Setting up work email access from home (via exchange)

[88keys]

I tend to get alot of emails from the engineering dept over the weekend while I'm that my dept needs to follow up on for the following week. A co worker suggested setting up access from home to just pop in from time to time and keep them organized as they come in so I don't have a mess to go through every Monday morning while I'm still struggling to wake up.

I run Windows 10 and I was in the middle of setting this up until I came across a prompt saying that my PCs security settings would need to be changed in order to connect to the network. I didn't like the idea so I didn't go through with it.

So for this reason I've been using the web access client. The problem with this however is that downloading and viewing attachments is a pain in the ass and I need to look at each attachment so I can sort and prioritize.

So my question is; what happens when I connect my PC to the exchange server at work? Does my PC suddenly become their property in a weird technical way?

Can I just set up a Windows 7 installation in a virtual box and connect to work this way to avoid any of these issues?

 

[Mushkins]

I'm assuming you're using the Windows 10 "Mail" app to try to connect your work email?

First: Make sure that this is allowed by your company. Just because you *can* doesn't mean you're *allowed to*. Their misconfigured exchange server isn't going to stop you from getting fired if you break security policy, and that's not an argument you ever want to get into. CYA. The admins *will* see your PC show up as actively connecting to the mailserver if they bother to look at the activesync records.

Anyway, The Windows 10 Mail app uses Exchange ActiveSync like a smartphone, not a traditional connection to the exchange server like full desktop mail clients do. That warning is the same one you get when connecting any device via ActiveSync.

ActiveSync has the ability to push mail control policies down to your device, as well as remotely wipe the mailbox from the device. That security popup is just giving you as the user full disclosure that if policies are changed they will be pushed to your device (in this case your Win 10 PC) and configuration will be changed.

This does *not* give them a magic backdoor into the rest of your PC. They cant browse your hard drive or delete your data or anything like that. It's strictly in relation to data associated with the Mail app and that specific Exchange account.

 

[Ketchup]

Yes, what app are you using? I use Outlook, same as on my work laptop.

 

[88keys]

I'm assuming you're using the Windows 10 "Mail" app to try to connect your work email?

First: Make sure that this is allowed by your company. Just because you *can* doesn't mean you're *allowed to*. Their misconfigured exchange server isn't going to stop you from getting fired if you break security policy, and that's not an argument you ever want to get into. CYA. The admins *will* see your PC show up as actively connecting to the mailserver if they bother to look at the activesync records.

Anyway, The Windows 10 Mail app uses Exchange ActiveSync like a smartphone, not a traditional connection to the exchange server like full desktop mail clients do. That warning is the same one you get when connecting any device via ActiveSync.

ActiveSync has the ability to push mail control policies down to your device, as well as remotely wipe the mailbox from the device. That security popup is just giving you as the user full disclosure that if policies are changed they will be pushed to your device (in this case your Win 10 PC) and configuration will be changed.

I do have exchange email via iOS on company tablet and an non company phone. So if that's the case, my PC should be fine.
I can do what I need to do on my tablet, but when it come to actual 'work' I sill find certain things quicker and easier on a desktop.

This does *not* give them a magic backdoor into the rest of your PC. They cant browse your hard drive or delete your data or anything like that. It's strictly in relation to data associated with the Mail app and that specific Exchange account.

Okay. That's more along the lines of what I was figuring, but I wanted to be sure. I have a friend of mine whose company requires him to have his own laptop. He dual boots via separate HDDs between Windows 7 (for work) and 10 for home because the way he interprets his handbook, the data and such on his laptop is company property when connected to their servers either locally or via remote.

 

[88keys]

Yes, what app are you using? I use Outlook, same as on my work laptop.

The mail app on Windows 10. I don't run outlook on my home PCs.

 

[Mushkins]

I do have exchange email via iOS on company tablet and an non company phone. So if that's the case, my PC should be fine.

Only your IT department can answer that question. In our company that is absolutely not fine (I would know, I wrote the policies ). Just make sure you're safe and compliant is all, I hate when I have to drop the hammer on one of our employees who breaches the AUP.

Okay. That's more along the lines of what I was figuring, but I wanted to be sure. I have a friend of mine whose company requires him to have his own laptop. He dual boots via separate HDDs between Windows 7 (for work) and 10 for home because the way he interprets his handbook, the data and such on his laptop is company property when connected to their servers either locally or via remote.

Another thin line that only your IT department can clarify. If I caught someone dual booting a company issue laptop they would 100% be in breach of our AUP and I would immediately confiscate and format all partitions on the laptop before bringing up disciplinary action.

If you're dual booting, you can very easily be transferring data between those partitions. Which means you can move company-owned, protected data from the "work" environment into the "non-work" environment and circumvent data control and integrity methods in place. Might be a slap on the wrist wherever you work, but my industry is federally regulated and an excel spreadsheet full of protected health information ending up the wild could translate into millions of dollars in fines and disclosure of a breach to all of our clients (which means we lose their trust, and their business as well). If we found that it happened because some guy was dual booting a laptop to dink around on the company dime? He'd be fired immediately.

 

[88keys]

Only your IT department can answer that question. In our company that is absolutely not fine (I would know, I wrote the policies ). Just make sure you're safe and compliant is all, I hate when I have to drop the hammer on one of our employees who breaches the AUP.



Another thin line that only your IT department can clarify. If I caught someone dual booting a company issue laptop they would 100% be in breach of our AUP and I would immediately confiscate and format all partitions on the laptop before bringing up disciplinary action.

Talked it over with IT today and I was told that they are fine with me or anyone accessing the exchange server with any Active Sync client. He said that they generally don't care if people use an ordinary desktop client except as it is not exactly against the rules. But he highly recommends against it for people who work in engineering, quality, and HR as they have access to proprietary or private information that others do not which could make for a nasty situation if that information is ever leaked. He also went on to say that most people access work email via smart phones these days and security breaches weren't an issue then or now so he has seen no reason to make stricter rules because the employees generally heed his advice.


So for what it's worth, I explained that the Windows 10 email client works fine for what I need it to do and I'm 100% okay with that.

If you're dual booting, you can very easily be transferring data between those partitions. Which means you can move company-owned, protected data from the "work" environment into the "non-work" environment and circumvent data control and integrity methods in place. Might be a slap on the wrist wherever you work, but my industry is federally regulated and an excel spreadsheet full of protected health information ending up the wild could translate into millions of dollars in fines and disclosure of a breach to all of our clients (which means we lose their trust, and their business as well). If we found that it happened because some guy was dual booting a laptop to dink around on the company dime? He'd be fired immediately.

His employer is a defense contractor so I would 'think' that their IT policies are strict, but his position is that if they're that worried about security then they would provide employees with their own devices.