In our last blog entry we gave an introduction into the different issues regarding mobility management.  Most company managers tend not to think about governance issues with mobile phones because it is very difficult to manage all of the different devices their organizations may have; however, your organization may have a robust mobile management package without even realizing it, Microsoft Exchange.

Microsoft first introduced integrated mobile messaging support in Exchange Server 2003. This provided Exchange customers with a low-cost, easy-to-manage mobile messaging solution as part of their Exchange deployments. Microsoft has continued this pattern with the subsequent releases of Exchange Server 2003 Service Pack 2 and Exchange 2007.

Advantages of Exchange Mobility

There are four key advantages to the implementation of mobile messaging in the Exchange Server product family:

• Exchange mobility reduces costs. Support for mobile messaging is included as part of the server. There is no additional cost for this functionality. No additional server software is required, and users who are already licensed to use Exchange don’t need additional client licenses. Mobility management is integrated with the same familiar user, server, and system management tools that administrators already know how to use, so training and management costs are minimized.
• Exchange mobility is highly scalable. Microsoft has carefully tuned Exchange Server 2003 and Exchange 2007 to provide industry-leading scalability. This tuning extends to the Exchange ActiveSync implementation, which provides efficient communications between client and server. Unlike other mobile messaging servers which rapidly require the addition of more servers (both third-party mobile servers and core messaging servers) as the mobile user base expands, Exchange uses the same servers for mobility as well as OWA and Outlook Anywhere.
• Exchange mobility supports many different devices. Microsoft provides client support for Exchange ActiveSync in its own Windows Mobile operating system, and has licensed the Exchange ActiveSync protocol to other device and software manufacturers, including DataViz, Nokia, Palm, Apple , Google, and Symbian. This provides your company an even broader choice of device styles, types, sizes, and capabilities.
• Exchange mobility provides policy and security enforcement. The Exchange ActiveSync protocol includes tools for policy and security management, including remote device wipe, password strength and age restrictions, and password-based device locking and lockout. The EAS protocol delivers policies to the device, where device-based software can enforce and control them.

Direct Push

The versions of EAS supported in Exchange Server 2003 Service Pack 2 and Exchange 2007 use a significantly different technology called Direct Push to synchronize with mobile devices. Direct Push uses a client-created HTTPS connection to the server. The mobile device creates a connection and keeps it open for a duration known as the heartbeat interval, sending an initial synchronization request when the connection is opened. The server can then take several synchronization actions.  The great thing is that the mobile device is not constantly checking the server for items; the server only pushes items to the device when they are available.  This keeps the device battery from running down.

Device Security Policy

Exchange Server  has the capability to create security policies that are delivered to the client device through Exchange ActiveSync. The device implements the policy and takes action when it receives the policy information from the server. Different devices have differing levels of support for EAS policies, which can specify several aspects of device security:

• Whether or not a device must be locked with a personal identification number (PIN).
• The minimum length of the PIN.
• Whether the PIN can be numeric-only or alphanumeric.
• Whether failed PIN entry attempts should trigger a local device wipe.
• How often policy settings are reapplied to the device.
• Whether data must be encrypted or not.

Local and Remote Device Wipe

When a mobile device is lost or stolen, the potential risk can be significant. Mobile devices often contain sensitive business data, including personally identifiable information of employees and customers, sensitive e-mail messages, and other items whose compromise can have a negative impact. Exchange ActiveSync addresses this risk by providing two levels of device wipe capability.

Local device wipes are triggered when a user incorrectly enters a PIN more than a specified number of times (the policy default is 8 times, but the administrator can adjust this value). After each two missed attempts, the device displays a confirmation prompt that requires the user to type a confirmation string (usually “A1B2C3”). This prevents the device from being wiped by accidental key presses. Once the PIN retry limit is reached, the device immediately wipes itself, erasing all local data.

Remote wipes occur when the administrator issues an explicit wipe command through the Exchange Mobile Admin tool; in Exchange 2007, users can also issue wipe commands for their own devices from within Outlook Web Access. Remote wipe operations are separate from local wipes, and a device can be wiped remotely even if EAS policies are in use. The device user doesn’t have the ability to opt out of the remote wipe. Wiping the device remotely has the effect of performing a factory or “hard” reset; all programs, data, and user-specific settings are removed from the device.

Conclusion

Mobile devices offer a powerful way for people to be more productive and flexible in how they work. Microsoft Exchange Server provides powerful, built-in mobile messaging capability that includes security policy management, device lockout and wipe, and full synchronization for calendar, contact, task, and e-mail data. With a broad array of licensees who support the Exchange ActiveSync protocol, your organization can find the right form factor and capability of mobile device for their needs, all supported by the mature, reliable Exchange Server product line.