Article ID: 2743301 - View products that this article applies to.
Consider the following scenario:
In this scenario, the authenticated user may be able to access the Exchange ActiveSync application even when the credentials that were supplied do not match the specific group or user account restrictions that you specified as the UAG administrator.
This issue occurs because, even though user authentication is required and performed correctly, application authorization may not be enforced for rich client access. An example of rich client access is when a non-browser client agent uses HTTP authentication and does not use HTML Forms Based Authentication (FBA). In this case, the UAG authorization process that is based on the administratively defined group or user accounts may not appropriately restrict client access to the published application.
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2710791/ )Description of Service Pack 2 for Forefront Unified Access Gateway 2010
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates