Overview of Exchange ActiveSync
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
By default, when you install the Client Access server role on a computer that is running Microsoft Exchange Server 2007, you enable Microsoft Exchange ActiveSync. Exchange ActiveSync lets you synchronize a mobile device with your Exchange 2007 mailbox.
Overview of Exchange ActiveSync
Exchange ActiveSync is an Microsoft Exchange synchronization protocol that is optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML, lets devices such as browser-enabled cellular telephones or Microsoft Windows Mobile® powered devices access an organization's information on a server that is running Microsoft Exchange. Exchange ActiveSync enables mobile device users to access their e-mail, calendar, contacts, and tasks and to continue to be able to access this information while they are working offline.
Exchange ActiveSync can synchronize e-mail messages, calendar items, contacts, and tasks. You cannot use Exchange ActiveSync to synchronize notes in Microsoft Outlook.
New Features in Exchange ActiveSync
Exchange ActiveSync has been enhanced in Exchange Server 2007. The following are some of the new and enhanced features:
Support for HTML messages
Support for follow-up flags
Support for fast message retrieval
Meeting attendee information
Enhanced Exchange Search
Windows SharePoint Services and Universal Naming Convention (UNC) document access
Enhanced device security through password policies
Autodiscover for over the air provisioning
Support for Out of Office configuration
Support for tasks synchronization
The ability to use Autodiscover depends on the mobile device operating system that you are using. Not all mobile device operating systems that support synchronization with Exchange Server 2007 also support Autodiscover. For more information about which operating systems support Autodiscover, contact the manufacturer of your mobile device.
Many of these features require the use of the latest version of Windows Mobile that is currently in development.
For more information about the new features in Exchange ActiveSync, see Client Features in Exchange ActiveSync.
Managing Exchange ActiveSync
By default, Exchange ActiveSync is enabled. All users who have an Exchange mailbox can synchronize their mobile device with the Microsoft Exchange server.
You can perform the following Exchange ActiveSync tasks:
Enable and disable Exchange ActiveSync for users
Set policies such as minimum password length, device locking, and maximum failed password attempts
Initiate a remote wipe to clear all data off a lost or stolen device
Run a variety of reports for viewing or exporting into a reporting solution
Security in Exchange ActiveSync
You can configure Exchange ActiveSync to use Secure Sockets Layer (SSL) encryption for communications between the Exchange server and the mobile device client. Certificate-based authentication works with a self-signed certificate, a certificate from an existing public key infrastructure, or a third-party commercial certificate. You can use certificate-based authentication together with other security features, such as local device wipe and a device password, to turn the mobile device into a smartcard. The private key and certificate for client authentication are stored in memory on the device. If an unauthorized user tries to bypass the device password, all user data is purged. This includes the certificate and private key. For more security, you can deploy RSA SecurID two-factor authentication on the Exchange server.
Device Security Features in Exchange ActiveSync
In addition to the ability to configure security options for communications between the Exchange server and your mobile devices, Exchange ActiveSync offers the following features to enhance the security of mobile devices:
Remote wipe If your device is lost, stolen, or otherwise compromised, you can issue a remote wipe command from the Exchange Server computer or from any Web browser by using Microsoft Office Outlook Web Access. This command erases all data from the mobile device.
**Device password policies ** Exchange ActiveSync lets you configure several options for your device password. These options include the following:
**Minimum password length (characters) ** This option specifies the length of the password for the device. The default length is four characters, but can include as many as 18.
Require alphanumeric password This option determines password strength. You can enforce the usage of a character or symbol in the password in addition to numbers.
Inactivity time (seconds) This option determines how long the device must be inactive before the user is prompted for a password to unlock the device.
Wipe device after failed (attempts) This option lets you specify whether you want the device memory wiped after multiple failed password attempts.
For More Information
For more information about Exchange ActiveSync, see the following topics: