Posting on his "Mr. Mobile" blog, Microsoft Enterprise Mobile Solution Specialist Jason Langridge wrote that while there are many enhancements in SP1, the most important from a mobile perspective are the more than thirty new policies for Exchange ActiveSync. These new policies can be implemented within an Exchange 2007 environment now, but will only support devices running the
forthcoming version of Windows Mobile.
The management console in Exchange Server 2007 Service Pack 1
(Click to enlarge)There are two different categories of policies, according to Langridge. Policies in the first aim to control a device's synchronization, authentication, and encryption settings. Those in the second aim to control more general functionality.
Synchronization options listed by Langridge include:
- Configure message formats (HTML or plain text)
- Include past email items
- Email body truncation size
- HTML email body truncation size
- Include past calendar items (Duration)
- Require manual sync while roaming
Authentication settings include:
- Minimum number of complex characters in a password
- Enable password recovery
- Allow simple password
- Password expiration (Days)
- Enforce password history
- Allow Windows file share access
- Allow Windows SharePoint access
Encryption settings are:
- Require signed SMIME messages
- Require encrypted SMIME messages
- Require signed SMIME algorithm
- Require encrypted SMIME algorithm
- Allow SMIME encrypted algorithm negotiation
- Allow SMIME SoftCerts
- Enforce Device encryption
The second set of options lets admins enable or disable a wide variety of a device's hardware and software, according to Langridge. On the hardware side, a device's camera, WiFi connection, Bluetooth, infrared ports, and desktop ActiveSync connection can all be disabled. In terms of software, a device's web browser can be disabled, as can SMS and MMS messaging capabilities. Administrators can also decide whether or not to allow unsigned applications or .CAB installer files to run, according to Langridge.
These features complement those previously announced as part of Microsoft's forthcoming
System Center Mobile Device Manager 2008. To be available "in the second quarter of 2008," that product is said to leverage existing Microsoft products and services -- including Active Directory, Certificate Authorities, SQL Server, Internet Information Services 6.0 (IIS), and .NET Framework 2.0 -- and to allow more than 125 security policies to be applied to mobile devices.
Microsoft has previously released a list of phones that will support the new management features in System Center Mobile Device Manager 2008. Since the management features in the new Exchange Server release represent a subset of those features, the following phones should also work -- likely with an OS upgrade -- with the new Exchange Server management capabilities.
Phones likely compatible with the new management capabilities in Exchange Server 2007 SP1 and System Center Mobile Device Manager
(Clockwise: AT&T Blackjack II, AT&T Tilt, HTC Advantage, HTC Mogul, HTC Touch, Motorola Q Music 9m, Palm Treo 750, Samsung SCH i760, T-Mobile Wing, and Verizon SMT5800/XV6800. Click each for details)Meanwhile, SP1 of Exchange Server 2007 can be downloaded from Microsoft's Web site,
here. The download can be used to perform a complete installation of the product, or to update an existing installation, according to the company.
A list of other new features in Exchange Server 2007, SP1, may be available at Microsoft's TechNet site,
here. A table summarizing the different versions of Exchange and the mobile device policies they can enforce can be found in Jason Langridge's blog,
here. His original post on the release of Exchange Server 2007 SP1 can be found
here.
Related stories:
