Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-06-12

By default, when you install the Client Access server role on a computer that is running Microsoft Exchange Server 2007, you enable Microsoft Exchange ActiveSync. Exchange ActiveSync lets you synchronize a mobile device with your Exchange 2007 mailbox.

Overview of Exchange ActiveSync

Exchange ActiveSync is an Microsoft Exchange synchronization protocol that is optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML, lets devices such as browser-enabled cellular telephones or Microsoft Windows Mobile® powered devices access an organization's information on a server that is running Microsoft Exchange. Exchange ActiveSync enables mobile device users to access their e-mail, calendar, contacts, and tasks and to continue to be able to access this information while they are working offline.

Note:
Exchange ActiveSync can synchronize e-mail messages, calendar items, contacts, and tasks. You cannot use Exchange ActiveSync to synchronize notes in Microsoft Outlook.

New Features in Exchange ActiveSync

Exchange ActiveSync has been enhanced in Exchange Server 2007. The following are some of the new and enhanced features:

  • Support for HTML messages

  • Support for follow-up flags

  • Support for fast message retrieval

  • Meeting attendee information

  • Enhanced Exchange Search

  • Windows SharePoint Services and Universal Naming Convention (UNC) document access

  • PIN reset

  • Enhanced device security through password policies

  • Autodiscover for over the air provisioning

  • Support for Out of Office configuration

  • Support for tasks synchronization

  • Direct Push

Note:
The ability to use Autodiscover depends on the mobile device operating system that you are using. Not all mobile device operating systems that support synchronization with Exchange Server 2007 also support Autodiscover. For more information about which operating systems support Autodiscover, contact the manufacturer of your mobile device.
Note:
Many of these features require the use of the latest version of Windows Mobile that is currently in development.

For more information about the new features in Exchange ActiveSync, see Client Features in Exchange ActiveSync.

Managing Exchange ActiveSync

By default, Exchange ActiveSync is enabled. All users who have an Exchange mailbox can synchronize their mobile device with the Microsoft Exchange server.

You can perform the following Exchange ActiveSync tasks:

  • Enable and disable Exchange ActiveSync for users

  • Set policies such as minimum password length, device locking, and maximum failed password attempts

  • Initiate a remote wipe to clear all data off a lost or stolen device

  • Run a variety of reports for viewing or exporting into a reporting solution

Security in Exchange ActiveSync

You can configure Exchange ActiveSync to use Secure Sockets Layer (SSL) encryption for communications between the Exchange server and the mobile device client. Certificate-based authentication works with a self-signed certificate, a certificate from an existing public key infrastructure, or a third-party commercial certificate. You can use certificate-based authentication together with other security features, such as local device wipe and a device password, to turn the mobile device into a smartcard. The private key and certificate for client authentication are stored in memory on the device. If an unauthorized user tries to bypass the device password, all user data is purged. This includes the certificate and private key. For more security, you can deploy RSA SecurID two-factor authentication on the Exchange server.

Device Security Features in Exchange ActiveSync

In addition to the ability to configure security options for communications between the Exchange server and your mobile devices, Exchange ActiveSync offers the following features to enhance the security of mobile devices:

  • Remote wipe   If your device is lost, stolen, or otherwise compromised, you can issue a remote wipe command from the Exchange Server computer or from any Web browser by using Microsoft Office Outlook Web Access. This command erases all data from the mobile device.

  • Device password policies   Exchange ActiveSync lets you configure several options for your device password. These options include the following:

    • Minimum password length (characters)   This option specifies the length of the password for the device. The default length is four characters, but can include as many as 18.

    • Require alphanumeric password   This option determines password strength. You can enforce the usage of a character or symbol in the password in addition to numbers.

    • Inactivity time (seconds)   This option determines how long the device must be inactive before the user is prompted for a password to unlock the device.

    • Wipe device after failed (attempts)   This option lets you specify whether you want the device memory wiped after multiple failed password attempts.

For More Information