Exchange ActiveSync Considerations When Using Windows Phone 7 Clients

Exchange ActiveSync Considerations When Using Windows Phone 7 Clients


This Exchange TechNet Wiki page contains information about using Windows Phone 7 based Exchange ActiveSync clients in an Exchange enterprise environment.


note Note

If you look for information around what EAS policies are supported by non-Windows Phone 7 devices, see the Exchange ActiveSync comparison table.





Supported Exchange ActiveSync Policies

Its important to note that Windows Phone 7 devices only support a subset of the Exchange ActiveSync (EAS) policies available with Exchange 2003 SP2, Exchange 2007, and Exchange 2010. Currently, Windows Phone 7 supports the following EAS policies:

  • Password Required (this is the only policy available on Exchange 2003 SP2) 
  • Minimum Password Length
  • Idle Timeout Frequency Value
  • Device Wipe Threshold
  • Allow Simple Password
  • Password Expiration
  • Password History

The following policies will always return "TRUE" (see table later on this page):  

  • Disable Removable Storage
  • Disable IrDA
  • Disable Desktop Sync
  • Block Remote Desktop
  • Block Internet Sharing

If you want to use EAS policies not on the above list for other mobile devices in the Exchange organization, you have the following options:

  • Create a dedicated Windows Phone 7 EAS policy and associate it with mailbox users that use Windows Phone 7 devices.
  • Set the AllowNonProvisionableDevices property to true in the default EAS policy already configured.
  • Re-configure the default EAS policy within the Exchange organization, so it only has the policies listed above configured.

Note
When using multiple EAS accounts with policies set, the policies will be merged to a most restrictive resultant set.

For specific error messages received when trying to synchronize a Windows Phone 7 device with an Exchange organization that doesn't respect one of the above options, see Windows Phone 7 fails to synchronize with error 0x85010013 or 0x8600C2B when connecting to Microsoft Exchange Server.


Supported Mail & Calendar features


Features in Windows Phone 7 RTM:
  • Exchange ActiveSync version 14.0
  • DirectPush
  • Multiple Exchange ActiveSync accounts
  • Multiple Exchange ActiveSync policies
  • Exchange Autodiscover Service
  • Remote Device Wipe (by user or admin)
  • E-mail & calendar features
    • Colored calendars for easy overview of appointments (personal/work/etc.)
    • Pivot All, Unread, urgent or flagged(aka smart filtering)
    • Multi-message actions (delete or move multiple messages to a folder & flag or mark as read/unread)
    • Nickname cache sync (shared with OWA 2010 and Outlook 2010)
    • Tightly integrated e-mail and calendar

Features not in Windows Phone 7 RTM:

  • Conversation view & action
  • In-line replies/comments
  • Access to online archive mailbox
  • Synchronize SMS messages between device and mailbox (via ActiveSync)
  • Enable or edit Out of Office settings (OOF)
  • View free/busy information for other Exchange users
  • Search for e-mail message in mailbox on Exchange server
  • Warning when multiple bad PIN codes has been entered
  • PIN code phrase challenge
  • Support for UM cards (read a preview of a voice mail)
  • Integrated voice mail player
  • IRM support  
  • Synchronize Outlook notes (you can synchronize OneNote Notes though)
  • Different Peak/Off-peak synchronization schedules

Tip
Did you know you can access your mailbox using the OWA Premium version from Internet Explorer on a Windows Phone 7 device? To do so you need to enable "Desktop version" under "Website preference" on the Internet Explorer "Settings" page. The UI experience is actually quite good since you can zoom in on the navigation pane and specific settings in the Exchange Control Panel (ECP). It's easy to access the archive mailbox and enable or edit OOF settings etc.


Supported Exchange Server Versions

  • Exchange Server 2010
  • Exchange Server 2007
  • Exchange Server 2003 SP2
  • Exchange 2007 Online (BPOS)
  • Exchange 2010 Online (Office 365)

Important
Although Exchange Server 2003 SP2 is supported, there's currently an issue with searching the GAL from a Windows Phone 7 device against this Exchange version. Read more in the following KB article: You Cannot Search the Global Address List with Windows Phone 7 when connecting to Exchange Server 2003.


Why All These Missing Enterprise Features?

It's important to note that Windows Phone 7 (WP7) primarily was developed as a consumer device and not an enterprise device. As a result there of many of the enterprise oriented features we had in Windows Mobile 6.x aren't available in WP7. However, now that WP7 is out, the Windows Phone 7 team can focus on improving WP7 further and they already do. In addition, since it's now possible to push out updates via the new "Phone Update" feature, it doesn't mean that you necessarily need to buy a new device or wait for the service provider to release a new build in order to benefit from features added after you got a WP7 device.


What Features Can We Expect in Mango (WP 7.5)

New Exchange ActiveSync Policies:

  • Complex passwords (including alphanumeric passwords)

New e-mail specific features:

  • Lync Client
  • Office 365 integration
  • Pinnable e-mail folders
  • Conversation View
  • Server Search

  • Tasks synchronization

Exchange Server Comparison Tables

The following table lists the EAS policies supported when synchronizing Windows Phone 7 devices with each Exchange Server version:

 Exchange ActiveSync Policy Support

 EAS Policy:

Exchange 2003 SP2

Exchange 2007

Exchange 2010

PasswordRequired

Yes

Yes

 Yes

PasswordExpiration

No

Yes

 Yes

PasswordHistory

No

Yes

 Yes

AllowSimplePassword

No

Yes

 Yes

MinPasswordLength

No

Yes

 Yes

IdleTimeoutFrequencyType

No

Yes

 Yes

DeviceWipeThreshold

No

Yes

 Yes

DisableRemoveableStorage

Always returns TRUE (Windows Phone 7 doesn’t support removable storage).

DisableIrDA

Always returns TRUE (Windows Phone 7 doesn’t include infrared transmissions capabilities).

DisableDesktopSync

Always returns TRUE (Windows Phone 7 doesn’t support synchronization with desktop Outlook, only media sync via Zune).

BlockRemoteDesktop

Always returns TRUE (Windows Phone 7 doesn’t support remote desktop functionality).

BlockInternetSharing

Always returns TRUE (Windows Phone 7 doesn’t support network sharing from device).

AuthenticationReset

Always returns TRUE (optional)

MobileEncryptionRemovable

Always returns FALSE (Windows Phone 7 doesn’t support device encryption or removable storage).

MobileEncryptionEnabled

Always returns FALSE (Windows Phone 7 doesn’t support device encryption).

EnableDeviceEncryption

Always returns FALSE (Windows Phone 7 doesn’t support device encryption).

AllowUnsignedApplications

Always returns FALSE (applications must be signed and installed via MarketPlace)

UnsignedCABAccessRole

Always returns FALSE (apps must be installed via MarketPlace).

AlphanumericDevicePasswordRequired

Always returns FALSE (Windows Phone 7 doesn’t support alphanumeric passwords).

MinDevicePasswordComplexCharacters

Always returns FALSE (Windows Phone 7 doesn’t support alphanumeric passwords).

UnapprovedApplicationList

Always returns FALSE (apps must be installed via MarketPlace).

ApprovedApplicationList

Always returns FALSE (apps must be installed via MarketPlace).

AllowHTMLEmail

Always returns FALSE (Windows Phone 7 uses HTML for e-mail but plain text e-mail can be received and read).

SyncWhenRoaming

Always returns FALSE (Users have control over the synchronization options).

All other EAS policies not explicitly mentioned

Always returns FALSE


The following table lists the EAS features supported when synchronizing Windows Phone 7 devices with each Exchange Server version:

Exchange ActiveSync Feature Support 

 EAS Features:

Exchange 2003 SP2

Exchange 2007

Exchange 2010

Direct Push

Yes

Yes

 Yes

Email sync

Yes

Yes

 Yes

Calendar sync

Yes

Yes

 Yes

Contacts sync

Yes

Yes

 Yes

Remote wipe

Yes

Yes

 Yes

Sync multiple folders

Yes

Yes

 Yes

128-bit SSL encrypted transmission

Yes

Yes

 Yes

User initiated remote wipe

No

Yes

 Yes

Link Access

No

Yes

Yes

HTML Mail

No

Yes

Yes

GAL Lookup

  No 1

Yes

Yes

Follow-up flags

No

Yes

Yes

Meeting attendee information

No

Yes

Yes

Autodiscover

No

Yes

Yes

Bandwidth reductions

No

Yes

Yes

Reply state

No

No

Yes

Nickname cache

No

No

Yes

Block/Allow/Quarantine List

No

No

Yes

Allow attachment download

No

No

Yes

256-bit SSL encrypted transmission

No

No

Yes



1 Windows Phone 7 cannot resolve addresses within Global Address List (GAL) on an Exchange 2003 server. For more information see the following KB article: You Cannot Search the Global Address List with Windows Phone 7 when connecting to Exchange Server 2003.



See Also

Another important place to find a huge amount of Windows Phone related articles is the TechNet Wiki itself. The best entry point is Windows Phone Resources on the TechNet Wiki.


Community Resources

 

Sort by: Published Date | Most Recent | Most Useful
Comments
  • Hi Henrik.

    Just to be sure that I do understand what you are saying: This means that ex. Encryption requirements published using EAS.policies does not work on the Win7 phone?!

    Well my boss specifically asked the Danish Chief of the Windows Phone Division, Henrik Koelle, about this yesterday, after you published your article. He stated that simple (not blowfish) encryption will of course still be possible to manage through EAS-policies. Furthermore he stated that there where "several" other shortcomings in your list (don't know what he was referring to).

    For us as a company this issue is actually quite important because the lack of forced encryption is one of the major reason why we do allow some smartphones to connect to our Exchange server. maybe you can verify or even better yet, state which EAS-options will NOT be supported on the new win 7 phone?

    Best regards

    Jorgen D.

  • Hi Jørgen, yes built-in applications doesn't support any form of encryption which also means the native EAS client on the WP7 phone doesn't support the device and storage card encryption policies. But there are other security mechanisms in place that for instance doesn't let someone access the data on a storage card using another phone etc.

    But the way to protect your mobile device data is by enforcing passwords and remote wipe policies on these devices. Using a combination of these two policies should provide sufficient protection.

    If you insist on using encryption, I huess you would need to use a 3rd party solution such as the one from Good Technology.

    PS

    I emailed Henrik Kølle as well...

    Henrik  

  • Are there any news which Exchange ActiveSync Policies will make it to the update for Windows Phone 7 in the first quarter of 2010? We are interested in Windows Phone 7 but at the moment there are far too many ActiveSync Policies relating to security which are not supported. We would at least need all policies up to Exchange ActiveSync 12.1 - Exchange Server 2007 SP1 to be supported.

  • The WP7 team aren't yet sharing this information internally or externally...

    Henrik

  • All do respect Henrik...  THEY (MS WP7 team).. need to start sharing some of this information...  We in IT are trying to make decisions and decide on directions for the future.. and its utterly impossible without all the relevant information !

    So.. I guess we'll stick with Blackberry  for at least the next two years ..  since MS doesnt support their own server policies and wont "share" that information..    

    Good luck with it.

  • Any chance we get HTML e-mail support for Windows Phone 7 and Exchange 2003 SP2? Maybe in an upcoming Service Pack release? Currently we cannot upgrade to 2007 or 2010 for various reasons. Thanks.

  • This page needs to be updated. With the release of the NoDo update, users with an Exchange 2003 SP2 account can search the GAL. That is an important update. Also, if you had a Exchange 2003 account setup on a pre-NoDo device, to enable the GAL search functionality, you need to re-accept the account settings. A sync alone won't enable the function.

  • Hi Henrik,

    We're having some difficulty with understanding and configuring "Multiple Exchange ActiveSync accounts" from Windows Phone 7, iPhone and Android devices - perhaps what we are hoping to do is not supported.

    Ideally we would like to configure the same user credentials (ie same username, domain and webserver) to activesync to two different mailboxes (different email addresses within the same domain) within the same AD / Exchange organisation on the same Exchange 2003 server. For example, the first Exchange 'account' would be the users personal mailbox / email account, the second Exchange account might be an organisation's shared mailbox / calendar that contained organisational events, or perhaps even a second mailbox to whom the user was delegated access to manage. The first mailbox would be 'attached to the users AD object, the second mailbox would be accessible to the user by virtue of rights granted to the users AD object.

    We are able to successfully configure activesync from the Windows Phone 7 device to the first mailbox. However, we are not able to configure a second 'exchange account' on the Windows Phone 7 using the same userid specified to connect to the first mailbox - instead, the second exchange account results in an identical replica of the first exchange account.

    It seems to us that activesync on WP7, iPhone, and Android devices all rely on the Exchange mailbox associated with the username - rather than the email address specified in the active sync connection - to determine the mailbox to be connected to. This seems counterintuitive to us because we understand that the same active directory username and password can be used to access many different mailboxes (or email addresses) - assuming the username has rights to access the mailbox).

    We understand that this issue would not be a problem if we were attempting to access the primary mailbox of two different users in two different organisations. However, we think it is a reasonably common requirement for a single person to need to access multiple exchange mailboxes within the same Exchange Organisation / Server. At this stage, we're uncertain as to whether this is technically possible (and we simply don't understand how to configure the device (or maybe an AD attribute), or whether the senario was never envisaged and is not currently provided for.

    Any assistance or direction would be greatly appreciated.

  • It would be really nice to see SMS Activesync in WP7 in Mango.

  • Any word on new EAS support? And then specifically on Device Encryption? I work for one of the larger MS partners in the Netherlands, and from September 1st our internal IT department will ban all WP7 (and some other) devices because they do not currently support this.

    Apparently they are doing this for some upcoming EU law which basicly says that companies that host/have access to customer data, have to have this encryption. Being an IT company we obviously host a lot of data for multiple customers.

    I am not sure if the EU law becomes active on September 1st, but it should be then or a bit later. Anyway, hope device encryption will be added.

Page 1 of 2 (16 items) 12