Manage Learn to apply best practices and optimize your operations.

Using Mobile Device Manager 2008 server roles in Exchange 2007

Discover how Mobile Device Manager 2008 works with Exchange 2007 and how you can use it to easily manage mobile devices across your Exchange organization. You'll learn how it allows you to join mobile devices to a windows domain, the three separate server roles and more in this tip from Microsoft Exchange Server expert, Brien Posey.

System Center Mobile Device Manager 2008 complements Exchange Server 2007's built-in mobile device capabilities. This tip will give you an overview of the management tool's server roles, how to use it to manage Windows Mobile devices and how to recognize its potential in an Exchange Server environment.

System Center Mobile Device Manager isn't an Exchange Server add-on, but a separate product designed to work with Exchange server and augment its abilities. It can be compared to Office Communications Server (OCS). Exchange Server 2007 has its own unified messaging capabilities, but OCS augments them by providing a complete unified communications solution. Similarly, Mobile Device Manager extends Exchange's built-in mobile device management capabilities.

Mobile Device Manager offers three separate server roles: the management server, the enrollment server and the gateway server. Although you can install all three of these roles onto the same server, ideally they should be separated into different servers -- or at least separate virtual machines -- to maximize performance and security.

The management server: This role is core of Mobile Device Manager. One of the management server's functions is to apply security policies to mobile devices. However, for the most part, Mobile Device Manager offers the same basic security settings that are available to mobile devices through Exchange Server 2007 SP1.

You may be wondering what the advantage is in using Mobile Device Manager. In general, it allows you to join mobile devices to a Windows domain, just as you can join desktops, laptops and servers to a domain. This makes it possible to apply security settings to mobile devices through group policy settings. There are more than 130 different group policy settings that can be applied to mobile devices.

Note: You can only join a mobile device to a domain if it is running Windows Mobile 6.1 or higher.

Management capabilities available through the management server include the ability to inventory mobile devices and to generate various reports.

Mobile Device Manager makes it easier to manage applications that are running on mobile devices. Like Exchange Server, Mobile Device Manager allows you to decide which applications are allowed to and aren't allowed to run on the devices. Mobile Device Manager can also be used to deploy applications to mobile devices.

Note: Mobile Device Manager requires SQL server since it stores device configuration information in a SQL Server database.

If you're going to use Mobile Device Manager to deploy applications to mobile device applications, Windows Server Update Services (WSUS) 3.0 or higher is also required. WSUS is normally used to deploy software updates, but Mobile Device Manager can't deploy Windows Mobile updates to mobile devices. Doing so would require that the device's BIOS be flashed.

More on mobile devices:
Which ActiveSync authentication method is best for your mobile device?

Using Windows Mobile emulator with Exchange Server 2007

Performing a remote wipe on ActiveSync devices in Exchange Server 2007

The enrollment server: This server facilitates the task of provisioning mobile devices. The enrollment process joins the mobile device to an Active Directory domain and assigns a certificate to the device. This certificate allows mutual authentication between the mobile device and the gateway server.

The gateway server: This is essentially a VPN server that's designed for users with mobile devices. Users can use the gateway server to access resources on the corporate network -- provided that the users have the appropriate permissions. This is important because Exchange ActiveSync allows users to access their Exchange mailboxes.

In certain instances, Exchange can act as a proxy if a link to a file is embedded in an email message. This allows users to access files that are stored on file shares or in Microsoft SharePoint document libraries. Traditionally, most mobile users have not had access to other network resources while away from the office.

Having a full-blown VPN solution available to mobile users makes devices more useful. It also creates the possibility for developers to write mobile versions of line-of-business applications that are used within an organization.

System Center Mobile Device Manager not only makes it easier to manage mobile devices across an enterprise, it also makes mobile devices more useful by providing access to traditionally non-mobile network resources.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for

Dig Deeper on Outlook management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.