Configuring Exchange Server for Direct Push
- Open Exchange System Manager and navigating through the console tree to Global Settings -> Mobile Services.
- Right click on the Mobile Services container and select Properties.
Figure A: The Mobile Services properties sheet.
- The first checkbox on the list is an option to allow user-initiated synchronization. This permits users to synchronize their mobile devices manually, if necessary, using the older SMS-based technology.
- The next option is "Enable Up to Date Notifications via SMTP and Text Messaging." This is the checkbox that enables .AUTD notifications. When using Direct Push, you do not need to select this checkbox.
- The third checkbox is "Enable Notifications to User Specified SMTP Addresses." This checkbox is designed for use with the older AUTD technology and is not needed when using Direct Push. (The purpose of this feature is to let you send AUTD notifications directly to a mobile device's SMS address -- even if Exchange Server has not been configured to work with the mobile carrier that's associated with the device.)
- The last option in the Exchange ActiveSync section allows you to enable Direct Push over HTTPS. You must select this checkbox for Direct Push to work.
I have taken the time to explain what the non-Direct Push options do because many organizations contain a mixture of older and newer mobile devices. You may find that not all mobile devices support Direct Push and that you have to use Direct Push alongside AUTD in order to support all of your mobile users.
- Now click the Device Security button to view the Device Security Settings dialog box shown in Figure B. One of the benefits of Direct Push technology is that it allows you to enforce a security policy on your mobile devices. This dialog box is where you configure the security policy for mobile users.
Figure B: The Device Security dialog box.
It is important to note that Exchange Server 2003 uses the same security policy for every mobile user. Microsoft has changed this in Exchange Server 2007 though. Exchange Server 2007 allows you to configure mobile device security settings on a per-user basis.
Exchange Server 2003 doesn't allow you to configure per-user mobile device security policies the way that Exchange Server 2007 does. But if you look again at Figure B, you will notice an Exceptions button. Clicking this button allows you to enter a list of users that you want to make exempt from the security policy. As a general rule though, making any user exempt is a bad idea from a security standpoint.
- In the Device Security dialog box, select the Enforce Password on Device checkbox.
Other security settings that you can configure include the Minimum Password Length (Characters) and the Require Both Numbers and Letters options are self-explanatory, but the other settings are not quite as obvious if you have not been briefed on Direct Push's security capabilities.
Below is a list of the remaining security settings and their functions:
- Inactivity Time (minutes) automatically locks mobile devices after the specified period of inactivity.
- Wipe the Device After Failed (Attempts) safeguards against brute force attacks on lost or stolen devices. If someone repeatedly enters an incorrect password, the mobile device will perform a hard reset and be returned to its factory default settings. The administrator can specify the number of failed password attempts allowed before the device "wipes" itself.
- Refresh Settings on the Device (Hours) forces mobile devices to periodically check Exchange Server for changes to the mobile security policy.
- Allow Access to Devices that do not Fully Support Password Settings allows users to use mobile devices, even if they lack the necessary software to allow security to be enforced.
TUTORIAL: MICROSOFT EXCHANGE DIRECT PUSH TECHNOLOGY
Part 1: How Microsoft Exchange Direct Push technology works
Part 2: Configuring Direct Push technology on Exchange Server 2003 SP2
Part 3: Configuring Direct Push technology on Windows Mobile devices
|ABOUT THE AUTHOR:|
Brien M. Posey, MCSE|
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
Great article Brien, as usual, however I do have a question. When I checked the Mobile Device Settings I didn't get the boxes you've listed. Under Exchange ActiveSync, these are the checkboxes I see:
Also there's no Device Security button. Why is that?
I'm not sure. I've never seen options omitted from this screen before.
Brien Posey, contributor
This was first published in August 2007