Microsoft Exchange and Blackberry Server Specialists

ActiveSync

Exchange ActiveSync is a service built in to Exchange 2003 that allows a device with Exchange ActiveSync support, including Windows Mobile and the iPhone to synchronise directly with the server over the Internet without having to dock with a workstation that has ActiveSync installed. 

ActiveSync Section Contents

ActiveSync Contents

Secure Deployment of Exchange Active Sync

As Exchange Active Sync goes over the internet and is on handheld devices which can be easily lost, it is important that you secure your EAS deployment.

SSL Certificate

For all deployments you should use an SSL certificate. This will encrypt the username and password information as it is sent over the internet and will provide additional security to the traffic. It also allows you to avoid having port 80 open to the Internet. However, depending on the type of certificate that you are using, you may have to import the certificate on to each handheld device, which can cause complications with deploying the service to your users. More information.

Global Address List Access

You cannot download the global address list from Exchange on to your handheld. Instead Microsoft have opted for over the air lookups. This is the same approach that RIM have adopted for the Blackberry. The theory being that the GAL could be very large and updated frequently - by doing an over the air lookup you are using the latest information.

Windows Mobile 2005 without the MSFP Update, Windows Mobile 2003 SE and older

To do over the air lookups on the older version of Windows Mobile, you have to download and install an additional component. This component uses the Outlook Mobile Access (OMA) interface and as such you need to ensure that is working.
http://www.microsoft.com/windowsmobile/downloads/global/smartphone.mspx

Windows Mobile 5.0 with MSFP or higher

With the latest update to the Windows Mobile 5.0 operating system the functionality to do over the air lookups is now built in. To carry out a lookup, create a new message in the normal way. Then tap on To: to bring up your personal address list. In the lower right corner, click Menu, then "Find Online". You can then enter information to search the Global Address List.

Other ActiveSync devices operate in a similar way.

Set a Password for the Devices

If you do not set a password, then the remote wipe can be bypassed. If no password is set then the device will prompt to enforce a policy on the device when the remote wipe command is sent. All the person in possession has to do is choose no to enforce the policy and they continue to have access.