Microsoft Exchange ActiveSync is probably the mobile management tool most familiar to IT administrators, but many still have questions about what it can and can’t do.
Exchange ActiveSync is a protocol available on most
For users, enabling ActiveSync is typically a simple process. As long as IT has approved mobile access, all a user has to do is fill out a couple of fields and enter his or her username and password. For IT, the process is more involved. There are several steps to follow when setting up and securing ActiveSync, and admins must also familiarize themselves with the Exchange Server ActiveSync Web Administration Tool, the portal through which ActiveSync mobile management occurs.
The answers to these frequently asked questions will help IT understand how to set up Exchange ActiveSync mobile management and how it works on the major mobile operating systems: Apple iOS, Android and Windows Phone.
How can I make sure I’m using ActiveSync securely?
Securing Exchange ActiveSync is the first step towards successful ActiveSync mobile management. ActiveSync is available through Exchange Server’s client access server (CAS) role, and although you can install CAS on the same server as other Exchange roles, it’s better to keep them separate. Running CAS on its own server reduces the chances of an attack and limits the damage of any potential attacks. Other best practices include using a reverse proxy and enabling Secure Sockets Layer encryption.
Can I do Exchange ActiveSync mobile management on the iPhone?
ActiveSync lets you address basic enterprise iPhone security issues by implementing and enforcing policies, performing remote wipes and prohibiting the use of certain apps, such as the camera and Web browsers. There are some common problems that can occur between the iPhone and Exchange ActiveSync, however, and they may prevent devices from connecting to ActiveSync if not addressed.
If you want advanced capabilities, the iPhone Configuration Utility, Apple Configurator and new application programming interfaces offer more iOS 5 device management options. These features let IT deploy and backup devices, install and remove applications and monitor device status.
Is ActiveSync mobile management the same on all Android devices?
Fragmentation is a problem when it comes to Android devices, and not every device or operating system version supports the same ActiveSync mobile management capabilities. For example, Android 2.2 Froyo added some basic Android management features through ActiveSync, such as remote-wipe capabilities and Exchange mailbox policies, but the extent of these features still varied among devices made by different manufacturers. All Android 4.0 Ice Cream Sandwich devices will support the same version of ActiveSync, so the hope is that fragmentation will become less of a problem over time, but most users are still on older versions.
Does Windows Phone take advantage of full ActiveSync mobile management features?
ActiveSync mobile questions
Got more ActiveSync questions? Ask the IT Knowledge Exchange community for help!
Windows Mobile, Microsoft’s previous mobile OS, relied on full Exchange ActiveSync mobile management. Windows Phone 7 and 7.5 are more consumer-oriented OSes, however, and as such, Microsoft scaled back their ActiveSync mobile management capabilities. When it comes to management, Windows Phone 7 features are now more in line with those on iOS and Android. IT can enforce password policies, perform remote wipes and do other basic tasks, but for advanced features, admins will have to rely on Windows Phone’s integration with other Microsoft enterprise software.
This was first published in May 2012