ActiveSync policy settings

ActiveSync policies specify settings to apply to selected ActiveSync devices. ActiveSync devices use the ActiveSync protocol to connect to an ActiveSync server to access a user’s email, calendar, tasks, contacts.

NOTE: MobileIron recommends assigning a MobileIron ActiveSync policy to devices other than iOS, Android, and WP8 devices.

Also, see the following information:

“Working with security policies,” in the MobileIron Core Device Management Guide, for detailed information about security policies.
“Working with policies,” in the MobileIron Core Device Management Guide, for information on general procedures for creating, editing, and applying policies.

To work with ActiveSync policies, from the Admin Portal go to Policies & Configs > ActiveSync Policies.

Figure 1. ActiveSync policy settings

The following table describes the settings for configuring an ActiveSync policy:

Table 1. ActiveSync policy settings description

Item

Description

Default Policy Setting

Name

Required. Enter a descriptive name for this policy. This is the text that will be displayed to identify this policy throughout the Admin Portal. This name must be unique within this policy type.

TIP: Though using the same name for different policy types is allowed (e.g., Executive), consider keeping the names unique to ensure clearer log entries.

Default ActiveSync Policy

Status

Select Active to turn on this policy. Select Inactive to turn off this policy.

Active

Description

Enter an explanation of the purpose of this policy.

 

Password

Password

Select Mandatory to specify that the user must enter a password before being able to access the device. Otherwise, select Optional, which allows the user to determine whether the password will be set.

NOTE: If you intend to use the Lock feature in case the phone is lost or stolen, then a password must be set on the phone. Therefore, specifying a mandatory password is strongly advised.

Optional

Password Type

Specify whether the password should be simple numeric input, be restricted to alphanumeric characters, or have no restrictions (that is, Don’t Care).

Simple

Minimum Password Length

Enter a number between 1 and 10 to specify the minimum length for the password. Leave this setting blank to specify no minimum.

 

Maximum Password Inactivity Timeout

Select the maximum amount of time to allow as an inactivity timeout. The user can then specify up to this value as the interval after which the password must be re-entered.

 

Minimum Number of Complex Characters

Specify the minimum number of special characters that must be included in a password.

 

Maximum Password Age

Select Unlimited or Limited to indicate whether to enforce limits on password age. If you select Limited, specify the numbers of days after which the password will expire.

 

Maximum Number of Failed Attempts

Specify the maximum number of times the user can enter an incorrect password before all access is denied. Select a number between 4 and 16.

 

Password History

Specify the number of passwords remembered to ensure that users define a different password.

For example, if you want to prevent users from repeating a password for the next four password changes, enter 4.

 

Lockdown

Text Messaging

Specify whether to enable text messaging on the phone via ActiveSync.

Enable

POP/IMAP Email

Specify whether to enable email forwarding access on the phone via ActiveSync.

Enable

DesktopSync

Specify whether to enable DesktopSync on the phone.

Enable

HTML Email

Specify whether to enable HTML Email access on the phone.

Enable

Browser

Specify whether to enable browser access on the phone.

Enable

Security

Policy Refresh Interval

Specify the time that should elapse between attempts to synchronize policy settings with the ActiveSync server.

Limited: 0 Days, 0 Hours

Block ActiveSync connection for smartphone when

Select “Per-Mailbox smartphone count exceeds” to block ActiveSync connections if too many devices have the same mailbox. Specify the number of devices to set as the limit. When the limit is exceeded, the last device that attempts to access the ActiveSync server is blocked.

 

Data Encryption

Require Device Encryption

Specifies whether the device should be blocked from accessing the ActiveSync server if the device does not support encryption.

Off

Enable Device Encryption

Specifies whether to automatically turn on encryption if the phone supports it.

Off

Search Mailboxes

Enter a portion of the mailbox ID to find a mailbox.

NOTE: This field is not available for the default ActiveSync policy for Standalone Sentry.

None

Apply to Mailboxes

Apply the policy to the selected mailboxes.

Starting with Standalone Sentry version 4.5, mailboxes configured in an ActiveSync policy only enforce the number of devices set in the Per-Mailbox smartphone count exceeds field.

To manage devices with the ActiveSync policy, you must manually apply the ActiveSync policy to each device.

In earlier versions of Sentry, the ActiveSync policy is automatically applied to devices with mailboxes configured in the policy. The Default ActiveSync Policy is automatically applied to devices that do not have mailboxes configured in an ActiveSync policy.

NOTE: This field is not available for the default ActiveSync policy for Standalone Sentry.

Default not applicable

View number of ActiveSync devices

In the ActiveSync Policies page, the # Phones for an ActiveSync Policy displays the number of devices to which the policy is applied. Since assigning an ActiveSync policy to iOS, Android, and WP8 devices is not recommended, you may only see devices other than iOS, Android, WP8.

Assign an ActiveSync policy

The ActiveSync policy is assigned to a device in the Devices &Users > ActiveSync page.

See also, Assign policy.