Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

GWil's avatar
GWil
Icon for Nimbostratus rankNimbostratus
Feb 01, 2016

APM - allow ActiveSync, block OWA

Hi all, I've successfully deployed iApp fo Exchange 2013 LTM+APM. Now I would like to create policy that allow or deny access to OWA based on AD groups. Now my policybased on ADquery allow access to ...
application delivery
BIG-IP Access Policy Manager (APM)
iApps
Josiah_39459's avatar
Josiah_39459
Historic F5 Account
Feb 01, 2016

You can identify owa (web browser) vs activesync (microsoft exchange client) using a client check:

 

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-2-0/apm_config_server_checks.html?sr=51220103205575

 

and you can check AD group membership with AD Query or LDAP Query:

 

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-0-0/4.html?sr=51220171

 

Then it's just a matter of designing your VPE so the Allow and Deny are appropriate for the matches you want.