How to Avoid the Smartphone Exchange Policy Lie

The recent revelation that Apple's iPhone OS had been falsely reporting to Exchange servers that iPhones and iPod Touches provided on-device encryption when in fact they did not has raised several questions regarding mobile device support for EAS (Exchange ActiveSync) policies -- vital safeguards many businesses employ to secure access to corporate information, whether to meet specific regulations or as a matter of general security prudence.

By Galen Gruman
Thu, September 24, 2009

InfoWorld — The recent revelation that Apple's iPhone OS had been falsely reporting to Exchange servers that iPhones and iPod Touches provided on-device encryption when in fact they did not has raised several questions regarding mobile device support for EAS (Exchange ActiveSync) policies -- vital safeguards many businesses employ to secure access to corporate information, whether to meet specific regulations or as a matter of general security prudence.

Slideshow: Best Smartphones for Under $100

As it turns out, information on EAS policy support among mobile devices is not easy to come by. Also not easy is ascertaining what exactly will happen when an Exchange server is configured to use a policy that any given mobile device may or may not support.

[ The InfoWorld Test Center evaluates just what Apple's iPhone Configuration Tool can manage. | Read the "7 myths about iPhone Exchange policies" that users often believe. ]

Here's what IT can do to ensure the EAS policy compliance of users' mobile devices.

What EAS policies the devices really do support

Exchange ActiveSync 2007 supports 29 access and security policies that IT can enable. (To get the details on the policies and their values, check out Microsoft's documentation for Exchange Server 2007 policies.)

Just a handful of mobile devices support at least some EAS policies: Apple's iPhone; smartphones using Microsoft's Windows Mobile OS; Nokia's E and N series, as well as the S60 through a download; and Palm's WebOS, along with its defunct Palm OS.

Windows Mobile 6.1 supports all 29 policies, though an Exchange enterprise license is needed for 14 of them. Apple and Nokia did not respond to InfoWorld's request to list specifically what EAS policies their devices support; a Palm spokeswoman was unable to find the information even after several days. All three companies have published limited information on their Web sites:

* Nokia's site says that it supports "all security policies," without indentifying which ones those are.

* Apple's site says the iPhone supports Allow Camera, Password Enabled, Allow Simple Password, Alphanumeric Password, Password Expiration, Password History, Maximum Failed Password Attempts, Minimum Password Length, Maximum Inactivity Time Lock, Policy Refresh Interval, Minimum Device Complex Characters, Require Manual Synchronization While Roaming, and -- in iPhone OS 3.1 only -- Require Device Encryption.

* Palm's Web site says its WebOS 1.1 supports Password Enabled, Alphanumeric Password, Password History, Maximum Failed Password Attempts, Maximum Password Length, Maximum Inactivity Lock, Minimum Device Complex Characters, and Password Recovery.

Google's Android OS does not support EAS at all, and Research in Motion's BlackBerry does not support EAS directly. Instead, you use RIM's BlackBerry Enterprise Server, which has its own set of policies, all of which, of course, the BlackBerry OS supports.

Continue Reading

Our Commenting Policies