Martijn Loenhout van Posted February 14, 2018 Share Posted February 14, 2018 We have a customer that has enrolled to Secure Hub with the SAMAccountname. Now the mailboxes need to move to Office365. Does this require a re-enrollment to Secure Hub, or can we create an extra 'exchange device policy' for the migrated users ? (by extra 'exchange device policy' we mean a modified policy that passes the UPN to Office365 in stead of the samaccountname) Link to comment
1 David Egan1709157332 Posted February 14, 2018 Share Posted February 14, 2018 Hi there, Whilst Secure Hub is enrolled on XenMobile Server by using sAMAccountName, this does not necessarily mean that Secure Mail is also using sAMAccountName. The authentication of Secure Mail can be handled separately and independently of the authentication used by Secure Hub. Likewise, the same advice applies for when you are configuring an Exchange Account Policy (in other words, you can have this Exchange Account Policy use yet another authentication method, if required). As such, there should be no need for Secure Hub to be re-enrolled because of the mailboxes moving. Rather, it is only those policies (either the MDX Policies for Secure Mail, if used, or alternatively the settings found inside of the Exchange device policy) which would need to be updated. Neither of these require that Secure Hub no longer uses sAMAccountName and so there should be no need to re-enroll Secure Hub. This is something that you should test on a few user account to begin with before making any changes that would impact upon a large number of users. Many thanks, David 2 Link to comment
0 Martijn Loenhout van Posted February 14, 2018 Author Share Posted February 14, 2018 Thanks for your quick response. This realy looks promising, will look into it further. There was some confusion internally that re-enroll was required anyway. Link to comment
0 John Francis1709160537 Posted September 24, 2019 Share Posted September 24, 2019 On 2/14/2018 at 8:18 AM, David Egan1709157332 said: Hi there, Whilst Secure Hub is enrolled on XenMobile Server by using sAMAccountName, this does not necessarily mean that Secure Mail is also using sAMAccountName. The authentication of Secure Mail can be handled separately and independently of the authentication used by Secure Hub. Likewise, the same advice applies for when you are configuring an Exchange Account Policy (in other words, you can have this Exchange Account Policy use yet another authentication method, if required). As such, there should be no need for Secure Hub to be re-enrolled because of the mailboxes moving. Rather, it is only those policies (either the MDX Policies for Secure Mail, if used, or alternatively the settings found inside of the Exchange device policy) which would need to be updated. Neither of these require that Secure Hub no longer uses sAMAccountName and so there should be no need to re-enroll Secure Hub. This is something that you should test on a few user account to begin with before making any changes that would impact upon a large number of users. Many thanks, David Hi David, Thanks for the info, I was looking for the same information. We have our LDAP as SAMAccountName and we want to test few users with UPN. How would we be able to achieve this? Can we use some form of policies to test for few users to login to SecureHub with UPN name and also SecureMail. Currently, we are using SAMAccountName. Is this only possible by globally changing it to UPN in LDAP settings? Link to comment
0 David Egan1709157332 Posted September 24, 2019 Share Posted September 24, 2019 For a single domain name, the setting for sAMAccountName or UPN is a global setting. Although it is possible to configure multiple LDAP connectors (for example, one LDAP connector for sAMAccountName and another LDAP connector for UPN), this method only works for 'different' domain names. In other words, for any given single domain name, the choice of 'sAMAccountName or UPN' is a global setting. Other than the LDAP connector on XenMobile Server, there is also the NetScaler Gateway configuration (found under 'Settings' on XenMobile Server). Inside here you will find that a single entry exists for a single Gateway. Again, this Gateway vServer will allow for 'only' a choice between sAMAccountName and UPN. It is not possible to configure multiple options here either unfortunately. Link to comment
Question
Martijn Loenhout van
We have a customer that has enrolled to Secure Hub with the SAMAccountname.
Now the mailboxes need to move to Office365.
Does this require a re-enrollment to Secure Hub, or can we create an extra 'exchange device policy' for the migrated users ?
(by extra 'exchange device policy' we mean a modified policy that passes the UPN to Office365 in stead of the samaccountname)
Link to comment
4 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now