Exchange 2007 Service pack 1 - Why it's important for Mobile Users

  • Article

Exchange 2007 Service Pack 1 has just been released to the web for Download.   It even made the front page of the latest Technet Magazine which is quite surprising for a Service Pack.

There are many key enhancements in Service Pack 1 however from a mobile perspective there are some very important additions.

With Service Pack 1 we have added 30+ new policies for Exchange Activesync.  These new policies will require a future version of Windows Mobile (similar to System Center Mobile Device Manager 2008) however they can be implemented within your Exchange 2007 environment now ready for when that version becomes available. 

There are 2 different categories of policies - the first set control the Sync, Authentication and Encryption settings.  The second set are really focused on controlling functions on the device.

Sync

Within the Synchronisation setup we have the ability to configure many of the synchronisation options on the device:

Configure message formats (HTML or plain txt)
Include past email items
Email body truncation size
HTML email body truncation size
Include past calendar items (Duration)
Require manual sync while roaming

Authentication

With the device password we can enforce more complexity as well as setting a password expiration and remembering password history

Minimum number of complex characters
Enable password recovery
Allow simple password
Password Expiration (Days)
Enforce password history
Allow Windows file share access
Allow Windows SharePoint access

Encryption

From a security perspective we can control the use of SMIME as well as whether Device Encryption is enforced

Require signed SMIME messages
Require encrypted SMIME messages
Require Signed SMIME algorithm
Require encrypted SMIME algorithm
Allow SMIME encrypted algorithm negotiation
Allow SMIME SoftCerts
Enforce Device encryption

 

As I mentioned previously the second set of policies control much of the device, network and application functionality.

 

Device Control

Disable desktop ActiveSync
Disable removable storage
Disable camera
Disable SMS and any MMS text messaging

Network Control

Disable Wi-Fi
Disable Bluetooth
Disable IrDA
Allow internet sharing from device
Allow desktop sharing from device

Application Control

Disable POP3/IMAP4 email
Allow consumer email
Allow browser
Allow unsigned applications
Allow unsigned CABs
Application allow list
Application block list

 

All of the NEW Exchange Activesync policies are described on the Technet Website in detail HERE

There is also a whole host of documentation for Exchange 2007 Service Pack 1 available:

· What's New in Exchange Server 2007 SP1

· Standby Continuous Replication

· Upgrading Clustered Mailbox Servers to Exchange 2007 SP1

· Monitoring Continuous Replication

· New High Availability Features in Exchange 2007 SP1

· How to Install Exchange 2007 SP1 Prerequisites on Windows Server 2008

· Installing Cluster Continuous Replication on Windows Server 2008

· Installing Single Copy Clusters on Windows Server 2008

· New Client Access Features in Exchange 2007 SP1

· New Transport Features in Exchange 2007 SP1

· New Mailbox Features in Exchange 2007 SP1

· New Unified Messaging Features in Exchange 2007 SP1

· IPv6 Support in Exchange 2007 SP1