7/31/2019 EAS Policies

1/14

Exchange ActiveSync

Polices

Jack Suze

5/11/2012

7/31/2019 EAS Policies

2/14

2 | P a g e

Contents

Introduction .................................................................................................................................................. 3

Steps to create a Exchange ActiveSync Mailbox Policy ................................................................................ 3

Configuring policies (enabling & disabling) ................................................................................................... 6

General ...................................................................................................................................................... 6

Password ................................................................................................................................................... 7

Sync Settings ............................................................................................................................................. 8

Device ........................................................................................................................................................ 9

Device Applications ................................................................................................................................. 10

Other ....................................................................................................................................................... 11

Applying EAS Mailbox policy to a user ........................................................................................................ 13

7/31/2019 EAS Policies

3/14

3 | P a g e

IntroductionThis document describes a step by step process about how to create and apply Exchange ActiveSync server polices

on an Exchange Mailbox User.

Exchange Management Console (EMC) provides a provision to an admin to maintain different set of EAS policies to

various groups in an organization. For example, an admin can create an EAS mailbox policy exclusive to Sales group

in an organization or even to one user mailbox.

Steps to create a Exchange ActiveSync Mailbox Policy1. Open EMC2. Select Client Access by expanding Organization Configuration in the Console Tree3. Go to Exchange ActiveSync Mailbox Policies tab in the Result pane

4. Click on New Exchange ActiveSync Mailbox Policy in the Action pane5. It opens a New Exchange ActiveSync Mailbox Policy wizard screen6. Give a Mailbox policy name and click on New button

7/31/2019 EAS Policies

4/14

4 | P a g e

7. Click on Finish in Complete wizard screen

7/31/2019 EAS Policies

5/14

5 | P a g e

8. The above newly created EAS Mailbox Policy will be displayed in Exchange ActiveSync Mailbox Policiestab in the Result pane

7/31/2019 EAS Policies

6/14

6 | P a g e

Configuring policies (enabling & disabling)EAC provides various categories of tabs to control the EAS provisioned device. Select the above created policy (QA)

and click Properties in Action pane

General

Use the Generaltab to specify types of mobile phones that can connect to the Exchange server

Allow non-provisionable devices Select this check box to allow mobile phones that can't be provisionedautomatically. These mobile phones may be unable to enforce all the Exchange ActiveSync policy settings.

By selecting this box, you're allowing these mobile phones to synchronize even though some policy

settings may not be applied.

Refresh interval Select this check box to force the server to resend the policy to clients at a fixed intervaldefined in the number of hours between policy refresh events.

7/31/2019 EAS Policies

7/14

7 | P a g e

Password

Use the Passwordtab to set password requirements for Exchange ActiveSync clients.

Require password Select this checkbox to require a password for the mobile phone. If passwords arerequired, the following options become available.

Require alphanumeric password Select this check box to specify that the mobile phone password mustinclude non-numeric characters. Requiring non-numeric characters in passwords increases the strength of

password security.

Minimum number of character sets Use this text box to specify the complexity of the alphanumericpassword and force users to use a number of different sets of characters from among the following: lower

case letters, upper case letters, symbols and numbers.

Enable password recovery Select this check box to enable password recovery for the mobile phone.Users can use Outlook Web App to look up their recovery password and unlock their mobile phone.

Administrators can use the EMC to look up a user's recovery password.

Require encryption on device Select this check box to require encryption on the mobile phone. Thisincreases security by encrypting all information on the mobile phone.

Require encryption on storage cards Select this check box to require encryption on the mobile phonesremovable storage card. This increases security by encrypting all information on the storage cards for the

mobile phone.

Allow simple password Select this check box to allow users to lock their mobile phones with simplepasswords such as 1111 or 1234. If you clear this check box, users will be required to use more secure

password sequences.

7/31/2019 EAS Policies

8/14

8 | P a g e

Number of failed attempts allowed Use this text box to limit the number of failed password attempts amobile phone accepts before all information on the mobile phone is deleted and the mobile phone is

automatically returned to the original factory settings. This reduces the chance of an unauthorized user

accessing information on a lost or stolen mobile phone that has a password.

Minimum password length Use this text box to specify a minimum password length for the mobilephone password. Long passwords can provide increased security. However, long passwords can decrease

mobile phone usability. A moderate password length of four to six characters is recommended. Time without user input before password must be re-entered (in minutes) When a mobile phone

password is required, you can use this text box to prompt the user for the password after the mobile

phone has been inactive for a specified period of time. For example, if this setting is set to 15 minutes, the

user must enter the mobile phone password every time that the mobile phone is idle for 15 minutes. If

the mobile phone is idle for 10 minutes, the user won't have to re-enter the password.

Password expiration (days) Use this text box to force users to reset their mobile phones password at agiven interval. The interval is set in a number of days.

Enforce password history Select this check box to force the mobile phone to prevent the user from re-using their previous passwords. The number you set determines how many past passwords the user won't

be allowed to reuse.

Sync SettingsUse the Sync Settings tab to specify a variety of synchronization-specific settings.

Include past calendar items Use this drop-down list to select the date range of calendar items tosynchronize to the mobile phone. The available options include the following: All, Two Weeks, One

Month, Three Months, and Six Months. If you have to specify other options, use the Shell to configure

this setting.

7/31/2019 EAS Policies

9/14

9 | P a g e

Include past e-mail items Use this drop-down list to select the date range of e-mail items to synchronizeto the mobile phone. The available options include the following: All, One Day, Three Days, One Week,

Two Weeks, and One Month. If you have to specify other options, use the Shell to configure this setting.

Limit e-mail size to (KB) Select this check box to limit the message size that can be downloaded to themobile phone. After you've selected the check box, use the text box to specify a maximum message size,

in kilobytes (KB).

Allow Direct Push when roaming Select this check box to enable the mobile phone to synchronize asnew items arrive when you're roaming with your phone. You're roaming when you're outside your normal

service area. Check with your mobile service provider to determine your normal service area. Clearing this

check box forces you to manually launch synchronization when you're roaming with the phone and data

rates are traditionally higher.

Allow HTML-formatted e-mail Select this check box to enable e-mail messages that are formatted inHTML to be synchronized to the mobile phone. If this check box isn't selected, all e-mail messages will be

converted to plain text before synchronization. Use of this check box doesn't affect whether or not

messages are received on the mobile phone.

Allow attachments to be downloaded to device Select this check box to enable attachments to bedownloaded to the mobile phone. If this check box is cleared, the name of the attachment is visible within

the e-mail message but can't be downloaded to the mobile phone.

Maximum attachment size (KB) Select this check box to specify a maximum size for attachments that aredownloaded to the mobile phone. After you select the check box, use the text box to enter a maximum

attachment size, in KB. If this check box is selected, attachments that are larger than the specified size

can't be downloaded to the device.

Device

Use the Device tab to specify a variety of device-specific settings. All settings that you access on the Device tab of

the Exchange ActiveSync policy Properties page are premium features of Exchange ActiveSync. For these features

to be implemented on a mobile phone, the mailbox requires an Exchange Enterprise client access license (CAL).

7/31/2019 EAS Policies

10/14

10 | P a g e

Allow removable storage Select this check box to allow storage cards to be accessed from a mobilephone. If this check box isn't selected, storage cards can't be accessed from a mobile phone.

Allow camera Select this check box to allow the mobile phone camera to be used. Allow Wi-Fi Select this check box to allow the mobile phone to use a Wi-Fi connection for Internet

access. Direct Push isn't supported over Wi-Fi.

Allow infrared Select this check box to allow the mobile phone to establish an infrared connection withother devices or computers.

Allow Internet sharing from device Select this check box to allow another device to share the Internetconnection of the mobile phone. Internet sharing is frequently used when the device functions as a

modem for a laptop or desktop computer.

Allow remote desktop from device Select this check box to allow the mobile phone to establish aremote desktop connection to another computer.

Allow desktop synchronization Select this check box to allow the mobile phone to synchronize with adesktop computer through desktop ActiveSync or the Windows Mobile Device Center.

Allow Bluetooth Use this drop-down list to control the Bluetooth functionality of the mobile phone. Youcan choose to Allow, Disable, or enable Bluetooth for Handsfree only.

Device Applications

Use the Device Applications tab to enable or disable specific features on a mobile phone. All settings that youaccess on the Device Applications tab of the Exchange ActiveSync policy Properties pages are premium features of

Exchange ActiveSync. For these features to be implemented on a mobile phone, the mailbox requires an Exchange

Enterprise client access license (CAL).

7/31/2019 EAS Policies

11/14

11 | P a g e

Allow browser Select this check box to allow mobile phones to use Pocket Internet Explorer. (It does notcontrol access to third-party mobile phone browsers)

Allow consumer mail Select this check box to allow the mobile phone to access e-mail accounts otherthan Microsoft Exchange accounts. Consumer e-mail accounts include accounts that are accessed through

POP3 and IMAP4. (It does not control access to third-party mobile phone e-mail applications)

Allow unsigned applications Select this check box to allow unsigned applications to be installed on themobile phone.

Allow unsigned installation packages Select this check box to allow unsigned installation packages to berun on the mobile phone.

Other

Use the Other tab to specify allowed and blocked applications. All settings that you access on the Other tab of the

Exchange ActiveSync policy Properties pages are premium features of Exchange ActiveSync. For these features to

be implemented on a mobile phone, the mailbox requires an Exchange Enterprise client access license (CAL).

Allowed Applications You can add applications to or remove them from the Allowed Applications list.Allowed applications can be installed and run on the mobile phone. Click Add to add an application, and

click Delete to remove an application.

7/31/2019 EAS Policies

12/14

12 | P a g e

Blocked Applications You can add applications to or remove them from the Blocked Applications list.Blocked applications are prohibited from running on the mobile phone. Click Add to add an application,

and click Delete to remove an application.

7/31/2019 EAS Policies

13/14

13 | P a g e

Applying EAS Mailbox policy to a user1. Navigate to Recipient ConfigurationMailbox in Console tree2. Select a user or multiple users on whom policies to be applied in Result pane

3. Click on Properties in the Action pane to set selected user properties4. Click on Mailbox Features in User Properties window

7/31/2019 EAS Policies

14/14

14 | P a g e

5. Double click on Exchange ActiveSync in Mailbox Features6. Click on Browse button to choose an Exchange ActiveSync Mailbox Policy from the available list of

policies.

7. Select ActiveSync Mailbox Policy from the list of policies and click on OK for three times to apply chosenpolicy to a user. Ex: QA