exchnage, active sync

what are the security requirements we require for mobile device connections to exchange email for exchange 2007 having outlook 2007 and above
pramod1Asked:
Who is Participating?
 
Todd NelsonConnect With a Mentor Systems EngineerCommented:
These are screenshots of the default EAS policy...

eas0.png
eas1.png
eas2.png
eas3.png
eas4.png
eas5.png

And here is the text output of that same policy...

[PS] C:\>Get-ActiveSyncMailboxPolicy | fl


AllowNonProvisionableDevices             : True
AlphanumericDevicePasswordRequired       : False
AttachmentsEnabled                       : True
DeviceEncryptionEnabled                  : False
RequireStorageCardEncryption             : False
DevicePasswordEnabled                    : False
PasswordRecoveryEnabled                  : False
DevicePolicyRefreshInterval              : unlimited
AllowSimpleDevicePassword                : True
MaxAttachmentSize                        : unlimited
WSSAccessEnabled                         : True
UNCAccessEnabled                         : True
MinDevicePasswordLength                  : 4
MaxInactivityTimeDeviceLock              : 00:15:00
MaxDevicePasswordFailedAttempts          : 8
DevicePasswordExpiration                 : unlimited
DevicePasswordHistory                    : 0
IsDefaultPolicy                          : True
AllowStorageCard                         : True
AllowCamera                              : True
RequireDeviceEncryption                  : False
AllowUnsignedApplications                : True
AllowUnsignedInstallationPackages        : True
AllowWiFi                                : True
AllowTextMessaging                       : True
AllowPOPIMAPEmail                        : True
AllowIrDA                                : True
RequireManualSyncWhenRoaming             : False
AllowDesktopSync                         : True
AllowHTMLEmail                           : True
RequireSignedSMIMEMessages               : False
RequireEncryptedSMIMEMessages            : False
AllowSMIMESoftCerts                      : True
AllowBrowser                             : True
AllowConsumerEmail                       : True
AllowRemoteDesktop                       : True
AllowInternetSharing                     : True
AllowBluetooth                           : Allow
MaxCalendarAgeFilter                     : All
MaxEmailAgeFilter                        : All
RequireSignedSMIMEAlgorithm              : SHA1
RequireEncryptionSMIMEAlgorithm          : TripleDES
AllowSMIMEEncryptionAlgorithmNegotiation : AllowAnyAlgorithmNegotiation
MinDevicePasswordComplexCharacters       : 3
MaxEmailBodyTruncationSize               : unlimited
MaxEmailHTMLBodyTruncationSize           : unlimited
UnapprovedInROMApplicationList           : {}
ApprovedApplicationList                  : {}
AllowExternalDeviceManagement            : False
MailboxPolicyFlags                       : 0
AdminDisplayName                         :
ExchangeVersion                          : 0.1 (8.0.535.0)
Name                                     : Default
DistinguishedName                        : CN=Default,CN=Mobile Mailbox Policies,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=d1,DC=com
Identity                                 : Default
Guid                                     : 53e4840b-9bff-47de-a23a-e548935766f1
ObjectCategory                           : contoso.com/Configuration/Schema/ms-Exch-Mobile-Mailbox-Policy
ObjectClass                              : {top, msExchRecipientTemplate, msExchMobileMailboxPolicy}
WhenChanged                              : 8/21/2015 7:14:51 PM
WhenCreated                              : 8/21/2015 7:14:51 PM
OriginatingServer                        : server1.contoso.com
IsValid                                  : True



[PS] C:\>

Open in new window

0
 
IvanSystem EngineerCommented:
What do you mean?

Mobile device like mobile phones, or you are referring to mobile computers, like computers from people that work in field?

Regards,
Ivan.
0
 
Scott CSenior Systems EnginerCommented:
All you should need is a valid cert from a CA and an Exchange server.

Though you are going to want to consider upgrading your Exchange.   2007 is very quickly nearing it's EOL support cycle.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Todd NelsonSystems EngineerCommented:
SSL would be my recommended requirement.

Agree with ScottCha.  This environment really should be transitioned to Exchange 2010 and Office 2010 (at a minimum) or migrated to O365.

And support for Office 2007 is scheduled to expire on 10 Oct 2017 (one year from now) ... https://support.microsoft.com/en-us/lifecycle/search/?p1=8753
0
 
pramod1Author Commented:
I have this attached figure for active sync mobile policies on 0365

do we have such security options for mobiles ( exchange active sync) which are used for exchange 2007

like password length, number of sign in failures etc.
capture.png
0
 
IvanSystem EngineerCommented:
Yes, you do.

Here is a list of options on Exchange 2007: https://blogs.technet.microsoft.com/exchange/2007/05/23/exchange-2007-activesync-policies/

Regards,
Ivan.
0
 
pramod1Author Commented:
but ivan, how would I know if these policies are applied to users
0
 
IvanSystem EngineerCommented:
Hi,

you would go to user mailbox, and in properties --> mailbox features --> ActiveSync --> you can see what policy is applied to that user.

More on that: https://technet.microsoft.com/en-us/library/aa997929(v=exchg.80).aspx

Picture is attached.

Regards,
Ivan.
policy.jpg
0
 
pramod1Author Commented:
it says default policy

how can I find what are in defaults
0
 
IvanSystem EngineerCommented:
Follow this guide to get to default policy, and see what is in it.

Link: https://technet.microsoft.com/en-us/library/aa995989(v=exchg.80).aspx

Regards,
Ivan.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.