Some more indepth view and testing was done by Paul Cunningham from www.exchangeserverpro.com
Recently Linkedin added a new feature to their site.
It gives you the abillity to search for contacts on your company address book.
How handy that may seem, the other side of this is that Linkedin is given your login credentials to the corporate Exchange environment.
I case of a security breach or hack over at our friends at Linkedin, your username, password, email address and webmail url are in the wrong hands posing a serious security issue.
So, here's how to stop Linkedin from accessing your Exchange servers:
First, under the Set-OrganizationConfig area, you'll need to check that EwsApplicationAccessPolicy is set to 'EnforceBlockList'
[PS] C:\Windows\system32>Get-OrganizationConfig | fl ews*
EwsEnabled :
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy :
EwsAllowList :
EwsBlockList :
If it shows up empty like above, you have to enable the blocklist.
[PS] C:\Windows\system32>Set-OrganizationConfig -EwsApplicationAccessPolicy enforceblocklist
[PS] C:\Windows\system32>
Next, you need to add LinkedIn into the BlockList.
[PS] C:\Windows\system32>Set-OrganizationConfig -EwsBlockList LinkedInEWS
Lets see how that looks.
[PS] C:\Windows\system32>Get-OrganizationConfig | fl ews*
EwsEnabled :
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy : EnforceBlockList
EwsAllowList :
EwsBlockList : {LinkedInEWS}
Adam Fowler's source
Paul Cunninham's source
Hello,
ReplyDeleteThis solution doesn't seem te be working.
Do I need to restart some services?
Regards,
Ron
Is it in Exchange 2010? For 2007 it seems to be a bit different.
ReplyDelete