Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-05-30

Microsoft Exchange Server 2007 builds on earlier versions of Microsoft Exchange to provide a high level of messaging security. This includes integration with Internet Security and Acceleration (ISA) Server 2006 in addition to new features for client access by using Microsoft Exchange ActiveSync and Microsoft Office Outlook Web Access. This topic describes the new security features that are available for Exchange 2007. The following table describes each feature and provides links to more information about each feature.

New security features in Exchange 2007

Feature name Description For more information

ISA Server 2006 integration

Microsoft ISA Server 2006 and Exchange 2007 are designed to work closely together in your network to provide a more secure messaging environment.

  • Remote device wipe

If a user's mobile device is lost, stolen, or otherwise compromised, you can issue a remote device wipe command from the Exchange server or from any Web browser by using Outlook Web Access. This command erases all data from the mobile device.

  • Exchange ActiveSync policies

Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users. Exchange ActiveSync mailbox policies can be created in the Exchange Management Console or the Exchange Management Shell. You can use Exchange ActiveSync mailbox policies to manage a variety of settings. These include the following settings:

  • Require a password

  • Specify the minimum password length

  • Require a number or special character in the password

  • Designate how long a device can be inactive before the user is required to reenter a password

  • Wipe a device after a specific number of failed password attempts

  • WebReady Document Viewing

WebReady Document Viewing lets users access file attachments in Outlook Web Access. Users can access common file types such as Microsoft Office Word documents without having the application installed.

  • Access to Windows SharePoint Services document libraries and Windows file shares

By using Outlook Web Access, you can access remote files that are stored on Windows SharePoint Services and Windows file share (also known as UNC) servers. You can configure how users interact with files on these servers by using the Allow and Block options in the Exchange Management Console. This means that you can specify which servers your users can access. You can also specify the behavior for Windows SharePoint Services and Windows file share servers that have not been specifically allowed or blocked when users try to access them by using Outlook Web Access.

  • Direct file access

In addition to file access within Outlook Web Access, you can also configure how users interact with files by using the Allow, Block, or Force Save options for direct file access in the Exchange Management Console. This means that you can specify the types of files that users can access. More important, you can directly specify which types of files are prohibited.

  • Segmentation of features in Outlook Web Access

Segmentation lets you enable and disable features that are available to users in Exchange 2007 Outlook Web Access. By default, any mail-enabled user in your Exchange 2007 organization can access their mailbox by using Outlook Web Access. Depending on the needs of your organization, you can use segmentation to configure the following restrictions for user access:

  • Restrict access to Outlook Web Access for specific users.

  • Control access to certain Outlook Web Access features for specific users.

  • Disable an Outlook Web Access feature completely.

Controlling Web beacons and HTML forms in messages

In Outlook Web Access, an incoming e-mail message that has any content that can be used as a Web beacon prompts Outlook Web Access to display a warning message to the user to inform them that the content has been blocked. This occurs regardless of whether the message actually contains a Web beacon, If a user knows that a message is legitimate, they can enable the blocked content. If a user does not recognize the sender or the message, they can open the message without unblocking the content and then delete the message without triggering beacons. If your organization does not want to use this feature, you can disable the blocking option for Outlook Web Access.

For More Information

For more information about Outlook Web Access security features, see Understanding Security for Outlook Web Access.

For more information about Exchange ActiveSync security features, see Understanding Security for Exchange ActiveSync.