Tuesday, 14 December 2010

Forefront UAG SP1 Endpoint Assessment Changes Impact Mobile Devices like iPads/iPhones

I noticed from the Forefront UAG SP1 release notes that endpoint assessment for mobile devices has changed within SP1. I have also seen a few people reporting issues on the TechNet forums with UAG portal access problems when using Apple iPhone/iPad devices since applying SP1. These changes are covered by the following statement:

“In Forefront UAG RTM, mobile devices including the iPhone, Android and Windows Mobile were included in the Windows, Mac, and Linux platform-specific policies, and allowed access by the Forefront UAG Default Session Access policy. In Forefront UAG SP1, mobile devices were removed from this policy, and now belong to the Other platform-specific policy.”

The net result of this change is that mobile devices like iPads/iPhones will receive  the following error when attempting to access the UAG trunks: The endpoint does not meet access policy requirements for this site.

To continue to include them in the Default Session Access Policy, do the following:

  1. In the trunk that allows access to these devices, open the Endpoint Access Settings tab, and click Edit Endpoint Policies.
  2. In the Manage Policies and Expressions list, click Default Session Access, and then click Edit Policy.
  3. In Other, select Always.
  4. Apply and activate the configuration.
image

To continue to include them in the Default Web Application Access Policy, do the following:

  1. In the trunk that allows access to these devices, open the Endpoint Access Settings tab, and click Edit Endpoint Policies.
  2. In the Manage Policies and Expressions list, click Default Web Application Access, and then click Edit Policy.
  3. In Other, select Always.
  4. Apply and activate the configuration.

image

To ensure published applications appear in the portal when using mobile devices like iPads/iPhones (when applications are supported for mobile devices):

  1. In the trunk that allows access to these devices, review the Applications area, click the required application, and then click Edit.

  2. On the Application Properties dialog box, click the Portal Link tab.

  3. On the Portal Link tab, select the Premium mobile portal check box to show this application in the premium mobile portal.

  4. On the Application Properties dialog box, click OK.

  5. Activate the configuration.

image

5 comments:

  1. Thanks! This one just saved me from the wrath of an angry board member with an ipad.

    ReplyDelete
  2. This is a nice post. I could use something like this. And thank you for adding up also the images so that I could see it step by step.

    ReplyDelete
  3. Given the proliferation of mobile devices and a big diffrerence between a tablet and an android/iphone/windows mobile lumping them all together seems a bit odd.

    ReplyDelete
  4. I think we have UAG SP 1 has some issue with Ipad 3. The Time-Out pop up does not come up, instead during timeout, it directly closes the tab.

    ReplyDelete
    Replies
    1. I think support for iPad 3 should be coming in the next UAG update

      Delete