With the release if exchange SP2 and the feature pack, I had a look at what WM 5.0 device management options are available, how they are set, and how they are applied to devices. The management options need to be set on an Exch2003 SP2 + Feature pack server.
The new options are:
Through the ESM(Exchange server management)\ Global Settings\Mobile Services\:
- Enable PIN on device
- Require both numbers and letters
- Inactivity Time
- Wipe device after failed (attempts)
- Refresh settings on device (hours)
- Allow access to devices that do not support PIN settings
- Exceptions list (add AD user Id’s)
Through Web browser:
All the options through the ESM are set within global policy per Exchange organization, and exclusions can only be made on a user basis. An exclusion means no policy to be applied at all, as one org can’t support different policies. These policies are not linked to AD group policies in any way.
The idea of performing the device wipe through a web interface means the task doesn’t require a member of the helpdesk to use the ESM. The device wipe is quick, (worked in about 10 secs flat), and effectively performs a hard reset. It does not wipe the SD card.
The ability to keep sending down the policy on a schedule is a good idea, although I don’t know yet how much a user can tamper with the policy configured settings
The policies are applied the first time a WM 5.0 device connects to the Exchange environment through Activesync. Activesync notifies the user that a policy will be installed to continue, and is offered an OK or cancel button. Cancellation at this point results in the Activesync connection being terminated. If the user clicks OK, the enter password screen appears, and the user can’t continue until a password meeting the complexity requirements has been entered.
In summary, the new management policies cover the most valuable functions, PIN enforce and Wipe Device. Device provisioning, inventory, patch updating, software control and recovery are not covered at all. I think for a lot of businesses the core security functions that Exchange will offer will be enough for them to use it, without spending on third party management solutions.
Neil Chapman