Client Access Services Flashcards Preview

Exchange 2016 MCSE 70-345 > Client Access Services > Flashcards

Flashcards in Client Access Services Deck (72)
Loading flashcards...
31

Is Persistence required for load balancing Exchange 2016? Why or why not?

Persistence is not required when load balancing Exchange 2016, because all connections are proxied to the active database copy, regardless of which server provices their client access services.

32

What do Outlook Web App Policies do?

They control access to features when using Outlook on the Web

Note, disabling the access via a policy here does not actually disable the feature for the mailbox itself.

33

How can you prevent users from being able to remotely wipe their own mobile device from Outlook on the Web?

EAC > Permissions >
OWA policies > Edit policy > Features >
uncheck "Exchange ActiveSync."

This will prevent users from having any management of their mobile devices from Outlook on the Web.

Be sure to go into the mailbox of the user and assign the OWA policy to it.

34

How can you assign an OWA Policy to all users at once?

Assuming the policy name is "Default,"

get-mailbox
-ResultSize
unlimited
| set-casmailbox
-OwaMailboxPolicy
Default

35

What is ActiveSync?

ActiveSync is the protocol that allows mobile devices and applications to synchronize data with Exchange mailboxes.

36

What items can ActiveSync work with?

• Email items
• Calendar items
• Contact items
• Task items

37

How does Push technology work for ActiveSync?

• The ActiveSYnc client sends a "ping" request to Exchange

• The client waits up to 15 minutes for a response. (This is sometimes called an "open connection" or a "hanging connection."

• The Exchange server responds if a change occurs in a mailbox folder (such as new mail arriving), or after the time limit expires

• The client then sends a new "ping" request and waits again

This process allows mailbox changes to appear almost instantaneously on the client.

38

What are Mobile Device Mailbox Policies? How do they work?

They provide policy options for controlling mobile device features, such as:

• Phone PIN/password lock policies
• Device encryption
• Camera
• Bluetooth
• Push notifications

Options available will vary depending on phone OS and make/model.

The policy is applied when the phone adds an ActiveSync account.

39

What happens if a phone's OS or model isn't capable of meeting the requirements of the applied Mobile Device Mailbox Policy?

The policy has a setting for "Allow mobile devices that don't fully support these policies to synchronize."

This is enabled by default. While enabled, the phone will be allowed to connect and will only apply the parts of the policy that are supported, if any.

If disabled, the phone will not be allowed to connect if any single aspect of the policy isn't supported.

40

What is ABQ?

Allow/Block/Quarantine

The automated process which a mobile device is vetted through to determine if it will be allowed to connect to a mailbox, or be blocked or quarantined.

41

What is the order of criteria processing in ABQ?

The device is checked on the following, in this processing order:

1. User Authentication

2. ActiveSync setting on Mailbox (enabled/disabled)

3. Mobile Device Mailbox Policy

4. Personal Exemption

5. Device Access Rules

6. Organization Default Access State

42

For mobile devices:

What is a "Personal Exemption"?

How does it work?

It blocks or allows a specific Device ID for a specific mailbox user.

Device IDs are added to the block/allow list for a mailbox by:

• An admin choosing to block or allow a quarantine device

• An admin manually updating the block/allow list for a mailbox user

43

What is an ActiveSync Device Access Rule?

How does it work?

Created by an admin in EAC or PowerShell

Can apply either an allow, block, or quarantine action, based on these device characteristics:

• DevicType (Family)
• DeviceModel
• DeviceOS
• UserAgent

44

What are some caveats of ActiveSync Device Access Rules?

• Rule characteritcs are exactly specific: no wildcards or partial matches

• They apply organization-wide. They cannot be applied to a subset of users. (Users can effectively be exempted from them via Personal Exemption, which is processed before the Device Access rule).

• Device characteristics that can change, such as OS version, can cause the device to change from allowed to blocked/quarantined, or from quarantined to allowed. (But once a device is blocked, it will stay blocked until the rule is removed.)

• Even if a device is blocked, that only means it's built-in OS mail app is blocked. Users can still use other apps, such as the Outlook app.

45

If an iPhone 8 user uses the Outlook app to access their mail, how will their connection be evaluated by the Device Access Rule?

Rather than showing up as an iPhone, the device characteristics will be read as follows:

DeviceType: Outlook
DeviceModel: Outlook
DeviceOS: Outlook for iOS and Andriod 1.0
DeviceUserAgent: Outlook-iOS-Android/1.0

46

What happens when a mobile device in the Quarantine is Allowed or Blocked by an administrator?

The device is added to its user's Personal Exemption, as either Allowed or Blocked.

47

What are some common reasons why a Remote Wipe request will not end up wiping the device?

• If the device never connects to the Exchange server, either due to not connecting to the internet or otherwise being blocked.

• If the user's password is changed before the device can connect and authenticate.

• If the Pending request is cancelled by an admin.

• If the user was connecting to Exchange through an app, such as the Outlook app, instead of through the OS built-in Mail app. In that case, only the single App's data is wiped, not the phone.

48

What is the PowerShell command to remotely wipe a mobile device?

Clear-MobileDevice
-Identity
""

49

What is a Remote Wipe?

• Any mobile device that connects to Exchange using ActiveSync can be selected to be remotely wiped.

• If the device was using an OS built-in Mail app, then the entire device is wiped.

• For some mobile apps, the remote wipe is constrained to just the app data. (E.g., Outlook for iOS and Android.)

• The remote wipe is destructive an irreversible.

• It is not gauranteed to work in all situtations.

50

What is OffCAT?

Microsoft Office Configuration Analyzer Tool

A tool to be run on a client machine, which will

• analyze the Office client configuration

and look for common issues such as

• Autodiscover problems,

• misconfigured registry items,

• and other issues that might cause clients to not connect.

51

What is Log Parser?

A command-line tool used to quick analyze text-based log files.

Log Parser Studio is a graphical front-end for Log Parser, which provides several built-in reports. Point it at your log folders, and you can pull these reports to see statistics and errors.

52

What is "Outlook Test E-Mail AutoConfiguration"?

A tool built in to Outlook

It runs through a complete Autodiscover test, and provides information and logs.

53

How is the Outlook Test E-Mail AutoConfiguration tool accessed and run?

While Outlook is open, Hold the left Control key, and right-click the Outlook icon in the taskbar, and select "Test E-Mail AutoConfiguration..."

54

What URLs can be used to access the Microsoft Remote Connectivity Analyzer?

testconnectivity.microsoft.com

Or,

exrca.com (this will automatically redirect you to the primary URL above)

55

What is the Microsoft Remote Connectivity Analyzer?

A Microsoft web-hosted tool that tests external connections to your Exchange server.

It requires actual credentials to perform the test.

It will analyze and report on DNS, AutoDiscover, SSL certificates, ports, authentication, ActiveSync, IIS configuration, and other connection steps and errors.

56

What sources of logs are there for troubleshooting Exchange?

• Windows Event Logs

• IIS Logs

• POP/IMAP Protocol Logs

57

What does this HTTP status code mean?

200

OK / Good

58

What does this HTTP status code mean?

401

and

40x

401: Unauthorized

(any other 40x code typically points to an authentication problem)

59

What does this HTTP status code mean?

503

and

50x

503: Service Unavailable

(other 50x codes typically point to a server problem, rather than a user problem)

60

Where are IIS log files located?

The default path is on the C volume:

C:inetpub\logs\LogFiles

In this folder, you'll see a folder for each website that IIS hosts.