Manage Learn to apply best practices and optimize your operations.

Understanding Exchange Server 2007 SP1 mobile security settings

Mobile devices used in the enterprise require stricter security settings than ever before. Exchange Server 2007 SP1 features some built-in security settings that can help administrators define policies for ActiveSync mobile devices and their users. Learn about Exchange ActiveSync mailbox policy settings in this tip.

Mobile users realize that they can do more than just check email with their devices. But this can be a double-edged sword. On one hand, making better use of mobile hardware can improve mobile users' productivity. On the other hand, more powerful devices and their uses create a new array of security concerns.

Exchange Server 2007 SP1 allows administrators to create elaborate security policies for mobile devices. Users can also enroll their own mobile devices and perform remote wipes of lost or stolen devices.

To explore Exchange 2007 SP1's mobile device security capabilities, open the Exchange Management Console and navigating through the console tree to: Organization Configuration -> Client Access.

The details pane will display a default Exchange ActiveSync mailbox policy or you can create your own. Exchange Server doesn't force you to use the same ActiveSync mailbox policy for all users, so you can create multiple policies and assign them, if necessary.

The Exchange ActiveSync mailbox policy has four settings:

  • Password settings -- Similar to password settings on standard computers, you can control whether you want to require an alphanumeric password or a simple PIN. You can also control the password's length, history, expiration, etc.

  • Sync settings -- These allow you to limit message size, prevent synchronization when the user is roaming, block a device from receiving attachments and more.

  • Device specific settings -- These settings enable or disable various hardware components on the device. For example, you could disable the device's camera, Wi-Fi connection, infrared port and more.

  • Advanced settings -- These enable administrators to control which applications can run on the device. For example, you could choose to allow the use of a Web browser, but block access to consumer mail services such as Hotmail and Gmail.

The real challenge for Exchange administrators is how to use these security mechanisms effectively. However, doing so may require a fundamental shift in the way that you think about mobile devices.

Mobile devices are powerful computing platforms that face many of the same security challenges as laptops. Therefore, it may be necessary to develop or revise your organization's security policies regarding the acceptable use of mobile devices.

The first step is to create a formalized set of goals for your organization's mobile device usage. Then you can take advantage of Exchange Server SP1's built-in security mechanisms to implement these policies.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at

Do you have comments on this tip?  Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for

Dig Deeper on Outlook management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.