I have spoken with a number of people who have ActiveSync running on their Exchange Servers, where they can access the server directly from the internet. I’m not a fan of having servers on the LAN available from the internet, but the pressure to deploy the access this is often overlooked. Especially as the Microsoft IAG and UAG solutions will allow you to reverse proxy the ActiveSync connection, eliminating the need for a direct connection to the Exchange server.
Ensure the handset you have has a level of encryption on it, as the company can be subject to hefty fines from the ICO, if personal data is not encrypted. Apple iPhones have AES 256-bit hardware encryption to protect the data at rest. The Nokia E-series that I have investigate have encryption on both device and storage memory.
Although as this is protecting data at rest, ensure there is at least a password on the device, or there is no point having the encryption. Enforcing password on the device, and comprehensive password policies can be created on from the Exchange server.
- Ensure ActiveSync is configured and running on the Exchange server, with the relevant password, encryption and wipe policies. Assign the access to the users who should be able to access it, taking care to remove access from everyone else (so they are unable to connect up unauthorised or personal mobile devices).
- Configure an ActiveSync portal on IAG, or create a portal for ActiveSync on UAG.
- Ensure all the Exchange server settings are entered correctly.
- Apply a real SSL certificate to the portal, as some mobile devices will not allow you to except a self signed SSL certificate.
- Publish the portal.
- Test the ActiveSync by defining the server name, domain/username and password here: https://testexchangeconnectivity.com/
- Expect it to fail on the OPTIONS section, but everything else should pass.
- Configure your device to point to the newly created portal.
- Allow device to synchronise and enjoy emails on your mobile device!
