Windows Phone 8

Exchange ActiveSync
Overview
This white paper is part of a series of technical papers designed to help IT professionals evaluate
Windows Phone 8 and understand how it can play a role in their organizations. It discusses and
contains information regarding Windows Phone 8 mobile device management via Exchange
ActiveSync.

v1.1 December 2012

Legal Disclaimer

2012 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and

views expressed in this document, including URL and other Internet Web site references, may change
without notice. You bear the risk of using it.
This document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes.

Published: December 2012

Windows Phone 8 Exchange ActiveSync Overview

TTable of contents
Windows Phone 8 Exchange ActiveSync Overview

Introduction

Email and access policy management with Exchange

Supported Exchange ActiveSync policy settings

Supported Exchange ActiveSync features by Exchange Server version

Modifying an Exchange ActiveSync policy

Resources

Windows Phone 8 Exchange ActiveSync Overview

Introduction
Windows Phone provides the ability to manage Windows Phone 8 devices through
Microsoft Exchange ActiveSync (EAS) with Exchange Server for email and access
policy management. This paper provides an overview of Windows Phone
supported Exchange ActiveSync policy settings as well as Windows Phone
supported Exchange ActiveSync features for various versions of Exchange Server.
This paper also provides a brief procedural overview of how to enter the Exchange
Management console to set an EAS policy setting.

Email and access policy

management with Exchange
Windows Phone 8 supports the Exchange ActiveSync protocol for synchronizing
email, calendar, task, and contact information with Exchange Server (Exchange
Server 2003 SP2 and later) or Microsoft Office 365.

Supported Exchange ActiveSync policy

settings
Similar to Group Policy settings for PC operating systems, EAS provides the ability
to manage Windows Phone through the use of security-related policies that are
configured by an organizations IT department. EAS security-related configuration
policy settings that can be managed by using Exchange Server include those
shown in the following table.
Policy setting

Description

AllowSimpleDevicePassword

The AllowSimpleDevicePassword setting

specifies whether a simple device password is
allowed. A simple password is one consisting
only of repeated "2222" or sequential abcd"
characters. The default is $true.

AlphanumericDevicePasswordRequired

The AlphanumericDevicePasswordRequired
setting specifies whether the password for the
mobile phone must be alphanumeric. The
default is $false.

Windows Phone 8 Exchange ActiveSync Overview

Policy setting

Description

DevicePasswordEnabled

The DevicePasswordEnabled setting specifies

whether a password is required. When set to
$true, DevicePasswordEnabled requires that
the user set a password for the mobile phone.
The default is $false.

DevicePasswordExpiration

The DevicePasswordExpiration setting

specifies the length of time, in days, that a
password can be used. After this length of time,
a new password must be created. The format of
the setting is dd.hh.mm:ss; for example,
24.00:00 = 24 hours.

DevicePasswordHistory

The DevicePasswordHistory setting specifies

the number of previously used passwords to
store. When a user creates a new password, the
user can't reuse a stored password that was
previously used.

IrmEnabled

The IrmEnabled setting specifies whether IRM

is enabled for the mailbox policy.

MaxDevicePasswordFailedAttempts

The MaxDevicePasswordFailedAttempts
setting specifies the number of attempts a user
can make to enter the correct password for the
mobile phone before a device reset to factory
settings is initiated. You can specify any
number from 4 through 16. The default is 8.

MaxInactivityTimeDeviceLock

The MaxInactivityTimeDeviceLock setting

specifies the length of time that the mobile
phone can be inactive before the password is
required to reactivate it. You can specify any
interval between 30 seconds and 1 hour. The
default is 15 minutes. The format of the setting
is hh.mm:ss; for example, 15:00 = 15 minutes.

Windows Phone 8 Exchange ActiveSync Overview

Policy setting

Description

MinDevicePasswordComplexCharacters

The MinDevicePasswordComplexCharacters
setting specifies the number of character
groups that are required to be present in the
password. The character groups are defined as:
Lower case alphabetical characters
Upper case alphabetical characters
Numbers
Non-alphanumeric characters
For example, if the value of
MinDevicePasswordComplexCharacters is 2, a
password with both upper case and lower case
alphabetical characters would be sufficient, as
would a password with lower case alphabetical
characters and numbers.

MinDevicePasswordLength

The MinDevicePasswordLength setting

specifies the minimum number of characters in
the device password. You can specify any
number from 1 through 16. The maximum
length a password can be is 16 characters. The
default is 4.

RequireDeviceEncryption

The RequireDeviceEncryption setting specifies

whether encryption is required on the device.
Once set, device encryption automatically
begins on the internal storage of the phone.
The default is $false.

RemoteWipe

Deletes data on the user data partition and

resets the phone to default settings.

Windows Phone 8 Exchange ActiveSync Overview

Policy setting

Description

AllowNonProvisionableDevices

AllowNonProvisionableDevices is a server
enforced setting that specifies whether all
mobile phones can synchronize with the server
running Exchange. When set to $true,
AllowNonProvisionableDevices enables all
mobile phones to synchronize with the
Exchange server, regardless of whether the
phone can enforce all the specific settings
established in the Exchange ActiveSync policy.
This also includes mobile phones managed by a
separate device management system. When set
to $false, this setting blocks mobile phones that
aren't provisioned from synchronizing with the
Exchange server. The default is $false.

Additionally, the following EAS policy setting is supported when managing devices
with Microsoft System Center Configuration Manager.
Policy setting

Description

AllowStorageCard

The AllowStorageCard setting specifies

whether the mobile phone can access
information stored on a storage card. The
default is $true.

Supported Exchange ActiveSync features by

Exchange Server version
While Windows Phone 8 was designed to support the latest EAS features, previous
versions of Exchange Server may not support all EAS features that are supported
by Windows Phone. The following table outlines supported features by Exchange
Server version.
Exchange ActiveSync
feature

Exchange
Server 2007

Exchange
Server 2010

Exchange
Server 2013

Direct Push

Yes

Yes

Yes

Email sync

Yes

Yes

Yes

Calendar sync

Yes

Yes

Yes

Windows Phone 8 Exchange ActiveSync Overview

Exchange ActiveSync
feature

Exchange
Server 2007

Exchange
Server 2010

Exchange
Server 2013

Contacts sync

Yes

Yes

Yes

Remote wipe

Yes

Yes

Yes

Sync multiple folders

Yes

Yes

Yes

128-bit SSL encrypted

Yes

Yes

Yes

User-initiated remote wipe

Yes

Yes

Yes

Link access

Yes

Yes

Yes

HTML mail

Yes

Yes

Yes

GAL lookup

Yes

Yes

Yes

Follow-up flags

Yes

Yes

Yes

Meeting attendee

Yes

Yes

Yes

Autodiscover

Yes

Yes

Yes

Bandwidth reductions

Yes

Yes

Yes

Reply state

No

Yes

Yes

Nickname cache

No

Yes

Yes

Block/Allow/Quarantine list

No

Yes

Yes

Allow attachment download

No

Yes

Yes

256-bit SSL encrypted

No

Yes

Yes

transmission

information

transmission

Windows Phone 8 Exchange ActiveSync Overview

Modifying an Exchange ActiveSync policy

Policies can be applied to specific users or to a set of users, allowing administrators
the flexibility of having separate policies and settings for different users. A user can
be assigned to only one ActiveSync mailbox policy.
If you add a user to an Exchange ActiveSync mailbox policy while that user is a
member of another Exchange ActiveSync mailbox policy, that user is removed from
the original mailbox policy and added to the new one.

Modifying an Exchange ActiveSync policy by using the Exchange

Management Console
To modify a policy using the management console, complete the following steps.
The user account performing the actions must be delegated the Exchange
Organization Administrator Role. This is because Exchange ActiveSync policies are
configured at the Exchange Organizational level:
1.

In the console root of the Exchange Management Console, expand the

Organization Configuration node.

2.

In the result pane, click Client Access.

3.

In the work pane, click the Exchange ActiveSync mailbox policy that you
want to change.

4.

In the action pane, click Properties.

5.

In the Exchange ActiveSync mailbox policy properties window, configure

the settings for the Exchange ActiveSync mailbox policy, and then click OK
to accept your changes.

Modifying an Exchange ActiveSync Policy using the Exchange

Management Shell
The following procedures can be used to modify an Exchange ActiveSync policy by
using the Exchange Management Shell.
In this policy example, we allow nonprovisionable devices, allow simple device
passwords, require alphanumeric passwords, allow attachments, do not enable
device encryption, require device passwords, set an expiration of device passwords,
set password history limitations, and set the policy refresh interval.

Windows Phone 8 Exchange ActiveSync Overview

1.

On the Start menu, click All Programs, click Microsoft Exchange Server,
and then click Exchange Management Shell.

2.

Enter the following at the Exchange command line:

Set-ActiveSyncMailboxPolicy -Identity MyPolicy -AllowNonProvisionableDevices
$true -AllowSimpleDevicePassword $true -AlphanumericDevicePasswordRequired
$true -AttachmentsEnabled $true -DeviceEncryptionEnabled $false
-DevicePasswordEnabled $true -DevicePasswordExpiration 12
-DevicePasswordHistory 20 -DevicePolicyRefreshInterval 00:60:00

Where MyPolicy is the name of the policy you wish to modify.

Resources
For more information about all the aspects of using Windows Phone in your
company, see Windows Phone for Business (http://www.windowsphone.com/enUS/business/for-business).
To learn more about EAS policy management and managing Windows Phones,
additional information is available in the following articles:

Managing Exchange ActiveSync Devices at

http://technet.microsoft.com/en-us/library/aa998933.aspx

Exchange ActiveSync at
http://technet.microsoft.com/en-us/library/aa998357

Windows Phone 8 Exchange ActiveSync Overview