2. Manage Mobile Device Features and Settings
Exchange allows many
different types of mobile devices to connect and download data from the
server. However, the features and settings available are different for
each type of device. For example, the iPhone Exchange allows only basic
PIN control and remote wipe capabilities, whereas Exchange allows
Windows Mobile phones a much richer set of functionality and control.
2.1. Use Mobile Device Policies
Mobile device policies
allow you to specify many settings and apply them all to multiple users.
The following high-level steps are requiredc to use mobile device
policies:
Set up the features and settings in the policy.
Apply the policy to users or groups.
2.1.1. Create a Mobile Device Policy
Use the following steps to create a mobile device policy in the EMC:
In the EMC, browse to the Organization Configuration => Client Access node in the Console tree.
In the Actions pane on the right, click the option New Exchange ActiveSync Mailbox Policy.
In
the New Exchange ActiveSync Mailbox Policy dialog box, type the name of
the policy you are creating and select the basic requirements for the
mobile device password for these users.
Click the New button to create the policy.
When the Completion dialog box is displayed, click the Finish button.
To create a policy in the EMS, you can use the New-ActiveSyncMailboxPolicy command. The following command creates a policy called Executive Policy with the default options set:
New-ActiveSyncMailboxPolicy 'Executive Policy'
2.1.2. Configure Features and Settings
There are many features
and settings that you can define in ActiveSync policies. After you have created your
mobile device policy, follow the steps in the section that corresponds
to the features that you want to use. For example, if there is a feature
that you want to disable, follow the steps in the "Disable Mobile Device Functionality" section.
2.1.3. Set a Mobile Device Policy on One or More Users
After the policy is created
and configured, you can apply the policy to users. Policies can be
applied to single users with the EMC or to groups of users in a batch
with the EMS. Each user can only have one mobile device policy applied.
To set the policy on an individual user with the EMC:
Open the EMC and browse to the Recipient Configuration => Mailbox node in the Console tree.
The
list of mailboxes is displayed in the Results pane in the center of the
EMC. Select the mailbox that you want to apply the mobile device policy
to and click the Properties option in the Actions pane on the right.
In the properties dialog box for the mailbox, select the Mailbox Features tab.
A list of features is displayed for the mailbox.
Select the Exchange ActiveSync feature and click the Properties button above the feature list.
This will allow you to set the ActiveSync mobile device policy on the mailbox.
In
the Exchange ActiveSync Properties dialog box, click the Browse button
to open a window that enables you to browse through existing mobile
device policies. Select the policy that you want to apply and click OK.
Click
OK to close the Exchange ActiveSync Properties dialog box. Then click
OK to close the mailbox properties and apply the device policy.
You can also set the ActiveSync mailbox policy through the EMS by running the Set-CASMailbox command with the ActiveSyncMailboxPolicy parameter. The following example enables the policy called Executive Policy on each user that is in the Executive Users group:
Get-DistributionGroupMember "Executive Users" |
Set-CASMailbox -ActiveSyncMailboxPolicy "Executive Policy"
2.2. Disable Mobile Device Functionality
You can control
which functionality mobile devices have enabled using the ActiveSync
Mailbox Policy that you previously created. When you disable one of the
components in the ActiveSync Mailbox Policy, the component is disabled
for the entire device, and not just for use in Outlook. The following
features can be disabled for devices:
Removable storage (SD cards, compact flash cards, etc.)
Camera
Wireless network adapter
Infrared port
Internet sharing functionality
Remote desktop from the device
Synchronization with a desktop computer
Bluetooth capabilities (can be disabled completely or set to hands-free only)
2.2.1. Use the Exchange Management Console to Enable or Disable Mobile Device Features
To turn functionality on and off using the EMC:
Open the EMC and browse to the Organization Configuration => Client Access node in the Console tree.
In the Work area in the center of the EMC, select the Exchange ActiveSync Mailbox Policies tab.
In the ActiveSync Mailbox Policies list, select the policy that you want to configure the features for.
After
selecting the policy that you want to modify, either double-click on it
or select the Properties option from the Actions pane on the right of
the EMC.
This will bring up the properties dialog box for the policy.
In
the properties dialog box, click the Device tab. The list of features
is displayed in this tab as check boxes. Check and uncheck the
appropriate boxes to configure functionality for this device policy.
Click OK to make the changes to the policy.
|
Make sure that this policy
is applied to the appropriate users or you may inadvertently disable
functionality for the wrong person!
|
|
2.2.2. Use the Exchange Management Shell to Enable or Disable Mobile Device Features
You can configure mobile device functionality options for the policy using the EMS as well. In the EMS, you should use the Set-ActiveSyncMailboxPolicy command with the parameters shown in Table 1.
Table 1. Parameters for Configuring Mobile Device Policies in the EMS
| Functionality | Command Parameter | Possible Values |
|---|
| Removable Storage | AllowStorageCard | $true, $false |
| Camera | AllowCamera | $true, $false |
| Wireless Adapter | AllowWiFi | $true, $false |
| Infrared Port | AllowIrDA | $true, $false |
| Internet Sharing | AllowInternetSharing | $true, $false |
| Remote Desktop from the device | AllowRemoteDesktop | $true, $false |
| Synchronization with a Desktop PC | AllowDesktopSync | $true, $false |
| Bluetooth Settings | AllowBluetooth | Allow, Disable, HandsFreeOnly |
For example, to turn off
Internet sharing and configure Bluetooth for hands-free only operation,
you can run the following EMS command:
Set-ActiveSyncMailboxPolicy "Executive Policy"
-AllowInternetSharing $false -AllowBluetooth
'HandsFreeOnly'
2.3. Manage Synchronization Settings
In addition to
controlling the available features on mobile devices, you can control
how the device synchronizes data with Exchange. The synchronization
settings that you can specify through the ActiveSync policy are as
follows:
How old synchronized email and calendar items are before they are no longer synchronized
The maximum size of email and attachments
Direct
Push usage when a user is in a "roaming" area on their mobile phone.
Direct Push is a feature that allows mobile devices to receive email as
soon as it arrives at the server. Without Direct Push, devices have to
initiate a synchronization either manually or on a predefined interval.
The formatting of synchronized messages (HTML or text)
NOTE
Not all of these synchronization features are available for every phone.
2.3.1. Use the Exchange Management Console to Manage Synchronization Settings
To manage synchronization settings in the EMC:
Open the EMC and browse to the Organization Configuration => Client Access node in the Console tree.
In the Work area, click the Exchange ActiveSync Mailbox Policies tab.
Double-click
on the policy that you want to configure synchronization settings for.
You can also select the policy and click the Properties option in the
Actions pane on the right.
The properties dialog box for the policy will open. Click the Sync Settings tab.
Configure the synchronization settings to your liking and click OK to make the changes to the policy.
2.3.2. Use the Exchange Management Shell to Manage Synchronization Settings
To configure these settings with the EMS, you can use the Set-ActiveSyncMailboxPolicy command. Table 2 lists the appropriate parameters to use with this command.
Table 2. Parameters for Configuring Sync Settings in the EMS
| Sync Setting | Command Parameter | Possible Values |
|---|
| Include Past Calendar Items | MaxCalendarAgeFilter | All, TwoWeeks, OneMonth, ThreeMonths, SixMonths |
| Include Past Email Items | MaxEmailAgeFilter | All, OneDay, ThreeDays, OneWeek, TwoWeeks, OneMonth |
| Limit Email Size To (KB) | MaxEmailBodyTruncationSize | Numeric value measured in KB |
| Allow Direct Push When Roaming | RequireManualSyncWhenRoaming | $true, $false |
| Allow HTML-Formatted Email | AllowHTMLEmail | $true, $false |
| Allow Attachments To Be Downloaded To Device | AttachmentsEnabled | $true, $false |
| Maximum Attachment Size (KB) | MaxAttachmentSize | Numeric value measured in KB |
As an example, the following command will set the maximum message size to 50 KB and disable attachment synchronization:
Set-ActiveSyncMailboxPolicy "Executive Policy"
-MaxEmailBodyTruncationSize 50 -AttachmentsEnabled $false
