Exchange Server 2007 SP1: Take control of your Windows Mobile devices

by Bharat Suneja

Microsoft announced availability of SP1 Beta 2 as a community technology preview (read Exchange product group GM Terry Myerson’s post “Announcing Service Pack 1 Beta 2 for Exchange Server 2007“). Yes, the much awaited bag of goodies that SP1 promises to be is now within reach, if you’re a TechNet Plus or MSDN subscriber.

SP1 greatly enhances policy-based control of Windows Mobile devices – ActiveSync policies now have enough settings to please most IT security folks and administrators who require more control over mobile devices.

Here are some screenshots.


Figure 1: The Password tab now allows you to enforce encryption on storage cards inserted in Windows Mobile devices


Figure 2: New Sync Settings tab allows control of messasge sizes (that can be synched to device), restrict synch when roaming, allow/disallow html mail on device, restrict attachment downloads and control attachment sizes (that can be downloaded). You can also control how many days/weeks worth of past email and calendar items can be downloaded to WM devices.


Figure 3: New Device tab allows control of device components like Wi-Fi, camera, removable storage cards, infra-red, and Bluetooth (including ability to limit Bluetooth connectivity only to hands-free headsets), restrict RDP sessions from device, restrict synchronization from a desktop, and restrict internet sharing from device.


Figure 4: New Advanced tab allows control of browser usage, consumer mail (i.e. home/personal email accounts), unsigned applications and unsigned installation packages, and also restrict which applications can and cannot run on a device, (comparable to some Group Policy settings that can be applied to Windows desktop/client and server operating systems)

As the screenshots above state, the settings on the Device and Advanced tabs require an Enteprise CAL for each mailbox that has these settings enabled.

Windows Mobile shops have a lot to be pleased about with SP1, as Exchange ActiveSync + Windows Mobile get ready to give BlackBerry a run for its money.

{ 4 comments… read them below or add one }

Anonymous December 18, 2007 at 11:46 am

Its just a shame that an Enterprise CAL is required for additional Active sync policy settings.. May prove expensive!

Reply

Anonymous February 7, 2008 at 9:50 am

Its also a shame that the Sync Settings that should be available without a Enterprise CAL do not work.

Reply

K.Rock September 4, 2009 at 7:19 am

Do you have to have an ECAL to allow uses to use the features? So if all of the boxes were checked, does that require an ECAL? Or if you disable features (Uncheck boxes) then this would require an ECAL?

Don't understand why I have to buy and ECAL to enable features… it is the same as selling a car, but oh the wheels are extra.

Reply

Bharat Suneja September 8, 2009 at 3:50 pm

@ K.Rock: I like the car analogy. Unfortunately, the dynamics of developing and licensing software are quite different than selling autos. :)

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: