Exchange Server 2007 offers native support for remotely wiping ActiveSync mobile devices. This capability required...
an add-on to Exchange Server 2003 and the final result was not nearly as polished and easy to use as it is in Exchange 2007. This tip from Microsoft Exchange Server expert William Schmied explains how to perform a remote wipe on ActiveSync mobile devices.
The best part of Exchange 2007's remote wipe capability is that it puts the mobile device responsibility in the hands of their end users. Using either Exchange Management Console (EMC) or Outlook Web Access (OWA), users can manage their ActiveSync mobile devices.
Managing ActiveSync devices in the EMC
ActiveSync device management is built right into Exchange Management Console (EMC). When you select a mailbox that has an ActiveSync device associated with it, click the Manage Mobile Device option in the Action area to open the Manage Mobile Device dialog box (Figure 1).
The Manage Mobile Device dialog box offers basic information about the ActiveSync device, such as its last synchronization time, the wipe status of the device and the device's recovery password. From this screen, you can either remove the ActiveSync device from the Exchange mailbox or perform a remote wipe of the device. After performing the remote wipe, you must remove the device's partnership so it can be used again with this mailbox. It is best practice, however, to remove the device regardless of your future intentions. Figure 2 shows what the Manage Mobile Device dialog box will look like after the remote wipe command has been issued.
Managing ActiveSync devices from OWA
Managing and wiping ActiveSync devices from within Outlook Web Access is even simpler than using the EMC. When an ActiveSync mobile device is associated with a mailbox, the Mobile Devices item becomes available in the Options menu at the top of the OWA interface (Figure 3).
Figure 3. The Mobile Devices menu option in OWA.
Selecting Mobile Devices displays the Mobile Devices page (Figure 4). This page lists all of the same options you see when using the EMC, and users can get their recovery password, remove the ActiveSync device or perform a remote wipe from this page.
Clicking Wipe All Data from Device starts the remote wipe process. The command is processed after the choice is confirmed. Figure 5 shows the Mobile Devices page after the wipe has occurred. The user is instructed to remove the ActiveSync device from the list if they want to configure it for use on this mailbox again. However, as is the case in the EMC, it's recommended to remove the device from the list each time.
Exchange Server 2007 puts the power to manage ActiveSync devices where you want it: in your users' hands. As part of the standard training and policy acceptance that goes along with issuing an ActiveSync device to a user, be sure to emphasize the self-management capabilities found in the EMC and OWA. You should also make sure that your users understand that they should immediately issue a remote wipe command for any lost mobile devices. If too much time passes, the device may be taken out of network coverage and the remote wipe command will fail -- potentially allowing an unauthorized person to gain access to data on the device.
About the author: Will Schmied is a senior systems administrator for a world renowned children's research hospital. He holds numerous Microsoft MCITP, MCTS and older certifications and has been involved with Exchange and Blackberry for many years. He has also been actively involved with the certification and training side of IT for many years, writing or contributing to several dozen books and also by founding the popular certification portal, MCSE World. Having passed the reigns to a good friend from down under, Will maintains a much smaller presence today with his blog, Tales of a System Administrator.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.