This article can also be found in the Premium Editorial Download "Exchange Insider: Help with Office 365, mobile devices, Exchange security."
Download it now to read this article plus other related content.
Many Exchange customers have upgraded to Exchange 2010 already; however, a large percentage of on-premises deployments are still on Exchange 2007 or earlier. That install base has an interesting
Exchange Server has paved the way for mobile device support. Exchange Server 2010 is extremely feature-rich, so organizations currently running Exchange 2010 on-premises have certain expectations regarding mobile device support in the cloud. The question is: Will Office 365’s Exchange Online component meet enterprise hopes?
Supported mobile devices in Exchange Online
Exchange Online supports three mobile device operating systems: Windows Phone 7.5, other Exchange ActiveSync devices and BlackBerry smartphones. The other ActiveSync category includes the following OSes:
- Windows Mobile 6.x
- Windows Mobile 7
- iOS (iPhone/iPad)
- Nokia Symbian
- Android 2.0
- Palm OS
Even though Motorola and Sony Ericsson are listed as supported phones for Exchange 2010 ActiveSync, they are not listed on the Exchange Online documentation as supported devices. Check with the device manufacturer to verify its product is compatible with Exchange Online. In many cases, IMAP4 and POP3 can be used as alternatives to ActiveSync for incompatible devices.
Of the supported mobile devices, the following features will work (with a few exceptions):
- Direct Push
- Email sync
- Calendar sync
- Contacts sync
- Tasks sync*
- Remote wipes
- Sync multiple folders
- Global address list lookup
- SSL encrypted transmission
- Pin reset*
*Windows Mobile 7, iOS and Android 2.0 cannot perform Task sync; Windows Mobile 6.x cannot perform AutoDiscover.
ActiveSync compatibility. The “Microsoft Exchange Online for Enterprises Service Description” document provides insight into feature parity between the cloud and on-premises Exchange. Table 1 shows a subsection of a features comparison available in ActiveSync.
|Exchange mobility||Exchange 2010 SP1||Exchange Online|
|Windows Phone 7 devices||Yes||Yes|
|Windows Mobile devices||Windows Mobile 5.0+||Windows Mobile 6.0+|
|Other Exchange ActiveSync devices such as iPhone||Yes||Yes|
|Remote device wipe (implementation varies by mobile device manufacturer)||Yes||Yes|
|Customize Exchange ActiveSync security policies and settings, including PIN and password lock||Yes||Yes|
|Disable Exchange ActiveSync access||Yes||Yes|
|Mobile device allow, block, quarantine||Yes||Yes|
|Certificate-based authentication for Exchange ActiveSync||Yes||No|
|Over-the-air-update for Outlook Mobile||Yes||Yes|
|Mobile SMS sync through Exchange ActiveSync||Yes||Yes|
|SMS (text messaging) notifications||Yes||Yes|
Table 1. Exchange mobility on-premises vs. Exchange Online
Based on the service descriptions, there is a strong feature loyalty between Exchange Online and Exchange 2010 on-premises for mobile devices that use ActiveSync. However, not all Exchange environments use ActiveSync.
BlackBerry Enterprise Server compatibility. In the first release of Exchange Online, Microsoft supported Blackberry devices as an additional subscription. BlackBerry Enterprise Server (BES) installments were hosted as part of the infrastructure and Research in Motion (RIM) built in custom administrative tools to manage BES and BlackBerry users. Exchange Online for Office 365 has evolved somewhat.
RIM provides BlackBerry devices access to Exchange Online mailboxes, free of charge, using two services. Blackberry Internet Service (BIS) is available for Exchange Online subscribers and will push email to BlackBerry devices. It will not, however, support calendar and contact synchronization. BIS users can sync using a wired connection.
A more robust option, the recently announced BlackBerry Business Cloud Services, is a hosted version of BES. Functionality-wise, it is closer to BES Express because it doesn’t have all the security features as its on-premises counterpart. The free subscription includes the features listed here:
- Email reconciliation
- Email filters
- Email-message forwarding
- Out-of-office reply
- Contact lookups
- Contact list updates
- Send attachments**
- Download attachments
- Save Sent items
- Personal distribution lists
- Personal folders*
- Follow-up flag
- Personal contact subfolder
- Calendar entry forwarding
- Availability of meeting invitees
- Email with rich content
- Sync schedule with Outlook
- Gal integration
- Remote device wipe
- Web-based administration
- Policy management
- Self-service portal
*BlackBerry 5.0 or later
** 3 MB max per attachment, 5 MB max per email
Exchange Online mobile device setup and management
Administrative tools for Exchange Online differ significantly from on-premises administrative tools, so much of the step-by-step documentation is found as self-help information online. In the case of configuring a mobile device for Exchange Online, a Mobile Phone Setup Wizard is available to help admins find the correct step-by-step procedures.
More on Office 365
Once you’ve selected the phone or device OS, the wizard will ask if you want to set up the device for Exchange ActiveSync or IMAP/POP and will provide detailed steps for the option you choose. A video demonstration is also available to show how to perform the steps and find prerequisite information.
Creating a mobile device security policy
Security conscious enterprises with compliance policies are concerned not only with what a mobile device can do, but also about what it won’t do -- and how administrators can prevent the device from becoming a weak security link.
End users who connect mobile devices to Exchange Online have to accept the ActiveSync Device Policy that the admin assigns to their mailbox. If no policy is defined, the Default policy will be applied. ActiveSync device policies help administrators enforce defined mobile device polices. Administrators must have a solid understanding of the devices that are being used in their environments and which policy settings can and cannot be enforced on specific devices. It’s important to check the detailed comparison of Exchange ActiveSync clients and the policy settings they support.
Microsoft also offers step-by-step instructions for creating a new ActiveSync Device policy in Exchange Online. Some ActiveSync Mobile Device Policy settings are not configurable in Exchange Online, as shown in Table 3.
|Allow consumer mail|
|All desktop sync|
|Allow Internet sharing|
|Allow IRM over Exchange ActiveSync|
|Allow Mobile OTA update|
|Allow POP/IMAP email|
|Allow remote desktop|
|Allow S/MIME encryption algorithm negotiation|
|Allow S/MIME software certificates|
|Allow unsigned applications|
|Allow unsigned installation packages|
|Approved application list|
|Unapproved InROM application list|
|Maximum HTML email body truncation size|
|Maximum email body truncation size|
|Require encrypted S/MIME messages|
|Require signed S/MIME algorithm|
|Require signed S/MIME messages|
Table 3. Additional Exchange on-premises ActiveSync Device Policy Settings
Does Exchange Online have what enterprises need?
Exchange organizations make up the largest subscriber base in the Microsoft Office 365 cloud. There is a good chance that organizations running Exchange on-premises will consider a full or partial transition to Exchange Online. The decision to go all-in to the cloud may come down to a combination of feature and compliance requirements.
Exchange Online’s feature set could pave the way for a smooth transition. But if, after performing a full needs assessment, you determine Exchange Online is missing something your enterprise requires, don’t discount the cloud completely. Microsoft Office 365’s Exchange Online allows a high-fidelity coexistence strategy that can give an enterprise the best of both worlds.
ABOUT THE AUTHOR
Richard Luckett is the President of SYSTMS of NY Inc. Richard is a Microsoft Certified Trainer with more than ten years Exchange Server instructional experience. He is a three-time Exchange MVP. Richard is an accomplished author and speaker who authored Administering Exchange 2000 Server and The Complete Reference: Microsoft Exchange 2007 SP1, both by McGraw-Hill. He is also the course director of seven best-selling Exchange courses for Global Knowledge, Inc.
This was first published in February 2012