Set up email access control through PowerShell
When you set up the standalone EAS proxy in PowerShell mode, it connects to your Exchange mail server through PowerShell and sets email access based on the device’s compliance status.
In PowerShell mode, mail traffic goes directly from the Exchange mail server to your devices without a proxy. For a schematic of the communication flow, see the Sophos Mobile technical guide.
Advantages of the PowerShell mode:
- You do not need to open a port on your Sophos Mobile server for incoming email traffic from your devices.
- You can prevent devices that are not enrolled with Sophos Mobile from accessing email.
The Exchange mail server can be either Exchange Server or Exchange Online, which is part of Office 365. Supported versions are:
- Exchange Server 2013
- Exchange Server 2016
- Office 365 with an Exchange Online plan
To set up email access control through PowerShell, do as follows.
Configure PowerShell
Create a service account
A service account is a special user account on the Exchange mail server that Sophos Mobile uses to execute PowerShell commands.
Configure the PowerShell connection
Upload the PowerShell certificate
Upload the certificate of the PowerShell connection to Sophos Mobile.