Marcus Hass' [MS] Blog

Interesting tidbits about Microsoft Office 365 and other products. Occasional rants about travel, gaming and gadgets.

iPhone and ActiveSync, a security concern

iPhone and ActiveSync, a security concern

  • Comments 1
  • Likes

A couple days ago, Mary Jo speculated that Apple has licensed Microsoft's Active Sync technology which allows iPhone to securely sync with Exchange servers (over its smoke signal speed, EDGE data connection).   Will ActiveSync be out of the box today or an upgrade in the future?  Will it be the reported implementation on the iPhone to connect with Exchange via IMAP?  (IMAP isn't really a concern for most Enterprises since the IMAP service is usually disabled) 

I have no details about this deal, and probably couldn't talk about them anyway if I had inside knowledge, but I am concerned about security.

Here are a few things to consider if Apple has licensed EAS.

  • Most enterprises that use Exchange leave the attributes in AD "on" for Exchange Active Sync (EAS) and Outlook Web Access (OWA) for all users.  That means that if you have an ActiveSync enabled phone, you can usually point it at your Exchange server without any special help from IT.  Typically, this is the same server name as the OWA URL.
  • Exchange and ActiveSync have the ability to push security settings down to the phone, as well as remotely wiping the phone in case of theft or loss.  The first time you sync from the phone, you have to agree to allow the Exchange server to implement security policies.  Most common security settings are to require a PIN or complex password to unlock the phone after 5-15 minutes of inactivity.   In case you misplace your phone, after 15 minute it locks, and 5 wrong passwords wipe the device.
  • The implementation of ActiveSync is up to the licensee, in this case Apple.  So, the question is:  Will Apple implement security policy settings that allow administrators to lock down the phone and wipe them if they are compromised (also deleting potential music)?  If they don't, we may all be writing ADSI scripts to turn off EAS attributes soon....

Guess we will have to wait and see. 

Comments
  • iPhone 2.0 takes care of these security concerns with their ActiveSync implementation.

    However, there are numerious companies having troubles setting up their iPhone to their Windows 2003 Exchange Server.  

    If you are looking for a basic cookbook where you can at least ensure you have the basic done, visit TechnoKOZ:

    http://iphone-activesync.net/?page_id=16

    If you still have troubles after following the cookbook, contact their Technical support hotline.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment