Managing iphones, ipads, and Androids with Exchange ActiveSync Presented by Val Hetrick 1
What Will I Learn Today? How Exchange can be used as a basic management tool for Mobile Devices The features and capabilities that are available in the Exchange Administrator Interface for managing Mobile Devices The gaps and traps to watch out for if using Exchange to manage Mobile Devices What to do when you need more comprehensive control and visibility The benefits of using Exchange device management to derive additional value from an MDM solution 2
Let s get the conversation started You have users with personal and consumer devices that require access to your Exchange email environment iphones, ipads and Androids You need tools and techniques to help get some basic level of control, now You know how to do BlackBerry, but these other devices are uncharted territory for you and your team You ve been inundated with information on device management but aren t sure which approach you should take 3
So, where to start? The built-in Exchange 2007/2010 tools may be a start for some What can I do with these tools? Device visibility/asset management 10 or so device attributes Mailbox policy creation/edit/assignment Actions Wipe (factory reset) Change Mailbox policy Remove/Block Device Legacy Device Support Symbian Windows Mobile 4
What are the steps? Turn on ActiveSync, but be careful Things to consider when you enable ActiveSync on Exchange Email Access Control Full Access Wild West Mailbox by Mailbox Cumbersome Multiple device issue Monitor for new devices for enabled mailboxes Manual effort 2010 ABQ may help 5
Now that you have it turned on. Gaps to be aware of No clear picture of connected devices in real-time If you want control, having to use individual Mailbox configuration Remote Wipe that is all or nothing Script development to augment the limited Exchange tools No easy way to view and remove inactive devices No ability to perform Device- and User Group-based policy assignment No concise audit history of mobile device actions (e.g., policy change, remote wipe) No web-based access for non email administrator personnel No ability to add asset information to mobile devices managed via ActiveSync 6
Now that you have it turned on. Traps that will get you in trouble Multiple devices Once a mailbox is enabled, a user can connect any number of devices Device diversity No control over what type of device connects Significant gaps exist in device capabilities that need to be considered Apple ios 3.x Android 1.x, 2.0, 2.1 Android implementations Androids lie! Jailbroken and Rooted Devices 7
The ActiveSync policy conundrum. A comprehensive set of policies, but Device manufacturer implementation varies greatly Only best effort on the part of most Some critical gaps Device and application restrictions VPN, WiFi, Email profiles Password policies Understand what policies are implemented by your device Exchange ActiveSync Client Comparison Table (Microsoft) Comparison of Exchange ActiveSync (Wikipedia) 8
Supported Exchange Active Sync policies, the basics The following Exchange policies are supported on ios and Android Enforce password on device Minimum password length Maximum failed password attempts Require both numbers and letters Inactivity time in minutes The following Exchange 2007 policies are also supported on ios Allow or prohibit simple password Password expiration Password history Policy refresh interval Minimum number of complex characters in password Require manual syncing while roaming Allow camera Require device encryption 9
Signs that you may need more than Exchange to manage your devices You need device level auto-quarantine You need better device data and asset information You need more consistent and quality device data to make better decisions on what is accessing your corporate data You need a consistent way to deal with variation in device/vendor support You need important and more granular actions Selective Wipe/Full Wipe (as required by the situation) Lock Device Change device passcode Locate device You would like to delegate administrative activities How long you can get by with Exchange management capabilities before you find a situation that cannot be accommodated? 10
MaaS360 Mobile Device Management Offers Exchange ActiveSync Manager as well as ios and Android Mobile Device Manager for additional capabilities Helps organizations at-a-glance understand their mobile device posture (real-time) on their Exchange infrastructure Helps organizations extend mobile device management operations to other teams, if desired Eases and extends day-to-day Exchange management functionality for mobile device issues and cases Adds Quarantine and Device Approval workflows to Exchange 2007 Environments Able to have multiple policies Selective Wipe with ios Push out VPN/Wireless Profiles with ios and Android 11
MaaS360 compliments Exchange/ActiveSync 12
Demo of MaaS360 MDM 13
Wrap-up Questions or follow-up? Val Hetrick vhetrick@fiberlink.com Upcoming Webinars (http://maasters.maas360.com/webinars/) January 5: Enabling iphones and ipads in the Enterprise Past Webinars (http://links.maas360.com/webinars/) Controlling Mobile Data Expenses Kindle Fire vs. ipad 2 Enabling ios 5 in the Enterprise (Three-Part Series) Plus lots of How-To content at the MaaSters Center Mobile Device Management Best Practices http://links.maas360.com/mdm/ Solutions to Common BlackBerry Issues http://links.maas360.com/blackberry/ Over 300 articles and posts including training videos and free tools http://maasters.maas360.com/ 14