Applications Server

Exchange Server 2010 : Manage Access for Mobile Devices (part 1) - Configure Mobile Device Connectivity

7/10/2011 3:25:16 PM
Exchange comes out of the box with features that allow you to connect mobile devices to compose and read messages and other items. The technology that Exchange uses for mobile device access is called ActiveSync. ActiveSync is based on HTTP and is designed for Internet-based connections. The following types of items can be accessed with mobile devices using ActiveSync:
  • Email messages

  • Calendar

  • Contacts

  • Tasks

When managing mobile device access for Exchange, it's important that you know how to configure access for the devices, how to manage the features and settings that are imposed on the devices, and—since these devices are accessing email primarily over their public cellular-based Internet connection—how to secure and protect the devices and the data that is stored on them.

1. Configure Mobile Device Connectivity

Configuring mobile device connectivity is a straightforward task. Most of the settings are preconfigured out of the box, and will only require a little tweaking if you want to enable or disable certain aspects.

1.1. Enable or Disable Exchange ActiveSync

ActiveSync is enabled by default when the Client Access role is installed. Since it uses HTTP as its protocol, the only firewall ports that need to be opened are port 80 for HTTP or port 443 for HTTPS.


As with most HTTP-based communications, HTTPS provides an extra layer of protection by encapsulating the connection in a Secure Sockets Layer (SSL). Since credentials are exchanged over this protocol, it is highly recommended that you require the use of HTTPS for ActiveSync and disable HTTP without SSL. This is the default configuration on the CAS.

To enable or disable ActiveSync on a CAS, you will need to stop the application pool for the IIS virtual directory that ActiveSync uses. You can use the following steps to enable or disable ActiveSync on an Exchange server:

  1. Open the IIS Manager tool.

  2. In the Console tree, select the Application Pools node.

    The list of available application pools for this server appears in the Results pane in the middle.

  3. Find the application pool called MSExchangeSyncAppPool. This is the application pool for ActiveSync.

  4. Click the MSExchangeSyncAppPool application pool and choose the Stop command from the Application Pool Tasks menu in the Actions pane on the right, as shown in Figure 1. Choosing Stop will disable ActiveSync. Conversely, choosing Start will enable ActiveSync access.

1.2. Enable Mobile Device Access for Users

Mobile device access can also be enabled and disabled on a per-user basis. If you have multiple users and you want only a select few to be able to access email with their mobile devices, you can use the following steps.


ActiveSync is turned on by default for all users. You will need to explicitly turn it off if you don't want to allow mobile device access for a user.

Figure 1. Stopping the ActiveSync application pool

1.2.1. Use the Exchange Management Console to Enable or Disable Mobile Device Access

To enable or disable mobile device access through the EMC:

  1. Open the EMC.

  2. In the Console tree, browse to the Recipient Configuration => Mailbox node.

    The list of mailboxes is displayed in the Results pane.

  3. Click on the mailbox that you want to enable or disable mobile device access for and choose Properties from the Actions pane on the right.

    This will launch the properties dialog box for the recipient that you selected.

  4. Select the Mailbox Features tab.

    The Exchange ActiveSync feature controls mobile device access to the mailbox.

  5. Select the Exchange ActiveSync feature in the list and select either Enable or Disable to allow or disallow mobile device access for this mailbox.

1.2.2. Use the Exchange Management Shell to Enable or Disable Mobile Device Access

To enable or disable mobile device access using the EMS, you will use the Set-CASMailbox command. For example, to enable mobile device access for John Smith, you would use the following EMS command:

Set-CASMailbox "John Smith" -ActiveSyncEnabled $true

Similarly, to disable mobile device access for John Smith, you would use

Set-CASMailbox "John Smith" -ActiveSyncEnabled $false

1.3. Restrict Devices

By default users can synchronize any ActiveSync-capable device with Exchange. However, mobile device settings in Exchange can get very granular. One option that you have is preventing users from connecting with specific devices. You can disable mobile device connectivity for a device by obtaining the device ID.

To obtain the device ID for a user's mobile device, use the Get-ActiveSyncDeviceStatistics command in the Exchange Management Shell. The following command can be used to display the devices used by a user along with the device IDs, model names, and the phone numbers of the devices:

Get-ActiveSyncDeviceStatistics -Mailbox:[alias] | 

ft DeviceModel, DeviceID, DevicePhoneNumber


The device ID for a mobile device can be obtained only after the user has synchronized the device at least once.

After you obtain the device ID, you can add the device to the block list. To do this, you use the Set-CASMailbox command with the ActiveSyncBlockedDeviceIDs parameter. The following command adds John Smith's device ID to the block list:

Set-CASMailbox "John Smith" -ActiveSyncBlockedDeviceIDs 


In a similar manner, you can also block every device except for the device IDs that you deem acceptable. To do this, you would use the Set-CASMailbox command again, but use the ActiveSyncAllowedDeviceIDs parameter instead. If this parameter is not specified as a null value, then every device is blocked expect those listed in this parameter.

Set-CASMailbox "John Smith" -ActiveSyncAllowedDeviceIDs 


If you want to clear the device IDs that are currently in the allowed and blocked lists, run the previous commands, except pass the parameter the $null value instead of the device ID:

Set-CASMailbox "John Smith" -ActiveSyncBlockedDeviceIDs $null
Other -----------------
- Exchange Server 2010 : Manage Web-Based Email Access (part 2) - Configure OWA Features
- Exchange Server 2010 : Manage Web-Based Email Access (part 1) - Configure OWA URLs
- Exchange Server 2003 : Configuring Interoperability with Other SMTP Messaging Systems
- Exchange Server 2003 : Configuring SMTP Security and Advanced Options
- BizTalk Server 2006 Operations : Maintaining the BizTalk Group (part 3) - Restore Procedures
- BizTalk Server 2006 Operations : Maintaining the BizTalk Group (part 2) - Backup Procedures
- BizTalk Server 2006 Operations : Maintaining the BizTalk Group (part 1) - SQL Agent Job Configuration
- BizTalk Server 2006 Operations : Configuration and Management
- Exchange Server 2003 : SMTP Protocol Configuration and Management - Managing SMTP Message Transfer Support
- Exchange Server 2003 : Virtual Servers - Configuring Authentication
- Exchange Server 2003 : Configuring Virtual Server Settings
- Overview of Exchange Server 2003 Virtual Servers
- Microsoft Exchange Server 2003 : Public Folder Security
- Microsoft Exchange Server 2003 : Administering Public Folders
- BizTalk 2010 Recipes : Business Rules Framework - Deploying and Undeploying Policies
- BizTalk 2010 Recipes : Business Rules Framework - Calling the Business Rules Engine from an Orchestration
- BizTalk 2010 Recipes : Business Rules Framework - Calling the Business Rules Engine from dot NET
- BizTalk 2010 Recipes : Business Rules Framework - Creating Custom Fact Retrievers
- BizTalk 2010 Recipes : Business Rules Framework - Setting Rule Priorities
- BizTalk 2010 Recipes: Business Rules Framework - Creating Facts
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Most View
- Windows Phone 7 with Silverlight : Working with the Phone
- Windows 7 : Working with Network Files Offline (part 2) - Changing the Amount of Disk Space Used by Offline Files
- Implementing Windows Vista’s Internet Security and Privacy Features (part 9) - Working with Email Safely and Securely - Maintaining Your Privacy While Reading Email, Setting Up an Email Account with a
- Windows Server : Configuring TS Web Access
- Programming Windows Phone 7 : Silverlight and Dynamic Layout (part 1)
- Performing Administrative Tasks Using Central Administration (part 10) - Site Collections
- Security Management in the Cloud - Availability Management
- Exchange server 2010 : Troubleshooting Tools (part 2)
- SharePoint 2007 : Use Alerts - Manage My Alerts in a Site
- Windows Azure Storage : Message Operations (part 1) - Put Message