Use a mobile management server. The third option costs money, but gives you the most control and confidence that you're not being fooled: Use a mobile management server such as Good Technology's or MobileIron's along with a mobile client that works with that server. For example, Good has a mobile client for the iPhone, Palm WebOS, and Android OSes that add on-device encryption using the Defense Department-grade FIPS standards. It also adds encryption to Windows Mobile 6.0 and earlier (later Windows Mobile versions come with on-device encryption). And MobileIron's product knows what EAS policies that, say, an iPhone supports and thus will block devices that lie about them.
Note that not all mobile management platforms can help enforce EAS policies or add missing policy support to mobile devices. For example, the Zenprise server does not provide these capabilities, though the company says a future version of the server and companion mobile client software will.
7 myths about iPhone Exchange policies
Misinformation about connecting iPhones to corporate networks could get your business into serious trouble
The other iPhone lie: VPN policy support
The iPhone OS 3.1 fixed false reporting about Exchange policy adherence. It turns out that a similar flaw existed for VPN policies, too
Apple betrays the iPhone's business hopes
Apple's fix of a security hole reveals a long-simmering flaw and makes many iPhones suddenly incompatible with Exchange
Mac (in)security: How to secure Macs in business
As Macs make their way into the enterprise, IT needs to address these six security flaws before disaster strikes
21 apps Apple doesn't want on your iPhone
Worthwhile productivity apps you won't find at the App Store
The no-junk business iPhone apps finder
InfoWorld's interactive catalog of iPhone apps designed for businesses, professionals, and IT staff