2. ActiveSync
ActiveSync
is a synchronization protocol that allows mobile devices to synchronize
the user’s Exchange mailbox, including email, calendar, contacts, and
tasks. It is based on HTTP and Extensible Markup Language (XML).
ActiveSync supports the following devices:
Windows Mobile 5.0
Pocket PC 2003
Pocket PC 2002
Unlike
Exchange Server 2003, in Exchange 2007 the ActiveSync feature is
enabled by default. The Exchange 2007 ActiveSync has a number of new
features and improved features, including the following:
Support for HTML messages
Support for follow-up flags
Support for fast message retrieval
Meeting attendee information
Enhanced Exchange Search
Windows SharePoint Services and Universal Naming Convention (UNC) document access
PIN reset
Autodiscover for over-the-air provisioning
Support for Out of Office configuration
Support for tasks synchronization
Support for Direct Push
Some
of the new features, such as Direct Push and Autodiscover, require
Windows Mobile 5.0 with the Messaging and Security Feature Pack (MSFP)
installed on the device to function.
Exchange 2007 ActiveSync also has a number of new security features, including the following:
These new security features allow Exchange 2007 administrators to effectively manage the security of their mobile devices. Table 3 lists the settings available in the ActiveSync mailbox policy.
Table 3. List of ActiveSync Mailbox Policy Settings
| Setting | Default Value | Description |
|---|
| Allow nonprovisionable devices | True | Allows
older devices (those that do not support the Autodiscover service) to
connect to Exchange 2007 by using Exchange ActiveSync |
| Allow simple password | False | Enables or disables the ability to use a simple password such as 1234 |
| Alphanumeric password required | False | Requires that a password contains numeric and nonnumeric characters |
| Attachments enabled | True | Enables attachments to be downloaded to the mobile device |
| Device encryption enabled | False | Enables encryption on the device |
| Password enabled | False | Enables the device password |
| Password expiration | Not Set | Enables the administrator to configure a length of time after which a device password must be changed |
| Password history | 0 | Defines the number of past passwords stored in the user’s mailbox; previously stored passwords cannot be reused |
| Policy refresh interval | Not Set | Defines how frequently the device updates the Exchange ActiveSync policy from the server |
| Maximum attachment size | Not Set | Specifies the maximum size of attachments that are automatically downloaded to the device |
| Maximum failed password attempts | 4 | Specifies how many times an incorrect password can be entered before the device performs a wipe of all data |
| Maximum inactivity time lock | 15 minutes | Specifies the length of time a device can go without user input before it locks |
| Minimum password length | 4 | Specifies the minimum password length |
| Password recovery | Disabled | Enables the device password to be recovered from the server |
| UNC file access | Enabled | Enables access to files stored on UNC shares |
| WSS file access | Enabled | Enables access to files stored on Microsoft Windows SharePoint Services sites |
To
use the password policy features and the Remote Device Wipe, you need
to create and associate the user with an Exchange ActiveSync mailbox
policy.
Different policies can be created
to meet the needs of different user communities. For example, an
organization might have one general user ActiveSync mailbox policy with
default password settings that require a minimum of 4 characters. A
second ActiveSync mailbox policy for executives with higher security
requirements and more secure password settings might require a minimum
of 10-character passwords. These policies would be assigned to the
appropriate mailboxes.
By default, no ActiveSync mailbox policies are created. To create a new ActiveSync mailbox policy, execute the following steps:
1. | Expand the Organization Configuration folder.
|
2. | Select the Client Access folder.
|
3. | In the actions pane, select New Exchange ActiveSync Mailbox Policy.
|
4. | Enter the policy name, such as Default Exchange ActiveSync Mailbox Policy.
|
5. | Click New to create the policy.
|
6. | Click Finish to close the wizard.
|
To associate a user with an Exchange ActiveSync mailbox policy, execute the following steps:
1. | Expand the Recipient Configuration folder.
|
2. | Select the Mailbox folder.
|
3. | Select the mailbox.
|
4. | Select Properties in the actions pane.
|
5. | Select the Mailbox Features tab.
|
6. | Select Activesync and click Properties.
|
7. | Click Browse and select a policy, such as the Default Exchange ActiveSync Mailbox Policy created earlier. |
8. | Click OK three times to save the settings.
|
Now,
the user’s mobile device will have the policies applied and can be
managed remotely, as is evidenced by the Manage Mobile Device selection
in the mailbox actions pane.
