcode policy to the device. Before the user sets the password, the passcode might be non-compliant.

Out of Compliance Devices: Checks whether a device is out of compliance, based on the Out of Compliance device property. Automated actions or third parties using Citrix Endpoint Management APIs usually change that property.

Revoked Status: Checks whether the device certificate was revoked. A revoked device can’t re-enroll until it is authorized again.

Rooted Android and Jailbroken iOS Devices: Checks whether an Android or iOS device is jailbroken.

Unmanaged Devices: Check whether a device is still in a managed state, controlled by Citrix Endpoint Management. For example, a device enrolled in MAM or an unenrolled device isn’t managed.

Send Android domain users to ActiveSync Gateway: Click YES to make Citrix Endpoint Management send the user name and ActiveSync ID of Android device owners to the ActiveSync Gateway. Turn this feature off unless you’re running a legacy configuration. In more recent configurations, this feature allows any device access to ActiveSync data as long as the user name associated with the device exists on the Gateway.

To configure the ActiveSync Gateway settings

  1. In the Citrix Endpoint Management console, click the gear icon in the upper-right corner. The Settings page appears.

  2. Under Server, click ActiveSync Gateway. The ActiveSync Gateway page appears.

ActiveSync Gateway

  1. In Activate the following rules, select one or more rules you want to activate.

  2. In Android-only, in Send Android domain users to ActiveSync Gateway, click YES to make sure that Citrix Endpoint Management sends Android device information to the ActiveSync Gateway.

  3. Click Save.

ActiveSync Gateway