Android users in Exchange environments may feel like a Martian on Earth: set apart and unsupported. But controlled and secure connections can happen.
Sync Android with Google Apps or Microsoft ExchangeUsing an Android phone in an organization that uses Google Apps is easy, as you might expect. Add your Google Account to your phone (usually in Settings | Accounts | Add account). Once connected, your email, calendar and contacts sync between your phone and Google's servers.
Lose your phone? No problem. Your Google Apps administrator can remotely lock, locate, and wipe it. Even if you don't use Google Apps, as long as your phone runs Android 2.2 or above, you can remotely lock, locate and wipe your phones with the Android Device Manager.
Similarly, using an Android phone in an organization that uses Microsoft Exchange is also easy. Add your Microsoft Exchange Activesync account to your phone (usually in Settings | Accounts | Add account). You may need to obtain approval and customized login information from your system administrator. Once connected, your email, calendar, and contacts sync between your phone and your organization's Microsoft Exchange servers.
As with Google Apps, if you lose your phone, your Microsoft Exchange administrator can remotely lock and wipe it.
Trade convenience for control?
Syncing and remote control makes sense for devices owned by the organization. The organization owns the device, syncs it, and controls it.
But if YOU own your phone, you might not want to give an administrator the ability to remotely wipe it. I know I don't want to do this.
Mobile browser access is one alternative to syncing. Open your browser on your phone, and then login. Gmail and Google Calendar both provide a mobile-friendly version in a browser. Microsoft's Outlook Web Access provides access to a web version of Outlook. Browser access doesn't provide "push" notifications of new emails, and tends to be less user-friendly than using standard mobile mail, calendar, and contact applications. Overall, mobile browser access isn't convenient.
Another alternative is to sync data using other methods (or "protocols"). For example, you may be able to sync your email using IMAP, which both Google Apps and Microsoft Exchange support. CalDav and iCAL, similarly, are alternative calendar data protocols. However, prudent system administrators shouldn't allow this: you'd have the organization's data, but the organization would have no way to delete it. From a governance and security perspective, these alternative sync methods lack sufficient organizational control.
Contained and controlled convenience for users
Fortunately, software lets you connect your phone to Exchange, but limit the organization's control. The concept is simple: create a secure "bucket" that connects to your organization's data. Your mail, calendar, and other information will sync into this "bucket". But if the organization's administrators initiate a remote wipe, only the organizational information in the "bucket" is emptied. The rest of the phone is left untouched.
Touchdown from Nitrodesk gives you exactly such a secured, controlled container on your Android phone (a version is also available for iOS devices). As with any mobile device, you may need to obtain approval and customized login information from your system administrator. Once connected, your email, calendar, and contacts sync between your phone and your organization's Microsoft Exchange servers, but all the data stays inside the Touchdown app. The app costs $19.99 as of August 2013.
Touchdown syncs email, calendar, contacts and tasks in a single, secured app.
Divide from Enterproid functions both as an Android launcher and a secured, controlled container. The launcher "divides" your workspaces into work and personal containers. Divide not only connects to Microsoft Exchange servers, but also to Google Apps accounts. So you could setup your Android phone with a personal Gmail account, and use Divide to connect to an organizational Google Apps account. The Divide app is free as of August 2013.
Divide connects your device to either Microsoft Exchange or Google Apps accounts
Divide seeks to "scale up" smoothly: they offer a web-based mobile device management system. Even if your company doesn't use Divide to manage mobile devices, you can use the company's web interface to lock, locate, and wipe your device. Divide provides two types of remote wipes: "Clear", which erases all corporate data on the device, and "Wipe", which erases ALL data - corporate and personal - on the device. The site also tracks network usage, which shows how phone and data use divides between work and personal use. This feature may increase the accuracy of your business phone expense reports.
The my.divide.com website offers remote management and data tracking.
The bottom line is that you may be able to connect your personally owned Android device to your company's enterprise Exchange or Google Apps system, without giving up control over the device. Your device and data remain under your control; the organization's data remains under the organization's control. That's something everyone can grok.
Let me know what your experiences with either Touchdown or Divide have been in the comments below. Or, if you use a different solution, I'd love to learn about it.
- Google Apps and Android: Lock, locate, and wipe
- How to successfully roll out additional features of the Google Apps Suite
- Manage Google Apps with roles and privileges
- Stranger in a Strange Land