You are on page 1of 14

Exchange ActiveSync Polices

Jack Suze 5/11/2012

Contents
Introduction .................................................................................................................................................. 3 Steps to create a Exchange ActiveSync Mailbox Policy ................................................................................ 3 Configuring policies (enabling & disabling)................................................................................................... 6 General...................................................................................................................................................... 6 Password ................................................................................................................................................... 7 Sync Settings ............................................................................................................................................. 8 Device........................................................................................................................................................ 9 Device Applications ................................................................................................................................. 10 Other ....................................................................................................................................................... 11 Applying EAS Mailbox policy to a user ........................................................................................................ 13

2|Page

Introduction
This document describes a step by step process about how to create and apply Exchange ActiveSync server polices on an Exchange Mailbox User. Exchange Management Console (EMC) provides a provision to an admin to maintain different set of EAS policies to various groups in an organization. For example, an admin can create an EAS mailbox policy exclusive to Sales group in an organization or even to one user mailbox.

Steps to create a Exchange ActiveSync Mailbox Policy


1. 2. 3. Open EMC Select Client Access by expanding Organization Configuration in the Console Tree Go to Exchange ActiveSync Mailbox Policies tab in the Result pane

4. 5. 6.

Click on New Exchange ActiveSync Mailbox Policy in the Action pane It opens a New Exchange ActiveSync Mailbox Policy wizard screen Give a Mailbox policy name and click on New button

3|Page

7.

Click on Finish in Complete wizard screen

4|Page

8.

The above newly created EAS Mailbox Policy will be displayed in Exchange ActiveSync Mailbox Policies tab in the Result pane

5|Page

Configuring policies (enabling & disabling)


EAC provides various categories of tabs to control the EAS provisioned device. Select the above created policy (QA) and click Properties in Action pane

General
Use the General tab to specify types of mobile phones that can connect to the Exchange server

Allow non-provisionable devices Select this check box to allow mobile phones that can't be provisioned automatically. These mobile phones may be unable to enforce all the Exchange ActiveSync policy settings. By selecting this box, you're allowing these mobile phones to synchronize even though some policy settings may not be applied. Refresh interval Select this check box to force the server to resend the policy to clients at a fixed interval defined in the number of hours between policy refresh events.

6|Page

Password
Use the Password tab to set password requirements for Exchange ActiveSync clients.

Require password Select this checkbox to require a password for the mobile phone. If passwords are required, the following options become available. Require alphanumeric password Select this check box to specify that the mobile phone password must include non-numeric characters. Requiring non-numeric characters in passwords increases the strength of password security. Minimum number of character sets Use this text box to specify the complexity of the alphanumeric password and force users to use a number of different sets of characters from among the following: lower case letters, upper case letters, symbols and numbers. Enable password recovery Select this check box to enable password recovery for the mobile phone. Users can use Outlook Web App to look up their recovery password and unlock their mobile phone. Administrators can use the EMC to look up a user's recovery password. Require encryption on device Select this check box to require encryption on the mobile phone. This increases security by encrypting all information on the mobile phone. Require encryption on storage cards Select this check box to require encryption on the mobile phones removable storage card. This increases security by encrypting all information on the storage cards for the mobile phone. Allow simple password Select this check box to allow users to lock their mobile phones with simple passwords such as 1111 or 1234. If you clear this check box, users will be required to use more secure password sequences.

7|Page

Number of failed attempts allowed Use this text box to limit the number of failed password attempts a mobile phone accepts before all information on the mobile phone is deleted and the mobile phone is automatically returned to the original factory settings. This reduces the chance of an unauthorized user accessing information on a lost or stolen mobile phone that has a password. Minimum password length Use this text box to specify a minimum password length for the mobile phone password. Long passwords can provide increased security. However, long passwords can decrease mobile phone usability. A moderate password length of four to six characters is recommended. Time without user input before password must be re-entered (in minutes) When a mobile phone password is required, you can use this text box to prompt the user for the password after the mobile phone has been inactive for a specified period of time. For example, if this setting is set to 15 minutes, the user must enter the mobile phone password every time that the mobile phone is idle for 15 minutes. If the mobile phone is idle for 10 minutes, the user won't have to re-enter the password. Password expiration (days) Use this text box to force users to reset their mobile phones password at a given interval. The interval is set in a number of days. Enforce password history Select this check box to force the mobile phone to prevent the user from reusing their previous passwords. The number you set determines how many past passwords the user won't be allowed to reuse.

Sync Settings
Use the Sync Settings tab to specify a variety of synchronization-specific settings.

Include past calendar items Use this drop-down list to select the date range of calendar items to synchronize to the mobile phone. The available options include the following: All, Two Weeks, One Month, Three Months, and Six Months. If you have to specify other options, use the Shell to configure this setting.

8|Page

Include past e-mail items Use this drop-down list to select the date range of e-mail items to synchronize to the mobile phone. The available options include the following: All, One Day, Three Days, One Week, Two Weeks, and One Month. If you have to specify other options, use the Shell to configure this setting. Limit e-mail size to (KB) Select this check box to limit the message size that can be downloaded to the mobile phone. After you've selected the check box, use the text box to specify a maximum message size, in kilobytes (KB). Allow Direct Push when roaming Select this check box to enable the mobile phone to synchronize as new items arrive when you're roaming with your phone. You're roaming when you're outside your normal service area. Check with your mobile service provider to determine your normal service area. Clearing this check box forces you to manually launch synchronization when you're roaming with the phone and data rates are traditionally higher. Allow HTML-formatted e-mail Select this check box to enable e-mail messages that are formatted in HTML to be synchronized to the mobile phone. If this check box isn't selected, all e-mail messages will be converted to plain text before synchronization. Use of this check box doesn't affect whether or not messages are received on the mobile phone. Allow attachments to be downloaded to device Select this check box to enable attachments to be downloaded to the mobile phone. If this check box is cleared, the name of the attachment is visible within the e-mail message but can't be downloaded to the mobile phone. Maximum attachment size (KB) Select this check box to specify a maximum size for attachments that are downloaded to the mobile phone. After you select the check box, use the text box to enter a maximum attachment size, in KB. If this check box is selected, attachments that are larger than the specified size can't be downloaded to the device.

Device
Use the Device tab to specify a variety of device-specific settings. All settings that you access on the Device tab of the Exchange ActiveSync policy Properties page are premium features of Exchange ActiveSync. For these features to be implemented on a mobile phone, the mailbox requires an Exchange Enterprise client access license (CAL).

9|Page

Allow removable storage Select this check box to allow storage cards to be accessed from a mobile phone. If this check box isn't selected, storage cards can't be accessed from a mobile phone. Allow camera Select this check box to allow the mobile phone camera to be used. Allow Wi-Fi Select this check box to allow the mobile phone to use a Wi-Fi connection for Internet access. Direct Push isn't supported over Wi-Fi. Allow infrared Select this check box to allow the mobile phone to establish an infrared connection with other devices or computers. Allow Internet sharing from device Select this check box to allow another device to share the Internet connection of the mobile phone. Internet sharing is frequently used when the device functions as a modem for a laptop or desktop computer. Allow remote desktop from device Select this check box to allow the mobile phone to establish a remote desktop connection to another computer. Allow desktop synchronization Select this check box to allow the mobile phone to synchronize with a desktop computer through desktop ActiveSync or the Windows Mobile Device Center. Allow Bluetooth Use this drop-down list to control the Bluetooth functionality of the mobile phone. You can choose to Allow, Disable, or enable Bluetooth for Handsfree only.

Device Applications
Use the Device Applications tab to enable or disable specific features on a mobile phone. All settings that you access on the Device Applications tab of the Exchange ActiveSync policy Properties pages are premium features of Exchange ActiveSync. For these features to be implemented on a mobile phone, the mailbox requires an Exchange Enterprise client access license (CAL).

10 | P a g e

Allow browser Select this check box to allow mobile phones to use Pocket Internet Explorer. (It does not control access to third-party mobile phone browsers) Allow consumer mail Select this check box to allow the mobile phone to access e-mail accounts other than Microsoft Exchange accounts. Consumer e-mail accounts include accounts that are accessed through POP3 and IMAP4. (It does not control access to third-party mobile phone e-mail applications) Allow unsigned applications Select this check box to allow unsigned applications to be installed on the mobile phone. Allow unsigned installation packages Select this check box to allow unsigned installation packages to be run on the mobile phone.

Other

Use the Other tab to specify allowed and blocked applications. All settings that you access on the Other tab of the Exchange ActiveSync policy Properties pages are premium features of Exchange ActiveSync. For these features to be implemented on a mobile phone, the mailbox requires an Exchange Enterprise client access license (CAL). Allowed Applications You can add applications to or remove them from the Allowed Applications list. Allowed applications can be installed and run on the mobile phone. Click Add to add an application, and click Delete to remove an application.

11 | P a g e

Blocked Applications You can add applications to or remove them from the Blocked Applications list. Blocked applications are prohibited from running on the mobile phone. Click Add to add an application, and click Delete to remove an application.

12 | P a g e

Applying EAS Mailbox policy to a user


1. 2. Navigate to Recipient ConfigurationMailbox in Console tree Select a user or multiple users on whom policies to be applied in Result pane

3. 4.

Click on Properties in the Action pane to set selected user properties Click on Mailbox Features in User Properties window

13 | P a g e

5.

Double click on Exchange ActiveSync in Mailbox Features policies.

6. Click on Browse button to choose an Exchange ActiveSync Mailbox Policy from the available list of

7. Select ActiveSync Mailbox Policy from the list of policies and click on OK for three times to apply chosen
policy to a user. Ex: QA

14 | P a g e