The recent revelation that Apple's iPhone OS had been falsely reporting to Exchange servers that iPhones and iPod Touches provided on-device encryption when in fact they did not has raised several questions regarding mobile device support for EAS (Exchange ActiveSync) policies -- vital safeguards many businesses employ to secure access to corporate information, whether to meet specific regulations or as a matter of general security prudence.
As it turns out, information on EAS policy support among mobile devices is not easy to come by. Also not easy is ascertaining what exactly will happen when an Exchange server is configured to use a policy that any given mobile device may or may not support.
[ The InfoWorld Test Center evaluates just what Apple's iPhone Configuration Tool can manage. | Read the "7 myths about iPhone Exchange policies" that users often believe. ]
Here's what IT can do to ensure the EAS policy compliance of users' mobile devices.
What EAS policies the devices really do support
Exchange ActiveSync 2007 supports 29 access and security policies that IT can enable. (To get the details on the policies and their values, check out Microsoft's documentation for Exchange Server 2007 policies.)
Just a handful of mobile devices support at least some EAS policies: Apple's iPhone; smartphones using Microsoft's Windows Mobile OS; Nokia's E and N series, as well as the S60 through a download; and Palm's WebOS, along with its defunct Palm OS.
Windows Mobile 6.1 supports all 29 policies, though an Exchange enterprise license is needed for 14 of them. Apple and Nokia did not respond to InfoWorld's request to list specifically what EAS policies their devices support; a Palm spokeswoman was unable to find the information even after several days. (Update: I finally got an answer from Palm eight weeks later, confirming the information below.) All three companies have published limited information on their Web sites:
Read more about mobilize in InfoWorld's Mobilize Channel.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »This has little to do with the client/server system and all about truth in advertising.
As far as client/server is concerned, how exactly is the client supposed to confirm to the server that the data is encrypted?
Sign up to receive InfoWorld Resource Alerts
34 Recommendations
2 replies