How I can configure which folder are allowed to be sync
I want to allow only ActiveSync syncronization of calendar items (no e-mail syncroniztion).
The reason is to prevent data leakage if the mobile device is lost.
I could not find in the "Exchange ActiveSync Mailbox Policy" a way to control which elements of the mailbox are allowed to be sync.
I'm searching something similiar to the tab "Segmantation" in the "Outlook Web Access Mailbox Policy" (but with the option to disable E-mail).
I know that each user can define which folders to sync, but I want to enforce this in the Organization configuration level.
I'm working with Exchange2007 SP1.
Answers
Hi Yehezkel,
If you want to secure your device and prevent the data leakage in case the device is lost, Activesync mailbox policies can do the trick. It can enforce password, device/storage card encryption and ect... And you could use remote wipe if the device is lost.
http://technet.microsoft.com/en-us/library/bb123484.aspx
Keep in mind that some settings require an Enterprise CAL.
So far as I know, there is no way to allow device only sync calendar. If you would like to keep as less as mails can be sync to the device, you could use -maxemailagefilter switch of command Set-ActiveSyncMailboxPolicy
Set-ActiveSyncMailboxPolicy
http://technet.microsoft.com/en-us/library/bb123756.aspx
Thanks,
Elvis
- Marked As Answer byElvis Wei -MSFTMSFT, ModeratorTuesday, November 10, 2009 9:57 AM
- There isn't really an Exchange feature to control which mailbox elements will be synced. You can make some workarounds device side if you provision the settings by other means than the user typing them in. I don't know if you are familiar with xml provisioning, but building on this xml example:
http://msdn.microsoft.com/en-us/library/bb737364.aspx
By removing the "mail" characteristic it is not an option to synchronize mail. Keep in mind though that this will only work on Windows Mobile devices so unless you block other devices by some means there's nothing preventing a user from picking up an iPhone and sync their mail.
If you've got a tech savvy user they might be able to work around this limitation as well, so it's not "hackproof".
The only "easy" solution I can think of is implementing a third-party middleware solution for syncing, or getting out your Visual Studio and coding. Well, actually, a variation of third-party software is to use middleware for Mobile Device Management - you can then enforce policies on the devices, and implement mechanisms that will not let devices sync if they are not compliant. Either way it involves some work.
Regardless of this I would pursue the safeguarding of data through power-on-password, encryption, remote wipe, etc.- Marked As Answer byElvis Wei -MSFTMSFT, ModeratorTuesday, November 10, 2009 9:57 AM
All Replies
Hi Yehezkel,
If you want to secure your device and prevent the data leakage in case the device is lost, Activesync mailbox policies can do the trick. It can enforce password, device/storage card encryption and ect... And you could use remote wipe if the device is lost.
http://technet.microsoft.com/en-us/library/bb123484.aspx
Keep in mind that some settings require an Enterprise CAL.
So far as I know, there is no way to allow device only sync calendar. If you would like to keep as less as mails can be sync to the device, you could use -maxemailagefilter switch of command Set-ActiveSyncMailboxPolicy
Set-ActiveSyncMailboxPolicy
http://technet.microsoft.com/en-us/library/bb123756.aspx
Thanks,
Elvis
- Marked As Answer byElvis Wei -MSFTMSFT, ModeratorTuesday, November 10, 2009 9:57 AM
- There isn't really an Exchange feature to control which mailbox elements will be synced. You can make some workarounds device side if you provision the settings by other means than the user typing them in. I don't know if you are familiar with xml provisioning, but building on this xml example:
http://msdn.microsoft.com/en-us/library/bb737364.aspx
By removing the "mail" characteristic it is not an option to synchronize mail. Keep in mind though that this will only work on Windows Mobile devices so unless you block other devices by some means there's nothing preventing a user from picking up an iPhone and sync their mail.
If you've got a tech savvy user they might be able to work around this limitation as well, so it's not "hackproof".
The only "easy" solution I can think of is implementing a third-party middleware solution for syncing, or getting out your Visual Studio and coding. Well, actually, a variation of third-party software is to use middleware for Mobile Device Management - you can then enforce policies on the devices, and implement mechanisms that will not let devices sync if they are not compliant. Either way it involves some work.
Regardless of this I would pursue the safeguarding of data through power-on-password, encryption, remote wipe, etc.- Marked As Answer byElvis Wei -MSFTMSFT, ModeratorTuesday, November 10, 2009 9:57 AM
