Exchange 2007 Service pack 1 - Why it's important for Mobile Users
Exchange 2007 Service Pack 1 has just been released to the web for Download. It even made the front page of the latest Technet Magazine which is quite surprising for a Service Pack.
There are many key enhancements in Service Pack 1 however from a mobile perspective there are some very important additions.
With Service Pack 1 we have added 30+ new policies for Exchange Activesync. These new policies will require a future version of Windows Mobile (similar to System Center Mobile Device Manager 2008) however they can be implemented within your Exchange 2007 environment now ready for when that version becomes available.
There are 2 different categories of policies - the first set control the Sync, Authentication and Encryption settings. The second set are really focused on controlling functions on the device.
Sync
Within the Synchronisation setup we have the ability to configure many of the synchronisation options on the device:
Configure message formats (HTML or plain txt)
Include past email items
Email body truncation size
HTML email body truncation size
Include past calendar items (Duration)
Require manual sync while roaming
Authentication
With the device password we can enforce more complexity as well as setting a password expiration and remembering password history
Minimum number of complex characters
Enable password recovery
Allow simple password
Password Expiration (Days)
Enforce password history
Allow Windows file share access
Allow Windows SharePoint access
Encryption
From a security perspective we can control the use of SMIME as well as whether Device Encryption is enforced
Require signed SMIME messages
Require encrypted SMIME messages
Require Signed SMIME algorithm
Require encrypted SMIME algorithm
Allow SMIME encrypted algorithm negotiation
Allow SMIME SoftCerts
Enforce Device encryption
As I mentioned previously the second set of policies control much of the device, network and application functionality.
Device Control
Disable desktop ActiveSync
Disable removable storage
Disable camera
Disable SMS and any MMS text messaging
Network Control
Disable Wi-Fi
Disable Bluetooth
Disable IrDA
Allow internet sharing from device
Allow desktop sharing from device
Application Control
Disable POP3/IMAP4 email
Allow consumer email
Allow browser
Allow unsigned applications
Allow unsigned CABs
Application allow list
Application block list
With Service Pack 1 we have added 30+ new policies for Exchange Activesync. These new policies will require a future version of Windows Mobile (similar to System Center Mobile Device Manager 2008) however they can be implemented within your Exchange 2007 environment now ready for when that version becomes available.
There are 2 different categories of policies - the first set control the Sync, Authentication and Encryption settings. The second set are really focused on controlling functions on the device.
Sync
Within the Synchronisation setup we have the ability to configure many of the synchronisation options on the device:
Configure message formats (HTML or plain txt)
Include past email items
Email body truncation size
HTML email body truncation size
Include past calendar items (Duration)
Require manual sync while roaming
Authentication
With the device password we can enforce more complexity as well as setting a password expiration and remembering password history
Minimum number of complex characters
Enable password recovery
Allow simple password
Password Expiration (Days)
Enforce password history
Allow Windows file share access
Allow Windows SharePoint access
Encryption
From a security perspective we can control the use of SMIME as well as whether Device Encryption is enforced
Require signed SMIME messages
Require encrypted SMIME messages
Require Signed SMIME algorithm
Require encrypted SMIME algorithm
Allow SMIME encrypted algorithm negotiation
Allow SMIME SoftCerts
Enforce Device encryption
As I mentioned previously the second set of policies control much of the device, network and application functionality.
Device Control
Disable desktop ActiveSync
Disable removable storage
Disable camera
Disable SMS and any MMS text messaging
Network Control
Disable Wi-Fi
Disable Bluetooth
Disable IrDA
Allow internet sharing from device
Allow desktop sharing from device
Application Control
Disable POP3/IMAP4 email
Allow consumer email
Allow browser
Allow unsigned applications
Allow unsigned CABs
Application allow list
Application block list
