However, when your connection fails -- which happens more often than we'd like to admit -- you can perform some great validation tests through either the Exchange Management Shell with its test cmdlets or through a site called the Exchange Remote Connectivity Analyzer. The latter is a free tool provided by the Microsoft Exchange team to help you to validate your configuration and/or locate areas that are misconfigured.
5. Establish security settings through policies
Most of the security you will apply is handled on Exchange's Server Configuration level by working with your virtual folder settings under the Client Access role or through the Organization Configuration level through the Client Access role. It's under that Organization Configuration level or node that you will find your policy settings for Outlook Web App connections and ActiveSync. You can create many policies, but you can apply only one OWA policy and one ActiveSync policy to a specific user. It's best to figure out the various roles your company has for users and set up specific policies for each role. Next, determine which users have which roles and, thus, apply the appropriate policies.
These policies allow you to configure quite a bit in terms of functionality for users. For example, through the OWA policy settings you can enable or disable certain features. Let's say you don't want users to access their calendar in OWA; you can create a policy that disables calendar access, then lock down the calendar for affected users.
The same is true of the ActiveSync policies. You can configure more than 50 settings that enforce passwords and password policies, as well as allow or deny access to phone features like the camera or browser. These policy settings let you do the heavy lifting of securing your environment, but use them sparingly, so you're not tying users into needless knots.
6. Consider the future BPOS (aka Office 365) as a possibility
You may think, "Wow, this is more involved than I would like," though in my opinion, Exchange 2010 makes the process so much easier. But if you're looking for alternative solution to in-house Exchange, I recommend you consider Microsoft's cloud-based Business Productive Online Standard (BPOS) suite, which allows for connectivity through OWA, ActiveSync, and more, and it doesn't require any configuration on your part. Granted, your control is limited, but if you really need connectivity and not ultimate command and you are in a smaller environment, it's a good approach. And keep an eye out on its forthcoming sucessor, Office 365, which looks like it mght even bemore capable.
By the way, this week I'm speaking at TechMentor in Las Vegas, with the majority of my sessions focused on Exchange. That may have something to do with my recently being awarded the Microsoft MVP status. It's nice to be welcomed into the sacred fold of Microsoft MVPs for my community work in Exchange.
This article, "Getting out-of-office users securely connected to Exchange," was originally published at InfoWorld.com. Read more of J. Peter Bruzzese's Enterprise Windows blog and follow the latest developments in networking and Windows at InfoWorld.com.