Mobile Management Solution - EAS Policy Support by Device

book

Article ID: 179985

calendar_today

Updated On:

Products

Mobile Management

Issue/Introduction

 

Resolution

NOTE: Beginning with Mobile Management 7.2, full device encryption is supported on Android 3.0 and up.  The MDM agent supports enforcing this policy on Android 3.0+.

Active Sync Management Policies by Device -
Mobile Management Solution 7.0 SP3

       
                       
  Policy\Device iPhone iOS2.x iPhone iOS3.x and above Windows Mobile 5 Windows Mobile 6 Windows Mobile 6.1 and above Nokia Mail for Exchange Palm Web OS Google Android <2.2 Google Android =>2.2 Google Android 2.x with HTC Sense
                       
  Features                    
  Remote Wipe--Allows the both an adminsitrator and the user to remotely 'wipe' the device, removing any stored data and configuration. Yes Yes Yes Yes Yes Yes Yes   Yes Yes
                       
  General                     
  Allow non-provisional devices--This setting specifies whether older devices that may not support application of all policy settings are allowed to connect to Exchange 2007 by using Exchange ActiveSync. (Allow non-provisionable devices) Yes Yes Yes Yes Yes Yes        
  Refresh Interval (hours)--This setting defines how frequently the device updates the Exchange ActiveSync policy from the server. (Policy refresh interval) Yes Yes Yes Yes Yes          
  Windows File Shares--This setting enables access to files that are stored on Windows file share (UNC) shares. (UNC file access)       Yes Yes          
  Windows SharePoint Services--This setting enables access to files that are stored in Microsoft Windows SharePoint Services document libraries. (WSS file access)       Yes Yes          
                       
  Password                    
  Require Password--Enables a device password (Password Enabled) Yes Yes Yes Yes Yes Yes     Yes Yes
  Require alphanumeric password--This setting requires that a password contains numeric and non-numeric characters and allows you to specify the required number of characters. (Alphanumeric password required) Yes Yes Yes Yes Yes Yes     Yes Yes
  Enable Password Recovery--When this setting is enabled, the device generates a recovery password that is sent to the server. If the user forgets their device password, the recovery password can be used to unlock the device and enable the user to create a new device password. (Password Recovery)       Yes Yes          
  Require Encryption on the Device--This setting specifies whether device encryption is required. If set to True, the device must be able to support and implement encryption to synchronize with the server. (Require Device Encryption) iPhone,iPad Touch,iPhone 3G do not support encryption Only on iPhone 3GS and above   Yes Yes          
  Require Encryption on the Storage Card encryption--This setting specifies whether the storage card must be encrypted. Not all mobile device operating systems support storage card encryption. For more information, see your device and mobile operating system for more information. (Require storage card encryption) n/a n/a   Yes Yes          
  Allow Simple Password--This setting enables or disables the ability to use a simple password such as 1234. The default value is True. Yes Yes   Yes Yes Yes       Yes
  Number of Failed Attempts Allowed--This setting specifies how many times an incorrect password can be entered before the device performs a wipe of all data. (Maximum failed password attempts) Yes Yes Yes Yes Yes Yes     Yes Yes
  Minimum Password Length--This setting specifies the minimum password length. Yes Yes Yes Yes Yes Yes     Yes Yes
  Time without user input before password must be re-entered--This setting specifies the length of time that a device can go without user input before it locks. (Maximum inactivity time lock) Yes Yes Yes Yes Yes Yes     Yes Yes
  Password Expiration (Days)--This setting enables the administrator to configure a length of time after which a device password must be changed. Yes Yes   Yes Yes Yes       Yes
  Enforce Password History--This setting specifies the number of past passwords that can be stored in a user's mailbox. A user cannot reuse a stored password. (Password history) Yes Yes   Yes Yes Yes       Yes
                       
  Sync Settings                    
  Include past calendar items--This setting specifies the maximum range of calendar days that can be synchronized to the device. The value is specified in days. (Maximum calendar age filter)         Yes          
  Include past e-mail items--This setting specifies the maximum number of days' worth of e-mail items to synchronize to the device. The value is specified in days. (Maximum e-mail age filter) Seems to work but unsupported Seems to work but unsupported     Yes          
  Limit message size to (KB)--This setting specifies the size beyond which e-mail messages are truncated when they are synchronized to the device. The value is specified in kilobytes (KB). (Maximum e-mail body truncation size, Maximum HTML e-mail body truncation size)         Yes          
  Allow synchronization when roaming--This setting specifies whether the device must synchronize manually while roaming. Allowing automatic synchronization while roaming will frequently lead to larger-than-expected data costs for the mobile device plan. (Require manual synchronization while roaming) Yes Yes     Yes         Yes
  Allow HTML Formatted Email--This setting specifies whether e-mail synchronized to the device can be in HTML format. If this setting is set to False, all e-mail is converted to plain text. (Allow HTML E-mail)         Yes         Yes
  Allow attachments to be downloaded to the device--This setting enables attachments to be downloaded to the mobile device. (Attachments enabled)       Yes Yes         Yes
  Maximum attachment size (KB)--This setting specifies the maximum size of attachments that are automatically downloaded to the device. (Maximum attachment size)       Yes Yes         Yes
                       
  Device--(These Settings Require an Exchange Enterprise CAL)
  Allow Removable Storage*--This setting specifies whether the mobile device can access information that is stored on a storage card. (Allow storage card)         Yes          
  Allow Camera*--This setting specifies whether the mobile device camera can be used. Yes Yes     Yes          
  Allow Wi-Fi*--This setting specifies whether wireless Internet access is allowed on the device.         Yes          
  Allow Infrared*--This setting specifies whether infrared connections are allowed to and from the mobile device. (AllowIrDA)         Yes          
  Allow Internet Sharing from the device*--This setting specifies whether the mobile device can be used as a modem for a desktop or portable computer. (Allow Internet Sharing)         Yes          
  Allow Remote Desktop from the device*--This setting specifies whether the mobile device can initiate a remote desktop connection. (Allow Remote Desktop)         Yes          
  Allow Synchronization from a desktop*--This setting specifies whether the mobile device can synchronize with a computer through a cable, Bluetooth, or IrDA connection. (Allow Desktop Sync)         Yes          
  Allow Bluetooth*--This setting specifies whether a mobile device allows Bluetooth connections. The available options are Disable, HandsFree Only, and Allow.         Yes          
                       
  Advanced--(These Settings Require an Exchange Enterprise CAL)
  Allow Browser*--This setting specifies whether Pocket Internet Explorer is allowed on the mobile device. This setting does not affect third-party browsers installed on the device.                    
  Allow Browser*--This setting specifies whether Pocket Internet Explorer is allowed on the mobile device. This setting does not affect third-party browsers installed on the device.         Yes          
  Allow Consumer Mail*--This setting specifies whether the mobile device user can configure a personal e-mail account (either POP3 or IMAP4) on the device. (Allow Consumer Email / Disable POP/IMAP4 email)         Yes          
  Allow Unsigned Applications*--This setting specifies whether unsigned applications can be installed on the device.         Yes          
  Allow Unsigned Installation Packages*--This setting specifies whether an unsigned installation package can be run on the device.         Yes          
  Allowed Applications*--This setting stores a list of approved applications that can be run on the device.(Approved Application List)         Yes          
  Blocked Applications*--This setting specifies a list of applications that cannot be run in ROM. (Unapproved InROM application list)         Yes          
                       
                       
Legend                      
  Policy Compatible with Device
  Introduced in Exchange ActiveSync 12 (Exchange 2007)
  Introduced in Exchange ActiveSync 12.1 (Exchange 2007 SP1)
(empty) Not available in Symantec Mobile Management Solution - SP3
* These Settings Require an Exchange Enterprise CAL
                       
                   
                       
Disclaimer:  To the best of our knowledge, this matrix describes what each mobile platform supports for Exchange ActiveSync.   This data has not been verified to be accurate with all possible device/OS combinations and is intended only as a guideline.