SphereShield for Exchange

Certificate-Based Authentication (CBA) for Exchange on Premises

Verify that Outlook can connect to Exchange only if the device is managed by your EMM vendor.
A device is approved to access Exchange after SphereShield verifies that a proper certificate that was issued by your EMM vendor is installed. A device that is not managed will not have the required certificate, and Outlook will be blocked from accessing Exchange. SphereShield can be integrated with all EMM vendors.

SphereShield for Microsoft Exchange is currently available for Windows 10 and macOS.

Key Features

Verify the device is managed by your EMM vendor before connecting to Exchange.

Devices that have become out of compliance will be blocked from connecting to Exchange, even if they have the certificate.

Provides full visibility of all devices connecting externally to Exchange. All devices will be registered on the SphereShield admin site.

Verifies that the certificate is issued by the root certificate, as configured by your MDM vendor.

Validates certificate values based on a regex engine.

Configurable mapping of certificate attributes to extract user and device info from the certificate.

Updates last seen time and last IP used.

Keep track of all attempts—both successful and failed—to connect externally to Exchange.

Interacts with the SphereShield Risk engine and geolocation module for geo fencing conditional access policies.

Displays a live map showing the locations from which parties are trying to connect.

Generate security alerts in response to detection of suspicious changes in location, device and data capacity, and in reaction to atypical activity.

Define Geo-fencing rules. Block connections from specific locations or allows access from these locations only to specific groups/domains.