Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-01-06

In Microsoft Exchange Server 2010, you can create Microsoft Exchange ActiveSync mailbox policies to apply a common set of policies or security settings to a collection of users. After you deploy Exchange ActiveSync in your Exchange 2010 organization, you can create new Exchange ActiveSync mailbox policies or modify existing policies. This topic discusses Exchange ActiveSync mailbox policies and how they can be managed in your Exchange 2010 organization.

Looking for management tasks related to Exchange ActiveSync policies? See Managing Exchange ActiveSync with Policies.

Windows Phone 7 mobile phones only support a subset of all Exchange ActiveSync mailbox policy settings. For a complete list, see Windows Phone 7 Synchronization.

Overview of Exchange ActiveSync Mailbox Policies

You can use Exchange ActiveSync mailbox policies to manage many different settings. These include the following:

  • Require a password

  • Specify the minimum password length

  • Require a number or special character in the password

  • Designate how long a device can be inactive before requiring the user to re-enter a password

  • Wipe a device after a specific number of failed password attempts

For more information about all the settings you can configure, see Set-ActiveSyncMailboxPolicy.

Managing Exchange ActiveSync Mailbox Policies

After you install the Client Access server role on an Exchange 2010 computer, you can create, configure, and manage Exchange ActiveSync mailbox policies. After you create an Exchange ActiveSync mailbox policy, you can add users individually or add a filtered list of users to the policy using the Exchange Management Shell.

You can use the Exchange Management Console to manage some Exchange ActiveSync mailbox policy settings and the Shell to manage all the Exchange ActiveSync mailbox policy settings.

Windows Phone 7 Synchronization

If you have Windows Phone 7 mobile phones in your organization, these phones will experience synchronization problems if certain Exchange ActiveSync mailbox policy properties are configured. To allow Windows Phone 7 mobile phones to synchronize with an Exchange mailbox, either set the AllowNonProvisionableDevices property to True or only configure the following Exchange ActiveSync mailbox policy properties:

  • PasswordRequired

  • MinPasswordLength

  • IdleTimeoutFrequencyValue

  • DeviceWipeThreshold

  • AllowSimplePassword

  • PasswordExpiration

  • PasswordHistory

  • DisableRemovableStorage

  • DisableIrDA

  • DisableDesktopSync

  • BlockRemoteDesktop

  • BlockInternetSharing