Professional Archive Manager for Exchange

Home

Exchange ActiveSync and iPhone OS 3.1

Published 09/22 courtesy of MS Exchange Team

Many Exchange Server customers have reported issues logging on to Exchange using iPhone devices older than iPhone 3GS. iPhones support Exchange ActiveSync (EAS), the same protocol supported by Windows Mobile devices, and licensed by many other mobile device manufacturers.

Exchange Server 2007 SP1 and later support many additional policy settings. Two policy settings that are of interest here are:

  1. Require device encryption: When you enable this policy, mailbox data synchronized and stored to a mobile device is encrypted.


    Fig 1: Exchange ActiveSync policy requiring device encryption

  2. Allow Non Provisionable Devices: You can disable this setting (default) to prevent provisioning of devices that cant fully apply Exchange ActiveSync policies.

The iPhone 3GS supports device encryption, and is the first version to do so. Previous iPhone models, including the iPhone 3G, do not support device encryption. Additionally, before iPhone OS 3.1, these devices did not communicate their policy status correctly, resulting in the devices being able to connect to Exchange Server, even if your Exchange ActiveSync policy required device encryption and did not allow non-provisionable devices.

iPhone OS 3.1 correctly reports its policy status. As a result, if your policy requires device encryption and doesnt allow non provisionable devices, previous models of iPhone which dont support device encryption are prevented from accessing the mailbox.

After considering your organizations security policy, if you need to allow older iPhone devices to connect, you can modify the Exchange ActiveSync policy to either allow non provisionable devices, which will still enforce device encryption on devices that do support it, or you can disable device encryption. Note, allowing non-provisionable devices allows devices that may enforce some policies, or may not enforce any policies at all. Alternatively, you can create another policy which does not require device encryption, and apply it only to mailbox users with devices that do not support device encryption.

For more details about Exchange ActiveSync policies, see Understanding Exchange ActiveSync Mailbox Policies in Exchange 2007 documenation.

-Bharat Suneja

Recent SharePoint Questions

more sharepoint questions

More Articles By

Uncovering the new RPC Client Access Service in Exchange 2010 (Part 3)

The new RPC Client Access service included with Exchange 2010. Read more

Read more

AppRiver Exchange Hosting - Voted MSExchange.org Readers Choice Award Winner - Exchange Hosting

AppRiver Exchange Hosting was selected the winner in the Exchange Hosting Category of the MSExchange.org Readers Choice Awards. Intermedia Hosted Exchange and Apptix Exchange Hosting were first runner-up and second…

Read more

Address Lists in Exchange 2007 (Part 4)

Discussing the client-side of Offline Address Books.

Read more

More Articles

Best Practices: Migrating from Lotus Notes to Microsoft Exchange ... - ZDNet


Best Practices: Migrating from Lotus Notes to Microsoft Exchange ...
ZDNet
Many companies are moving from IBM Lotus Notes to Microsoft Exchange and SharePoint for a number of reasons: Microsoft's rich…

Read more

Back Pressure Changes in Exchange 2007 SP1 - Windows & Net Magazine


Back Pressure Changes in Exchange 2007 SP1
Windows & Net Magazine, OH
Before exploring further, it's important to know that Exchange stores back pressure settings in an XML format application configuration file…

Read more

Go the Hosted Route to Test Exchange 2010 - Windows & Net Magazine


Go the Hosted Route to Test Exchange 2010
Windows & Net Magazine, OH
Are you looking to sample the charms of Microsoft Exchange Server 2010, but you're not sure you're ready to…

Read more

Professional Archive Manager for Exchange