Exchange ActiveSync: 6 Limitations to Be Aware of For Optimized Mobile Device Management
Exchange ActiveSync (EAS) allows administrators to manage their mobile devices. It allows smart phones and other devices to connect to an Exchange server, and synchronize their email, calendar, tasks, contact list and mailbox settings. In addition to this, the EAS server also allows IT administrators to enforce security and policy control on these devices.
Enabling access to EAS for iPads, iPhones and Androids is easy, but has its own limitations. Some of these functional gaps and administrative inefficiencies relate to:
1. Support for Multiple Devices: An end user may connect with any number of devices to a mailbox. This can be an administrator trap as EAS supports policy assignments at a mailbox level and not at a device level. It is very difficult to control what can be connected. Jail broken iPhones, rooted Androids, and iPhone 3.x versions do not have robust encryption. Another thing to be aware of is that Androids may lie! They can claim to be enforcing ActiveSync policies, but they may not be. There are Android apps specifically created to foil ActiveSync security enforcement.
2. Mobile Device Inventory: Once a mailbox is created, a user can connect with any number of mobile devices. The EAS console has no feature for IT administrators to evaluate unregistered non-corporate devices entering the corporate boundaries. For optimized mobile device management (MDM), a detailed report of corporate versus personal devices, carrier and network information, and detailed mobile device level software listings may allow administrators to gain visibility of the state of the mobile devices accessing the corporate resources.
3. Management of Inactive Devices: There is no easy way to view or remove inactive devices.
4. Support for Granular Device Management Functions: EAS supports only Remote Wipe for a device. There should be support for more some granular device management functions, like Selective Wipe/Full Wipe (as required by the situation), Lock Device, Change Device Passcode and Locate Device.
5. Web Mail Accessfor Non-administrator Personnel: There is no support for delegating administrative activities to other corporate personnel.
6. Some key administrative functions present limitations:
* Device Level Auto Quarantine(block a device before it connects) is not supported with Exchange 2003 and 2007 servers.
* Audit Historyof actions performed on mobile devices is not supported.
* Device and User Group based on policy assignment is not available.
These limitations may not be an issue for a small number of devices, but becomes a problem as the access expands. Thus, for more comprehensive device support and visibility, it is important that the MDM solution is complemented with a third-party solution that leverages the Exchange Management capabilities.
For more information on ActiveSync policies, its strengths and functional gaps and EAS based mobile device management, read: http://www.maas360.com/fiberlink/en-US/knowledge/whitepapers/understandingExchange.html