ra2 studio - Fotolia


Exchange mobile device management poses challenges to administrators

While allowing end users to access Exchange from multiple devices usually won't affect the server, it can quickly drive up licensing costs and help desk calls.

In recent years, the proliferation of mobile devices -- and the acceptance of such devices for workplace use through...

BYOD programs -- has led to users accessing mailbox resources from multiple devices. Although multi-device access does not typically cause major problems for Exchange Server itself, it can cause minor complications for administrators who must handle Exchange mobile device management.

Exchange Server licensing

One of the biggest considerations admins must consider is licensing. Microsoft has long allowed Exchange Server to be licensed on either a per-user or a per-device basis. At one time, most organizations used per-device licensing because it was somewhat common for at least some users to share a PC. Today, however, per-device licensing could be cost prohibitive because it requires a separate Client Access License (CAL) for every device used to access Exchange Server resources. Users who work from multiple devices would increase licensing costs with every new device they register.

On a similar note, smartphones have a somewhat limited lifespan. It is common for users to swap a device for a new model roughly every other year. Users may also acquire new devices to replace lost, stolen or broken devices. If a user replaces such a device with a new one and forgets to disassociate their old device from their Exchange Server mailbox, then the user has technically increased the organization's device usage count, even if the older device will never again be used to access Exchange Server resources. This isn't an issue if the organization has purchased user CALs, but it can be a major problem for organizations that use device CALs.

In Exchange Server there is no mechanism that automatically reports your license usage to Microsoft. The problem is that software audits have become increasingly common over the last few years. If an organization gets caught violating the terms of the license, there is a huge financial penalty. The audits are random, but are very common occurrences with some organizations being audited every few weeks.

Exchange mobile device management

Although Exchange Server's Mobile Device Mailbox Policies provide a rich set of controls for securing mobile devices and preventing the use of devices the organization chooses not to support for use with Exchange, it is common for enterprise organizations to leverage mobile device management software rather than relying exclusively on Exchange Server's native capabilities. As such, an organization must consider the impact that multi-device use will have on its management software.

Users who work from multiple devices would increase licensing costs with every new device they register.

Consider that many Exchange shops use Microsoft Intune for mobile device management. Intune leverages Exchange Server's Mobile Device Mailbox Policies -- formerly known as ActiveSync policies -- to enforce security on mobile devices. Intune also controls key features from other Microsoft products such as System Center Configuration Manager and System Center Endpoint Protection. In spite of how Intune works with external products, it requires a separate license. The Intune license allows for the management of up to five devices per user. Although most users probably do not use five mobile devices, it would still be relatively easy to run out of device licenses because PCs count as devices, as do mobile devices. A user who has a desktop PC and a laptop has already used two out of five licenses before ever connecting a mobile device.

Support issues

Another way multi-device usage could potentially prove to be challenging is that the volume of help desk calls generally increases as the number of devices increase. Some calls will not be Exchange related, but some typically will be.

Users may call the help desk because their devices are not perfectly synchronized. When a user has multiple mobile devices connected to Exchange Server, it is normal for one device to receive new mail before the other. The lag may only be a second or two, or it may be a minute or more. There are several factors impacting the time that it takes a device to receive new mail. Users may assume a problem exists because the devices are not in perfect synchronization with one another and call the help desk.

Another common complaint from users is the amount of mail that is displayed on mobile devices. Suppose a user has a phone and tablet that are both synced to Exchange. The phone might be configured to display messages from the last two weeks, while the tablet is only configured to display a week's worth of data. Although it is easy to control the volume of mail that gets stored on a device, users commonly interpret inconsistencies as problematic.

The setting for how much mail gets stored on the device is set at the device level. Most users probably don't know the setting exists. The default values can vary widely from one device type to the next. Unfortunately, there is no universal set of instructions that can be provided to the users because the method used to change device level mail storage varies by device OS and mail client.

Next Steps

Get started with Exchange ActiveSync policies for iOS

MDM for Office 365 features

How to use Exchange ActiveSync for MDM

Dig Deeper on Outlook management