Search
  • Videos
  • Windows 10
  • 5G
  • Best VPNs
  • Cloud
  • Security
  • AI
  • more
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Windows 10
    • 5G
    • Best VPNs
    • Cloud
    • Security
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

Use Exchange 2010 ActiveSync to limit mobile security issues

1 of 10 NEXT PREV
  • 464219.jpg

    Users in Exchange-based organizations enjoy comprehensive built-in mobility via ActiveSync; however, even as users clamor for smartphones, IT needs to make sure that these services are used in ways that are consistent with organizational policies. Although some users believe that these policies can be constraining, the situation would be much worse if the mobile device were to create a major security incident.

    There are a variety of third party solutions to manage, monitor, and control mobile devices, but many organizations loathe spending a lot of money on these kinds of services and are most concerned with being able to simply control how devices interact with their systems. Exchange 2010 includes a number of administrative controls to help IT departments provide these mobility services while enabling automated methods by which user's devices are required to adhere to policy.

    This TechRepublic gallery is also available as a Smartphones blog post.

    First and foremost, you get to decide whether ActiveSync is even available on a user by user basis. You can opt to disable ActiveSync for all users and then enable it only for those users who need it. In this figure, you see an Exchange Management Console screenshot that shows you my Exchange profile with ActiveSync enabled.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464220.jpg

    Exchange 2010 includes a default ActiveSync policy, but you can create others if you like. Each individual mailbox needs to be associated with an ActiveSync policy. To change the policy, choose ActiveSync and click Properties. On the Properties page, choose the policy that should apply to this user's devices.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464221.jpg

    If a user happens to lose his or her smartphone, you can take direct action by administratively disassociating that user's phone from the Exchange server or initiating a remote wipe of that user's attached device. To do so, from the Exchange Management Console, right-click the user's name and choose Manage Mobile Phone. You will see a screen like this one.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464222.jpg

    ActiveSync policies
    You can be even more granular through the use of ActiveSync policies. In Exchange 2010, you can create any number of ActiveSync policies and associate different policies with different users.

    ActiveSync policies are managed in the Exchange Management Console by navigating to the Organization Configuration | Clint Access node. From there, choose the Exchange ActiveSync Policies tab, right-click a policy you'd like to modify and, from the shortcut menu, choose Properties. I'll introduce you to each of the primary ActiveSync policy areas. Note: Some ActiveSync policies can only be used if your users have an Exchange Enterprise Client Access License.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464223.jpg

    The General tab is a place for general information about the policy, such as the policy name and how often the policy is refreshed. If you make regular changes to policies, you can specify a short refresh time, which ensures that devices will receive a new policy within that time period.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464224.jpg

    By requiring the use of a password, you protect a user's mobile device from casual snooping or from being immediately cracked in the event that it is lost or stolen. Via the ActiveSync Password tab, you can configure how long the password must be, how many failed attempts are allowed, password complexity, password expiration, and more. On this page, you can also indicate that only users with devices that support encryption can use ActiveSync.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464225.jpg

    The Sync Settings tab is the place for deciding how much information should be sent down to the device. You get to decide whether past calendar appointments are synchronized, and you can decide the maximum email size that will be pushed. You can also choose to disable the ability of roaming users to use ActiveSync/Direct Push. Depending on your organization's data plans, this could save the company money.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464226.jpg

    Some device features, such as cameras, Wi-Fi, and the other connectivity options, can present a security hazard to organizations in which sensitive information must be closely controlled. On the Device tab, you can choose to disable specific device features such as cameras and Bluetooth in order to combat the security issue.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464227.jpg

    How a device is used can be as important as the kind of data you allow it to access. Do you want users accessing the web using their phone's browser? Should they be allowed to check their personal mail account using the phone? In this figure, you can see that these items and more can be configured on the Device Applications tab.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

  • 464228.jpg

    On the Other tab, Microsoft has put everything else; in this case, that boils down to being able to decide which applications can be used on mobile devices.

    Summary
    While not necessarily as full-featured as comprehensive third-party solutions, Exchange's built-in ActiveSync provide you with a baseline set of security controls that might be enough to protect your company from the pitfalls sometimes associated with mobility.

    All screenshots by Scott Lowe for TechRepublic.
    Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

    Caption by: Andy Smith

1 of 10 NEXT PREV
Andy Smith

By Andy Smith | September 10, 2010 -- 08:05 GMT (01:05 PDT) | Topic: Smartphones

  • 464219.jpg
  • 464220.jpg
  • 464221.jpg
  • 464222.jpg
  • 464223.jpg
  • 464224.jpg
  • 464225.jpg
  • 464226.jpg
  • 464227.jpg
  • 464228.jpg

Exchange 2010's built-in ActiveSync provide you with a baseline set of security controls that might be enough to protect your company from the pitfalls sometimes associated with mobility.

Read More Read Less

Users in Exchange-based organizations enjoy comprehensive built-in mobility via ActiveSync; however, even as users clamor for smartphones, IT needs to make sure that these services are used in ways that are consistent with organizational policies. Although some users believe that these policies can be constraining, the situation would be much worse if the mobile device were to create a major security incident.

There are a variety of third party solutions to manage, monitor, and control mobile devices, but many organizations loathe spending a lot of money on these kinds of services and are most concerned with being able to simply control how devices interact with their systems. Exchange 2010 includes a number of administrative controls to help IT departments provide these mobility services while enabling automated methods by which user's devices are required to adhere to policy.

This TechRepublic gallery is also available as a Smartphones blog post.

First and foremost, you get to decide whether ActiveSync is even available on a user by user basis. You can opt to disable ActiveSync for all users and then enable it only for those users who need it. In this figure, you see an Exchange Management Console screenshot that shows you my Exchange profile with ActiveSync enabled.

All screenshots by Scott Lowe for TechRepublic.
Published: September 10, 2010 -- 08:05 GMT (01:05 PDT)

Caption by: Andy Smith

1 of 10 NEXT PREV

Related Topics:

Smartphones Mobility iPhone iOS Hardware Reviews
Andy Smith

By Andy Smith | September 10, 2010 -- 08:05 GMT (01:05 PDT) | Topic: Smartphones

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • When phone brands meet photo brands

    The combinations of companies known for imaging excellence and those known for covering every base in a smartphone can be a picture perfect match or ruined exposure. ...

  • Mous cases for the Samsung Galaxy S21: Drop protection and magnetic accessory features

    Mous has a couple of case options for the Samsung Galaxy S21 lineup. Both models offer AiroShock drop protection while the Limitless 3.0 case includes strategically placed magnets ...

  • Incipio and Survivor cases for Samsung Galaxy S21 Ultra: Dual-layer and compostable options

    Wrapping your expensive phone in a case is a good way to provide extra protection. Dual-layers, enhanced grip, and even cases you can easily recycle are available from Incipio and ...

  • Gear4 and InvisibleShield for Galaxy S21 Ultra: Impact protection and anti-microbial treatment

    ZAGG has Gear4 case options and InvisibleShield screen protection for the new Samsung Galaxy S21 Ultra 5G. Various levels of drop protection are provided in different case models. ...

  • Samsung Galaxy S21 Speck Presidio cases: Drop and antimicrobial protection

    Speck cases are designed to help you hold onto your phone and if you happen to drop it then the case is there to aid in the likelihood of survival. 13-feet drop protection and Microban ...

  • How to test chargers and power banks to make sure they don't blow up your expensive smartphone

    I test dozens of chargers and power banks every month, and you can be guaranteed that plugging my expensive iPhone or iPad into them isn't the first thing I do. (Updated: October 2018) ...

  • Spigen cases for the Samsung Galaxy S21 series: Affordable prices, professional looks

    Spigen offers a wide range of case options for the new Galaxy S21 series with prices ranging from $19.99 to $39.99. All the cases are available in black with a couple subtle color options ...

ZDNet
Connect with us

© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

  • Topics
  • Galleries
  • Videos
  • Sponsored Narratives
  • Do Not Sell My Information
  • About ZDNet
  • Meet The Team
  • All Authors
  • RSS Feeds
  • Site Map
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums