| Exchange 2010 Active Sync Security Features |
 |
 |
| Written by Praveen |
| Wednesday, 21 July 2010 20:54 |
|
By default when you install the Exchange 2010 CAS server, it enables the Microsoft Exchange Active Sync. The active sync feature lets us to synchronize our emails(Exchange 2010 mailbox) into a mobile phone. Exchange ActiveSync can synchronize e-mail messages, calendar items, contacts, tasks, and notes. Here in this post I have tried to share you more about the security features of Exchange Active Sync. Exchange Active Sync security: We can configure Exchange Active Sync to use SSL encryption for the communication between the Exchange server and the mobile device. The certification can be either self-signed or a third party certificate. You can use the certificate along with the other security features such as device password to turn the device into a smartcard. The private key and the certificate for the client authentication are saved in the device memory. Any unauthorized access to the device will purge all the user data along with the private key and certificate information. Device Security Features: Apart from the communication encryption feature, Exchange Active Sync also offers the below device security features. Remote wipe If a mobile phone is lost, stolen, or otherwise compromised, you can issue a remote wipe command from the Exchange Server computer or from any Web browser by using Outlook Web App. This command erases all data from the mobile phone. You can use one of the below method for Remote Wipe, Use EMC
Use ECP/OWA
Use EMS(Management Shell) Open Management Shell and use the cmdlet Get-ActiveSyncDeviceStatistics to retrieve the device identity Cmdlet:- Get-ActiveSyncDeviceStatistics - Mailbox Praveen | fl Identity The above command will give us the identity of the device, use the cmdlet to wipe the identified device. Cmdlet:- Clear-ActiveSyncDevice -Identity WM_Praveen
Device password policies Exchange ActiveSync lets you configure several options for device passwords. These options include the following: Minimum password length (characters) The default length is 4 characters, but as many as 18 can be included. Require alphanumeric password You can enforce the usage of a character or symbol in the password in addition to numbers. Basically the password strength. Inactivity time (seconds) This option determines how long the mobile phone must be inactive before the user is prompted for a password to unlock the mobile phone. Wipe device after failed (attempts) This option specifies how many failed attempts before the device wipe out. How to configure Exchange Active Sync Policies We can use the EMC or the management shell to configure the Exchange Active Sync policies. Use EMC Open EMC and navigate to Organization Configuration>Client Access
Select the Default Policy(You can create a new policy and add users) and click on Action menu and open the properties.
Set the necessary settings as per your requirement. Use Exchange Management Shell We can use the cmdlet Set-ActiveSyncMailboxPolicy to configure the Exchange Active Sync policies. Below shows one such cmdlet. Set-ActiveSyncMailboxPolicy -Identity Default -DevicePasswordEnabled $true -DevicePasswordExpiration 12 -DevicePasswordHistory 10 -MaxDevicePasswordFailedAttempts 7 -MaxInactivityTimeDeviceLock 00:10:00 -MinDevicePasswordLength 4 -PasswordRecoveryEnabled $true Now we can verify the setting by running the cmdlet Get-ActiveSyncMailboxPolicy
As you can see there are some very useful settings when compared to the Exchange 2003 like Enable password recovery to enable password recovery for the mobile phone. Users can use Outlook Web App to look up their recovery password and unlock their mobile phone. Administrators can use the EMC to look up a user's recovery password. Ref - Managing Exchange Active Sync -Praveen Tags: 
|
Read In
Popular
ARCHIVES
- ► 2012 (6)
- ► 2011 (24)
- ► 2010 (31)
VISITORS
Your IP: 38.107.179.209
,
Follow Us
Comments
RSS feed for comments to this post