|
NOTE: Beginning with Mobile Management 7.2, full device encryption is supported on Android 3.0 and up. The MDM agent supports enforcing this policy on Android 3.0+. Active Sync Management Policies by Device - |
|||||||||||
| Policy\Device | iPhone iOS2.x | iPhone iOS3.x and above | Windows Mobile 5 | Windows Mobile 6 | Windows Mobile 6.1 and above | Nokia Mail for Exchange | Palm Web OS | Google Android <2.2 | Google Android =>2.2 | Google Android 2.x with HTC Sense | |
| Features | |||||||||||
| Remote Wipe--Allows the both an adminsitrator and the user to remotely 'wipe' the device, removing any stored data and configuration. | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | ||
| General | |||||||||||
| Allow non-provisional devices--This setting specifies whether older devices that may not support application of all policy settings are allowed to connect to Exchange 2007 by using Exchange ActiveSync. (Allow non-provisionable devices) | Yes | Yes | Yes | Yes | Yes | Yes | |||||
| Refresh Interval (hours)--This setting defines how frequently the device updates the Exchange ActiveSync policy from the server. (Policy refresh interval) | Yes | Yes | Yes | Yes | Yes | ||||||
| Windows File Shares--This setting enables access to files that are stored on Windows file share (UNC) shares. (UNC file access) | Yes | Yes | |||||||||
| Windows SharePoint Services--This setting enables access to files that are stored in Microsoft Windows SharePoint Services document libraries. (WSS file access) | Yes | Yes | |||||||||
| Password | |||||||||||
| Require Password--Enables a device password (Password Enabled) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||
| Require alphanumeric password--This setting requires that a password contains numeric and non-numeric characters and allows you to specify the required number of characters. (Alphanumeric password required) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||
| Enable Password Recovery--When this setting is enabled, the device generates a recovery password that is sent to the server. If the user forgets their device password, the recovery password can be used to unlock the device and enable the user to create a new device password. (Password Recovery) | Yes | Yes | |||||||||
| Require Encryption on the Device--This setting specifies whether device encryption is required. If set to True, the device must be able to support and implement encryption to synchronize with the server. (Require Device Encryption) | iPhone,iPad Touch,iPhone 3G do not support encryption | Only on iPhone 3GS and above | Yes | Yes | |||||||
| Require Encryption on the Storage Card encryption--This setting specifies whether the storage card must be encrypted. Not all mobile device operating systems support storage card encryption. For more information, see your device and mobile operating system for more information. (Require storage card encryption) | n/a | n/a | Yes | Yes | |||||||
| Allow Simple Password--This setting enables or disables the ability to use a simple password such as 1234. The default value is True. | Yes | Yes | Yes | Yes | Yes | Yes | |||||
| Number of Failed Attempts Allowed--This setting specifies how many times an incorrect password can be entered before the device performs a wipe of all data. (Maximum failed password attempts) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||
| Minimum Password Length--This setting specifies the minimum password length. | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||
| Time without user input before password must be re-entered--This setting specifies the length of time that a device can go without user input before it locks. (Maximum inactivity time lock) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||
| Password Expiration (Days)--This setting enables the administrator to configure a length of time after which a device password must be changed. | Yes | Yes | Yes | Yes | Yes | Yes | |||||
| Enforce Password History--This setting specifies the number of past passwords that can be stored in a user's mailbox. A user cannot reuse a stored password. (Password history) | Yes | Yes | Yes | Yes | Yes | Yes | |||||
| Sync Settings | |||||||||||
| Include past calendar items--This setting specifies the maximum range of calendar days that can be synchronized to the device. The value is specified in days. (Maximum calendar age filter) | Yes | ||||||||||
| Include past e-mail items--This setting specifies the maximum number of days' worth of e-mail items to synchronize to the device. The value is specified in days. (Maximum e-mail age filter) | Seems to work but unsupported | Seems to work but unsupported | Yes | ||||||||
| Limit message size to (KB)--This setting specifies the size beyond which e-mail messages are truncated when they are synchronized to the device. The value is specified in kilobytes (KB). (Maximum e-mail body truncation size, Maximum HTML e-mail body truncation size) | Yes | ||||||||||
| Allow synchronization when roaming--This setting specifies whether the device must synchronize manually while roaming. Allowing automatic synchronization while roaming will frequently lead to larger-than-expected data costs for the mobile device plan. (Require manual synchronization while roaming) | Yes | Yes | Yes | Yes | |||||||
| Allow HTML Formatted Email--This setting specifies whether e-mail synchronized to the device can be in HTML format. If this setting is set to False, all e-mail is converted to plain text. (Allow HTML E-mail) | Yes | Yes | |||||||||
| Allow attachments to be downloaded to the device--This setting enables attachments to be downloaded to the mobile device. (Attachments enabled) | Yes | Yes | Yes | ||||||||
| Maximum attachment size (KB)--This setting specifies the maximum size of attachments that are automatically downloaded to the device. (Maximum attachment size) | Yes | Yes | Yes | ||||||||
| Device--(These Settings Require an Exchange Enterprise CAL) | |||||||||||
| Allow Removable Storage*--This setting specifies whether the mobile device can access information that is stored on a storage card. (Allow storage card) | Yes | ||||||||||
| Allow Camera*--This setting specifies whether the mobile device camera can be used. | Yes | Yes | Yes | ||||||||
| Allow Wi-Fi*--This setting specifies whether wireless Internet access is allowed on the device. | Yes | ||||||||||
| Allow Infrared*--This setting specifies whether infrared connections are allowed to and from the mobile device. (AllowIrDA) | Yes | ||||||||||
| Allow Internet Sharing from the device*--This setting specifies whether the mobile device can be used as a modem for a desktop or portable computer. (Allow Internet Sharing) | Yes | ||||||||||
| Allow Remote Desktop from the device*--This setting specifies whether the mobile device can initiate a remote desktop connection. (Allow Remote Desktop) | Yes | ||||||||||
| Allow Synchronization from a desktop*--This setting specifies whether the mobile device can synchronize with a computer through a cable, Bluetooth, or IrDA connection. (Allow Desktop Sync) | Yes | ||||||||||
| Allow Bluetooth*--This setting specifies whether a mobile device allows Bluetooth connections. The available options are Disable, HandsFree Only, and Allow. | Yes | ||||||||||
| Advanced--(These Settings Require an Exchange Enterprise CAL) | |||||||||||
| Allow Browser*--This setting specifies whether Pocket Internet Explorer is allowed on the mobile device. This setting does not affect third-party browsers installed on the device. | |||||||||||
| Allow Browser*--This setting specifies whether Pocket Internet Explorer is allowed on the mobile device. This setting does not affect third-party browsers installed on the device. | Yes | ||||||||||
| Allow Consumer Mail*--This setting specifies whether the mobile device user can configure a personal e-mail account (either POP3 or IMAP4) on the device. (Allow Consumer Email / Disable POP/IMAP4 email) | Yes | ||||||||||
| Allow Unsigned Applications*--This setting specifies whether unsigned applications can be installed on the device. | Yes | ||||||||||
| Allow Unsigned Installation Packages*--This setting specifies whether an unsigned installation package can be run on the device. | Yes | ||||||||||
| Allowed Applications*--This setting stores a list of approved applications that can be run on the device.(Approved Application List) | Yes | ||||||||||
| Blocked Applications*--This setting specifies a list of applications that cannot be run in ROM. (Unapproved InROM application list) | Yes | ||||||||||
| Legend | |||||||||||
| Policy Compatible with Device | |||||||||||
| Introduced in Exchange ActiveSync 12 (Exchange 2007) | |||||||||||
| Introduced in Exchange ActiveSync 12.1 (Exchange 2007 SP1) | |||||||||||
| (empty) | Not available in Symantec Mobile Management Solution - SP3 | ||||||||||
| * | These Settings Require an Exchange Enterprise CAL | ||||||||||
| Disclaimer: To the best of our knowledge, this matrix describes what each mobile platform supports for Exchange ActiveSync. This data has not been verified to be accurate with all possible device/OS combinations and is intended only as a guideline. | |||||||||||