Applies to: Exchange Server 2007
Topic Last Modified: 2007-06-21

Use the New Policy page in the New Exchange ActiveSync Mailbox Policy Wizard to create a new Exchange ActiveSync mailbox policy.

You can also use the Exchange Management Shell to create a new Exchange ActiveSync mailbox policy. For more information, see New-ActiveSyncMailboxPolicy (RTM).

To perform this procedure, the account you use must be delegated the following:

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

A mobile mailbox policy holds a group of settings for Microsoft Exchange ActiveSync. These settings include password, encryption, and attachment settings.

Mailbox policy name

Use this field to create a unique name for the policy.

Allow non-provisionable devices

Select this option to allow devices that cannot be provisioned automatically.

Allow attachments to be downloaded to device

Select this option to allow attachments to be downloaded to the device.

Require password

Select this option to require that users enter a password when they access their device. Then select from the following options:

  • Require alphanumeric password   Select this option to require that the device password include non-numeric characters.

  • Enable password recovery   Select this option to enable password recovery for the mobile device. Users can use Outlook Web Access to look up their recovery password and unlock their device. Administrators can use the Exchange Management Console to look up a user's recovery password.

  • Require encryption on device   Select this option to require device encryption. This increases security by encrypting all information about the device in addition to any storage cards.

  • Allow simple password Select this option to allow simple passwords such as 1111 to be used on the device.

  • Minimum password length   Select this option to specify a minimum length for the device password. Longer passwords can provide increased security. However, they can decrease device usability.

  • Time without user input before password must be re-entered   When a device password is required, you can select this option to prompt the user for the password after the device has been inactive for a specified period of time. For example, if this option is set to 15 minutes, the user will have to enter the device password every time that the device has not been used for 15 minutes or longer. If the device sits idle for 10 minutes, the user will not have to re-enter the password.

  • Password expiration (days) Select this option and enter a value to specify how frequently the device password will expire.

  • Enforce password history Enter a value in this text box to specify the number of past passwords stored in Active Directory. When a user creates a new password, they cannot reuse one of the stored passwords.

For More Information