Currently we use a mixture of MDM and activesync to allow mobile access to mail on Exchange 2013 CU7. I inherited this and I need to enforce certificate enrollment for all activesync connections. I know how to do this but in the interest of upsetting no-one I need to test it-and there's no lab here.
I've been looking at an article Steve Goodman wrote for doing this in Exchange 2010 where he suggests adding a second IIS site with a dedicated IP and creating a second activesync site. But I'm not sure that the apppool in Exchange 2013 will allow that?
The other thought that crossed my mine was setting up a separate mobile policy and putting the test phones against that. But it appears that the certificate authentication is global when applied?
Anyone got a better idea?
TIA
Tony