Exchange Inspectors

This page has not been liked. Updated 5/19/14, 6:22 AM by Gary MullinTags: None

 

General

Key Phrase Return Type Description
device id <string> Unique identifier for this device from theTEM perspective
data source <string> "Microsoft Exchange"
device type <string> "Mobile"
computer name <string> Combines the user part of the email address and the model to give a user friendly name for the device in TEM. This will appear as "[user]'s [model name]", e.g. "John's iPhone". If no model is present it will default to "John's Device".

 

Operating System

Key Phrase Return Type Description
operating system <operating system> Creation method for <operating system>
name of <operating system> <string> The OS name. eg iOS/Android
version of <operating system> <version> Version of the OS for this device, e.g. "5.0.0"
android of <operating system> <boolean> True if OS is Android
ios of <operating system> <boolean> True if OS is iOS
blackberry of <operating system> <boolean> True if OS is Blackberry
webos of <operating system> <boolean> True if OS is webOS
symbian of <operating system> <boolean> True if OS is Symbian
windows phone of <operating system> <boolean> True id OS is Windows Phone

 

Users

Key Phrase Return Type Description
current user <current user> Creation method for <current user>
name of <current user> <string> Name of the current user
logged on users plural <logged on user> Creation method for <logged on user>
name of <logged on user> <string> Name of the currently logged on user

 

Device

Key Phrase Return Type Description
device <device> Creation method for <device>
name of <device> <string> The name assigned to this device by the user, e.g. "John Smith's iPad"
phone number of <device> <string> Phone number as a string with no dashes or spaces, e.g. "5105551234"
model number of <device> <string> The model number of the device,
model name of <device> <string> The model name of the device, e.g. "iPhone"
serial number of <device> <string> The serial number of the device, e.g. "D97YGQ12CQK7"
imei of <device> <string> The IMEI of the device
manufacturer of <device> <string> This is the manufacturer of the OS of the device eg Apple/Android/Microsoft

 

Correlated Device

Note: These inspectors are only available if advanced device correlation is enabled (in Exchange Configuration Wizard) and the device is correlated with a device in TEM with an Agent.

Key Phrase Return Type Description
correlated device <correlated device> Creation method for <correlated device>
temid of <correlated device> <string> the bes computer id if this device
strength of <correlated device> <string>

An indication of how good thie correlation is for this device:

High : matched on userid + 1 or more of Device ID, Serial number or IMEI

Medium : matched on userid + 2 or more of model,manufacturer,modelid or phone number

Low : matched on userid + 1 of model,manufacturer,modelid or phone number

compliant of <correlated device> <boolean>

This inspector will be available if the compliance is setup by specifying the compliancPropertInfo property in the Exchange plugin plugin-settings.ini. This should specify a boolean propert in an analysis that signifies compliance.

It is specified as:

compliantPropertyInfo=siteID,fixletID,propertyID

eg compliantPropertyInfo=2306,54,2

would look for a boolean value in property 2, of analysis 54 in site 2306 to decide if a device is compliant. This will then be reported in this inspector.

installed apps of <correlated device> plural <string> List of app identifiers on the device as reported by the agent
rooted of <correlated device> <boolean> Returns whether this device has been rooted
jailbroken of <correlated device> <boolean> Returns whether this device has been jailbroken
name of <correlated device> <string> Device name as reported by the agent
manufacturer of <correlated device> <string> Manufacturer as reported by the agent
model of <correlated device> <string> Model as reported by the agent
carrier of <correlated device> <string> Carrier
serial number of <correlated device> <string> Serial number as reported by the agent
guid_or_imei of <correlated device> <string> GUID or IMEI as reported by the agent
authenticated userid of <correlated device> <string> Authenticated Userid
model id of <correlated device> <string> Model ID as reported by the agent
phone number of <correlated device> <string> Phone number as reported by the agent
last server communication of <correlated device> <time> Last communication from the agent
device ownership of <correlated device> <string> Personal or Organization
uuid_or_udid of <correlated device> <string> UUID or UDID from the agent
enrollment answers of <correlated device> <string> String conaining the answers to enrollment questions
user language of <correlated device> <string> Language as reported by the agent
email address of <correlated device> <string> Enrolled email address

 

Cellular info

Key Phrase Return Type Description
cellular info <cellular info> Creation method for <cellular info>
current carrier network of <cellular info> <string> Current carrier network

 

Proxy Agent Plugin

Key Phrase Return Type Description
proxy agent plugin <proxy agent plugin> Creation method for <proxy agent plugin>
last report time of <proxy agent plugin> <time> The last time a device report was generated for this device
version of <proxy agent plugin> <string> The version of this proxy agent plugin

 

Server Communication

Key Phrase Return Type Description
last server communication <server communication> Creation method for <server communication>
time of <server communication> <time> Time object representing the last time the device reported to the server, and thus the last time all properties reportable by relevance were refreshed on the server



 



Exchange info



Key Phrase Return Type Description
exchange info <exchange info> createion method for <exchange info>
identity of <exchange info> <string> The Exchange device Identity eg "mycompany..com/Users/John//ExchangeActiveSyncDevices/iPhone§Appl7R049JM0A4S"
mailbox of <exchange info> <string> The mailbox identity of the mailbox containing this device. eg "mycompany.com/Users/John"
remote wipe supported of <exchange info> <boolean> true if remote wipe is supported on the device
status of <exchange info> <string> The device status eg "DeviceOK"
status note of <exchange info> <string> A device status note
email access state of <exchange info> <string> The access state of this device eg "Blocked"
email access reason of <exchange info> <string> The reason for the access state eg Global means set at the global policy level.
active sync version of <exchange info> <version> The activesync version used on the device
folders synced of <exchange info> <integer> Number of folders synced with exchange
email address of <exchange info> <string> email address of the user of the mailbox containing this device






Security policy



Key Phrase Return Type Description
security policy <security policy> creation method for <security policy>
allow nonprovisionable devices of <security policy> <boolean> This setting specifies whether older devices that may not support application of all policy settings are allowed to connect to Exchange by using Exchange ActiveSync.
attachments enabled of <security policy> <boolean>

This setting enables attachments to be downloaded to the mobile device.

require storage card encryption of <security policy> <boolean> This setting specifies whether the storage card must be encrypted. Not all mobile device operating systems support storage card encryption. For more information, see your device and mobile operating system for more information.
password recovery enabled of <security policy> <boolean> When this setting is enabled, the device generates a recovery password that is sent to the server. If the user forgets their device password, the recovery password can be used to unlock the device and enable the user to create a new device password.
policy refresh interval of <security policy> <string>

This setting defines how frequently the device updates the Exchange ActiveSync policy from the server.

max attachment size of <security policy> <integer>

This setting specifies the maximum size of attachments that are automatically downloaded to the device.

wss access enabled of <security policy> <boolean>

This setting enables access to files that are stored in Microsoft Windows SharePoint Services document libraries.

unc access enabled of <security policy> <boolean> This setting enables access to files that are stored on Windows file share (UNC) shares.
password expiration of <security policy> <integer> This setting enables the administrator to configure a length of time after which a device password must be changed.
default flag of <security policy> <boolean> true if this is the default policy
allow storage card of <security policy> <boolean> This setting specifies whether the mobile device can access information that is stored on a storage card.
allow unsigned applications of <security policy> <boolean> This setting specifies whether unsigned applications can be installed on the device.
allow unsigned installation packages of <security policy> <boolean>

This setting specifies whether an unsigned installation package can be run on the device.

allow wifi of <security policy> <boolean> This setting specifies whether wireless Internet access is allowed on the device.
allow text messaging of <security policy> <boolean>

This setting specifies whether text messaging is allowed from the device.

allow pop imap email of <security policy> <boolean>

This setting specifies whether the user can configure a POP3 or an IMAP4 e-mail account on the device.

allow irda of <security policy> <boolean> This setting specifies whether infrared connections are allowed to and from the mobile device.
require manual sync when roaming of <security policy> <boolean>

This setting specifies whether the device must synchronize manually while roaming. Allowing automatic synchronization while roaming will frequently lead to larger-than-expected data costs for the mobile device plan.

allow desktop sync of <security policy> <boolean> This setting specifies whether the mobile device can synchronize with a computer through a cable, Bluetooth, or IrDA connection.
allow html email of <security policy> <boolean> This setting specifies whether e-mail synchronized to the device can be in HTML format. If this setting is set to false, all e-mail is converted to plain text.
require signed smime messages of <security policy> <boolean> This setting specifies whether S/MIME messages must be signed.
require encrypted smime messages of <security policy> <boolean> This setting specifies whether S/MIME messages must be encrypted.
allow smime soft certs of <security policy> <boolean> This setting specifies whether S/MIME software certificates are allowed on the mobile device.
allow browser of <security policy> <boolean> This setting specifies whether Pocket Internet Explorer is allowed on the mobile device. This setting does not affect third-party browsers installed on the device.
allow consumer email of <security policy> <boolean>

This setting specifies whether the mobile device user can configure a personal e-mail account (either POP3 or IMAP4) on the device.

allow remote desktop of <security policy> <boolean>

This setting specifies whether the mobile device can initiate a remote desktop connection.

allow internet sharing of <security policy> <boolean> This setting specifies whether the mobile device can be used as a modem for a desktop or portable computer.
allow bluetooth of <security policy> <string> This setting specifies whether a mobile device allows Bluetooth connections. The available options are Disable, HandsFree Only, and Allow.
max calendar age filter of <security policy> <string> This setting specifies the maximum range of calendar days that can be synchronized to the device. The value is specified in days.
max email age filter of <security policy> <string> This setting specifies the maximum number of days' worth of e-mail items to synchronize to the device. The value is specified in days.
required signed smime algorithm of <security policy> <string> Thissetting specifies what required algorithm must be used when signing a message.
required encryption smime algorithm of <security policy> <string> This setting specifies what required algorithm must be used when encrypting a message.
allow smime encryption algorithm negotiation of <security policy> <string> This setting specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified encryption algorithm.
max email body truncation size of <security policy> <integer> This setting specifies the size beyond which e-mail messages are truncated when they are synchronized to the device. The value is specified in kilobytes (KB).
max email html body truncation size of <security policy> <integer> This setting specifies the size beyond which HTML-formatted e-mail messages are truncated when they are synchronized to the device. The value is specified in kilobytes (KB).
blacklisted applications of <security policy> plural <string> This setting specifies a list of applications that cannot be run in ROM.
approved applications of <security policy> plural <string>

This setting stores a list of approved applications that can be run on the device.

allow external device management of <security policy> <boolean> specifies whether an external device management program is allowed to manage the device.
mailbox policy flags of <security policy> <string> Policy flags of this security policy
admin display name of <security policy> <string> Display name of this security policy
distinguished name of <security policy> <string> Distinguished name of this security policy
identity of <security policy> <string> Identity of this security policy
name of <security policy> <string> Name of this security policy
guid of <security policy> <string> GUID of this security policy
object class of <security policy> <string> Active Directory object class of this security policy
object category of <security policy> <string> Active Directory object category of this security policy
creation time of <security policy> <time> Creation time for this security policy
last update time of <security policy> <time> Last update time for this security policy
last update unix time of <security policy> <string> Last update time for this security policy in unix format
password enabled of <security policy> <boolean>

This setting enables the device password.

password alphanumeric of <security policy> <boolean> This setting requires that a password contains numeric and non-numeric characters.
valid flag of <security policy> <boolean> true if this security policy is valid
compliance of <security policy> <string> Full

Partial

None

Externally Managed

Unknown
overall compliant of <security policy> <boolean> true if compliance of security policy = "Full"
password max failed attempts of <security policy> <integer> This setting specifies how many times an incorrect password can be entered before the device performs a wipe of all data.
minutes to auto lock of <security policy> <integer> This setting specifies the length of time that a device can go without user input before it locks.
allow simple password of <security policy> <boolean> This setting enables or disables the ability to use a simple password such as 1234. The default value is true
password min length of <security policy> <integer>

This setting specifies the minimum password length.

password history of <security policy> <integer>

This setting specifies the number of past passwords that can be stored in a user's mailbox. A user cannot reuse a stored password.

password min complex characters of <security policy> <integer> This setting specifies the minimum number of complex characters required in a device password. A complex character is any character that is not a letter.
allow camera of <security policy> <boolean>

This setting specifies whether the mobile device camera can be used.

originating server of <security policy> <string> The server where this policy originated
encryption required of <security policy> <boolean> This setting specifies whether device encryption is required. If set to $true, the device must be able to support and implement encryption to synchronize with the server.
encryption enabled of <security policy> <boolean>

This setting enables encryption on the device. Not all devices can enforce encryption. For more information, see the device and mobile operating system documentation.





Correlation keys

Key Phrase Return Type Description
correlation keys plural <correlation key> Creation method for <correlation key>
name of <correlation key> <string> Name of the correlation key (e.g. "Serial Number")
value of <correlation key> <string> Value of the correlation key (e.g. "D97YGQ12CQK7")

 

Email Servers

Key Phrase Return Type Description
email servers plural <email server> Creation method for <email server>
name of <email server> <string> fqdn of the email server
ip addresses of <email server>> plural <ipv4or6 address> list of IP addresses of the email server
version of <email server> <string> Version of Exchange server eg "Version 14.1 (Build 218.15)"


Wipe Status

Key Phrase Return Type Description
wipe status <wipe status> Creation method for <wipe statusr>
time sent of <wipe status> <time> The time at which the last device wipe command was sent from the server.
time requested of <wipe status> <time> The time at which the RemoteWipe setting was enabled on the mobile phone.
time acknowledged of <wipe status> <time> The time at which the server received the last wipe acknowledgement sent by the client.
requestor of <wipe status> <string> User who requested the device wipe

 

Miscellaneous

Key Phrase Return Type Description
activesync user agent <string> UserAgent string eg "Apple-iPhone3C1/901.334"
user language <string> The language set on the device
last ping heartbeat <integer> The length of the last heartbeat interval.
recovery password <string> Currently returns ********. This may be exposed in a later release.