This Exchange TechNet Wiki page contains information about using Windows Phone 7 based Exchange ActiveSync clients in an Exchange enterprise environment.
If you look for information around what EAS policies are supported by non-Windows Phone 7 devices, see the Exchange ActiveSync comparison table.
Its important to note that Windows Phone 7 devices only support a subset of the Exchange ActiveSync (EAS) policies available with Exchange 2003 SP2, Exchange 2007, and Exchange 2010. Currently, Windows Phone 7 supports the following EAS policies:
The following policies will always return "TRUE" (see table later on this page):
If you want to use EAS policies not on the above list for other mobile devices in the Exchange organization, you have the following options:
Note When using multiple EAS accounts with policies set, the policies will be merged to a most restrictive resultant set.
For specific error messages received when trying to synchronize a Windows Phone 7 device with an Exchange organization that doesn't respect one of the above options, see Windows Phone 7 fails to synchronize with error 0x85010013 or 0x8600C2B when connecting to Microsoft Exchange Server.
Features not in Windows Phone 7 RTM:
Important Although Exchange Server 2003 SP2 is supported, there's currently an issue with searching the GAL from a Windows Phone 7 device against this Exchange version. Read more in the following KB article: You Cannot Search the Global Address List with Windows Phone 7 when connecting to Exchange Server 2003.
It's important to note that Windows Phone 7 (WP7) primarily was developed as a consumer device and not an enterprise device. As a result there of many of the enterprise oriented features we had in Windows Mobile 6.x aren't available in WP7. However, now that WP7 is out, the Windows Phone 7 team can focus on improving WP7 further and they already do. In addition, since it's now possible to push out updates via the new "Phone Update" feature, it doesn't mean that you necessarily need to buy a new device or wait for the service provider to release a new build in order to benefit from features added after you got a WP7 device.
New Exchange ActiveSync Policies:
New e-mail specific features:
The following table lists the EAS policies supported when synchronizing Windows Phone 7 devices with each Exchange Server version:
Exchange ActiveSync Policy Support
EAS Policy:
Exchange 2003 SP2
Exchange 2007
Exchange 2010
PasswordRequired
Yes
PasswordExpiration
No
PasswordHistory
AllowSimplePassword
MinPasswordLength
IdleTimeoutFrequencyType
DeviceWipeThreshold
DisableRemoveableStorage
Always returns TRUE (Windows Phone 7 doesn’t support removable storage).
DisableIrDA
Always returns TRUE (Windows Phone 7 doesn’t include infrared transmissions capabilities).
DisableDesktopSync
Always returns TRUE (Windows Phone 7 doesn’t support synchronization with desktop Outlook, only media sync via Zune).
BlockRemoteDesktop
Always returns TRUE (Windows Phone 7 doesn’t support remote desktop functionality).
BlockInternetSharing
Always returns TRUE (Windows Phone 7 doesn’t support network sharing from device).
AuthenticationReset
Always returns TRUE (optional)
MobileEncryptionRemovable
Always returns FALSE (Windows Phone 7 doesn’t support device encryption or removable storage).
MobileEncryptionEnabled
Always returns FALSE (Windows Phone 7 doesn’t support device encryption).
EnableDeviceEncryption
AllowUnsignedApplications
Always returns FALSE (applications must be signed and installed via MarketPlace)
UnsignedCABAccessRole
Always returns FALSE (apps must be installed via MarketPlace).
AlphanumericDevicePasswordRequired
Always returns FALSE (Windows Phone 7 doesn’t support alphanumeric passwords).
MinDevicePasswordComplexCharacters
UnapprovedApplicationList
ApprovedApplicationList
AllowHTMLEmail
Always returns FALSE (Windows Phone 7 uses HTML for e-mail but plain text e-mail can be received and read).
SyncWhenRoaming
Always returns FALSE (Users have control over the synchronization options).
All other EAS policies not explicitly mentioned
Always returns FALSE
The following table lists the EAS features supported when synchronizing Windows Phone 7 devices with each Exchange Server version:
EAS Features:
Direct Push
Email sync
Calendar sync
Contacts sync
Remote wipe
Sync multiple folders
128-bit SSL encrypted transmission
User initiated remote wipe
Link Access
HTML Mail
GAL Lookup
No 1
Follow-up flags
Meeting attendee information
Autodiscover
Bandwidth reductions
Reply state
Nickname cache
Block/Allow/Quarantine List
Allow attachment download
256-bit SSL encrypted transmission
Hi Henrik.
Just to be sure that I do understand what you are saying: This means that ex. Encryption requirements published using EAS.policies does not work on the Win7 phone?!
Well my boss specifically asked the Danish Chief of the Windows Phone Division, Henrik Koelle, about this yesterday, after you published your article. He stated that simple (not blowfish) encryption will of course still be possible to manage through EAS-policies. Furthermore he stated that there where "several" other shortcomings in your list (don't know what he was referring to).
For us as a company this issue is actually quite important because the lack of forced encryption is one of the major reason why we do allow some smartphones to connect to our Exchange server. maybe you can verify or even better yet, state which EAS-options will NOT be supported on the new win 7 phone?
Best regards
Jorgen D.
Hi Jørgen, yes built-in applications doesn't support any form of encryption which also means the native EAS client on the WP7 phone doesn't support the device and storage card encryption policies. But there are other security mechanisms in place that for instance doesn't let someone access the data on a storage card using another phone etc.
But the way to protect your mobile device data is by enforcing passwords and remote wipe policies on these devices. Using a combination of these two policies should provide sufficient protection.
If you insist on using encryption, I huess you would need to use a 3rd party solution such as the one from Good Technology.
PS
I emailed Henrik Kølle as well...
Henrik
Are there any news which Exchange ActiveSync Policies will make it to the update for Windows Phone 7 in the first quarter of 2010? We are interested in Windows Phone 7 but at the moment there are far too many ActiveSync Policies relating to security which are not supported. We would at least need all policies up to Exchange ActiveSync 12.1 - Exchange Server 2007 SP1 to be supported.
The WP7 team aren't yet sharing this information internally or externally...
All do respect Henrik... THEY (MS WP7 team).. need to start sharing some of this information... We in IT are trying to make decisions and decide on directions for the future.. and its utterly impossible without all the relevant information !
So.. I guess we'll stick with Blackberry for at least the next two years .. since MS doesnt support their own server policies and wont "share" that information..
Good luck with it.
Any chance we get HTML e-mail support for Windows Phone 7 and Exchange 2003 SP2? Maybe in an upcoming Service Pack release? Currently we cannot upgrade to 2007 or 2010 for various reasons. Thanks.
This page needs to be updated. With the release of the NoDo update, users with an Exchange 2003 SP2 account can search the GAL. That is an important update. Also, if you had a Exchange 2003 account setup on a pre-NoDo device, to enable the GAL search functionality, you need to re-accept the account settings. A sync alone won't enable the function.
Hi Henrik,
We're having some difficulty with understanding and configuring "Multiple Exchange ActiveSync accounts" from Windows Phone 7, iPhone and Android devices - perhaps what we are hoping to do is not supported.
Ideally we would like to configure the same user credentials (ie same username, domain and webserver) to activesync to two different mailboxes (different email addresses within the same domain) within the same AD / Exchange organisation on the same Exchange 2003 server. For example, the first Exchange 'account' would be the users personal mailbox / email account, the second Exchange account might be an organisation's shared mailbox / calendar that contained organisational events, or perhaps even a second mailbox to whom the user was delegated access to manage. The first mailbox would be 'attached to the users AD object, the second mailbox would be accessible to the user by virtue of rights granted to the users AD object.
We are able to successfully configure activesync from the Windows Phone 7 device to the first mailbox. However, we are not able to configure a second 'exchange account' on the Windows Phone 7 using the same userid specified to connect to the first mailbox - instead, the second exchange account results in an identical replica of the first exchange account.
It seems to us that activesync on WP7, iPhone, and Android devices all rely on the Exchange mailbox associated with the username - rather than the email address specified in the active sync connection - to determine the mailbox to be connected to. This seems counterintuitive to us because we understand that the same active directory username and password can be used to access many different mailboxes (or email addresses) - assuming the username has rights to access the mailbox).
We understand that this issue would not be a problem if we were attempting to access the primary mailbox of two different users in two different organisations. However, we think it is a reasonably common requirement for a single person to need to access multiple exchange mailboxes within the same Exchange Organisation / Server. At this stage, we're uncertain as to whether this is technically possible (and we simply don't understand how to configure the device (or maybe an AD attribute), or whether the senario was never envisaged and is not currently provided for.
Any assistance or direction would be greatly appreciated.
It would be really nice to see SMS Activesync in WP7 in Mango.
Any word on new EAS support? And then specifically on Device Encryption? I work for one of the larger MS partners in the Netherlands, and from September 1st our internal IT department will ban all WP7 (and some other) devices because they do not currently support this.
Apparently they are doing this for some upcoming EU law which basicly says that companies that host/have access to customer data, have to have this encryption. Being an IT company we obviously host a lot of data for multiple customers.
I am not sure if the EU law becomes active on September 1st, but it should be then or a bit later. Anyway, hope device encryption will be added.