Use Exchange 2010 ActiveSync to limit mobile security issues

Enable and disable ActiveSync for any user

Users in Exchange-based organizations enjoy comprehensive built-in mobility via ActiveSync; however, even as users clamor for smartphones, IT needs to make sure that these services are used in ways that are consistent with organizational policies. Although some users believe that these policies can be constraining, the situation would be much worse if the mobile device were to create a major security incident.

There are a variety of third party solutions to manage, monitor, and control mobile devices, but many organizations loathe spending a lot of money on these kinds of services and are most concerned with being able to simply control how devices interact with their systems. Exchange 2010 includes a number of administrative controls to help IT departments provide these mobility services while enabling automated methods by which user's devices are required to adhere to policy.

This TechRepublic gallery is also available as a Smartphones blog post.

First and foremost, you get to decide whether ActiveSync is even available on a user by user basis. You can opt to disable ActiveSync for all users and then enable it only for those users who need it. In this figure, you see an Exchange Management Console screenshot that shows you my Exchange profile with ActiveSync enabled.

All screenshots by Scott Lowe for TechRepublic.