ActiveSync policy settings

ActiveSync policies specify settings to apply to selected ActiveSync devices. ActiveSync devices use the ActiveSync protocol to connect to an ActiveSync server to access a user’s email, calendar, tasks, contacts.

Ivanti recommends assigning a ActiveSync policy to devices other than iOS, Android, and WP8 devices.

Also, see the following information:

•“Working with security policies,” in the Ivanti EPMM Device Management Guide for detailed information about security policies.

•“Working with policies,” in the Ivanti EPMM Device Management Guide for information on general procedures for creating, editing, and applying policies.

To work with ActiveSync policies, from the Admin Portal go to Policies & Configs > ActiveSync Policies.

Figure 1. ActiveSync policy settings

The following table describes the settings for configuring an ActiveSync policy:

**Table 26.** ActiveSync policy settings description
Item	Description	Default Policy Setting
Name	Required. Enter a descriptive name for this policy. This is the text that will be displayed to identify this policy throughout the Admin Portal. This name must be unique within this policy type. Though using the same name for different policy types is allowed (e.g., Executive), consider keeping the names unique to ensure clearer log entries.	Default ActiveSync Policy
Status	Select Active to turn on this policy. Select Inactive to turn off this policy.	Active
Description	Enter an explanation of the purpose of this policy.
Password
Password	Select Mandatory to specify that the user must enter a password before being able to access the device. Otherwise, select Optional, which allows the user to determine whether the password will be set. If you intend to use the Lock feature in case the phone is lost or stolen, then a password must be set on the phone. Therefore, specifying a mandatory password is strongly advised.	Optional
Password Type	Specify whether the password should be simple numeric input, be restricted to alphanumeric characters, or have no restrictions (that is, Don’t Care).	Simple
Minimum Password Length	Enter a number between 1 and 10 to specify the minimum length for the password. Leave this setting blank to specify no minimum.
Maximum Password Inactivity Timeout	Select the maximum amount of time to allow as an inactivity timeout. The user can then specify up to this value as the interval after which the password must be re-entered.
Minimum Number of Complex Characters	Specify the minimum number of special characters that must be included in a password.
Maximum Password Age	Select Unlimited or Limited to indicate whether to enforce limits on password age. If you select Limited, specify the numbers of days after which the password will expire.
Maximum Number of Failed Attempts	Specify the maximum number of times the user can enter an incorrect password before all access is denied. Select a number between 4 and 16.
Password History	Specify the number of passwords remembered to ensure that users define a different password. For example, if you want to prevent users from repeating a password for the next four password changes, enter 4.
Lockdown
Text Messaging	Specify whether to enable text messaging on the phone via ActiveSync.	Enable
POP/IMAP Email	Specify whether to enable email forwarding access on the phone via ActiveSync.	Enable
DesktopSync	Specify whether to enable DesktopSync on the phone.	Enable
HTML Email	Specify whether to enable HTML Email access on the phone.	Enable
Browser	Specify whether to enable browser access on the phone.	Enable
Security
Policy Refresh Interval	Specify the time that should elapse between attempts to synchronize policy settings with the ActiveSync server.	Limited: 0 Days, 0 Hours
Block ActiveSync connection for smartphone when	Select “Per-Mailbox smartphone count exceeds” to block ActiveSync connections if too many devices have the same mailbox. Specify the number of devices to set as the limit. When the limit is exceeded, the last device that attempts to access the ActiveSync server is blocked.
Data Encryption
Require Device Encryption	Specifies whether the device should be blocked from accessing the ActiveSync server if the device does not support encryption.	Off
Enable Device Encryption	Specifies whether to automatically turn on encryption if the phone supports it.	Off
Search Mailboxes	Enter a portion of the mailbox ID to find a mailbox. This field is not available for the default ActiveSync policy for Standalone Sentry.	None
Apply to Mailboxes	Apply the policy to the selected mailboxes. Starting with Ivanti Standalone Sentry version 4.5, mailboxes configured in an ActiveSync policy only enforce the number of devices set in the Per-Mailbox smartphone count exceeds field. To manage devices with the ActiveSync policy, you must manually apply the ActiveSync policy to each device. In earlier versions of Sentry, the ActiveSync policy is automatically applied to devices with mailboxes configured in the policy. The Default ActiveSync Policy is automatically applied to devices that do not have mailboxes configured in an ActiveSync policy. This field is not available for the default ActiveSync policy for Standalone Sentry.	Default not applicable

View number of ActiveSync devices

In the ActiveSync Policies page, the # Phones for an ActiveSync Policy displays the number of devices to which the policy is applied. Since assigning an ActiveSync policy to iOS, Android, and WP8 devices is not recommended, you may only see devices other than iOS, Android, WP8.

Assign an ActiveSync policy

The ActiveSync policy is assigned to a device in the Devices &Users > ActiveSync page.