Smartphone management with Microsoft products

On a Leash

Protocol

If you access a user's settings (e.g., in the Exchange Control Panel), you will find all the important ActiveSync settings in Phone & Voice Features . You can modify the Exchange ActiveSync policy and see the devices to which a user is already connected (Figure 5).

Figure 5: Checking the settings for a user.

In this area, you can select Details to view the properties of the connected devices. Administrators see when the user synchronized for the first time and when the last sync occurred. Also, the current access status and the active policy can be seen at this point.

Devices can be enabled in this section using Allow or locked out of ActiveSync using Block . The effect is the same as the settings for ActiveSync access in the Exchange Control Panel. Create a rule for similar devices opens the same window for creating ActiveSync device policies as in the direct settings via ActiveSync Access . Finally, Wipe device deletes the data on the device.

Just as administrators can manage their users' iPhones and other smartphones, the users can do this for themselves as well. To do so, they launch the Outlook Web App (OWA), if this function is available on the Internet. Once users are logged on to OWA, they will find the Options menu for their mailbox at the top right. The management functions are in Phones  | Mobile Phones , then select your device.

Selecting Display Recovery Password displays the password for which the phone prompts the user if it is locked by Exchange because of incorrect password entry attempts. However, this lock and the ability to display the password in OWA must first be activated in the Exchange ActiveSync mailbox policies and assigned to the user. Only then can the user view the recovery password.

Resetting Mobile Devices

In Exchange ActiveSync you can see all mobile devices that synchronize with the mailbox, as well as detailed information for the connection. The Wipe Device button lets the user wipe the smartphone the next time it connects to the Exchange server. Administrators can start the wipe action via the context menu of the user's mailbox by selecting Manage mobile phone .

iPhones or Android phones can connect with Exchange server using ActiveSync technology just as easily as the Windows Phone 8. Corresponding applications are preinstalled or can be easily installed. Older versions of Android do not support security policies or secure login and cannot synchronize with Exchange calendars. However, with most Android phones, you can easily synchronize the Inbox via Exchange ActiveSync. This approach also works in the standard version without any vendor changes.

Companies that use Exchange internally, would be wise to use only smartphones that support Exchange ActiveSync. For example, synchronization is much faster, more stable, and above all more reliable; no mail is lost, and users can also sync with multiple devices. From version 2.2 onward, users and administrators can also remotely wipe lost devices. Android phones need at least version 2.2 to sync Exchange calendars.

Conclusions

Companies that use smartphones from different vendors to connect to their own infrastructure and that want a Microsoft-friendly solution can either rely on the Windows Intune cloud service, the System Center Configuration Manager 2012 management solution, or Exchange. The three products also work well together. Although Microsoft has integrated the management interface of Windows Intune with System Center Configuration Manager, many different management tools are needed to connect smartphones to Exchange or Microsoft networks. Additionally, only Windows Phone devices and iPhones can be managed in a more or less meaningful way. Android devices in particular are currently not optimally supported.

Unfortunately, no useful Microsoft server solution can currently integrate and manage smartphones centrally. The functions of the now defunct System Center Mobile Device Manager 2008 may have been integrated into System Center Configuration Manager 2012, but this functionality does not add any real value for administrators. Moreover, neither SCCM nor Windows Intune actually focus on smartphones and tablets; rather, they manage notebooks, workstations, and other endpoints. Smartphone integration is just a bonus. Companies that want to manage smartphones securely will thus find the process difficult without products like MobileIron or Good for Enterprise, which must be licensed, set up, and managed separately.

Infos

  1. "System Center 2012 SP1: What's New" by Thomas Joos, ADMIN , 2013, No. 15, pg. 64
  2. App for Windows Phone: http://go.microsoft.com/fwlink/?LinkId=268460
  3. iPhone configuration program: http://www.apple.com/support/iphone/
  4. Exchange and ActiveSync: http://itstreaming.apple.com/podcasts/iphoneinbusiness/ds/iPhone_EAS.pdf

The Author

Thomas Joos is a freelance IT consultant and has been working in IT for over 20 years. In addition to his projects he also writes hands on books and papers on Windows and other Microsoft topics. Online you can meet him on http://thomasjoos.spaces.live.com.

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus