New Mobility Features in Exchange Server 2003 SP2
Topic Last Modified: 2005-10-14
Microsoft® Exchange Server 2003 Service Pack 2 (SP2) offers many new mobility features including Microsoft Exchange ActiveSync®, Exchange direct push technology, remote wipe, global address list (GAL) lookup, and policy provisioning. This article discusses some of the new features in Exchange Server 2003 SP2. For more information about Exchange Server 2003 SP2 features, see Why Try Service Pack 2 for Exchange Server 2003?
Exchange ActiveSync is an Exchange synchronization protocol that is optimized to deal with high latency and low bandwidth networks and also with low capacity clients (low memory, storage, and CPU). The protocol is based on HTTP and XML. Today with Exchange Server, you can configure your ActiveSync-enabled mobile devices to synchronize with the Exchange server mailbox at intervals as frequently as every five minutes.
Benefits of Exchange ActiveSync are:
Exchange ActiveSync is built into Exchange Server so that you do not need additional software or servers.
Exchange ActiveSync gives users a consistent Microsoft Office Outlook® experience across the users' environment.
Exchange ActiveSync does not require any desktop software or connection software.
Exchange ActiveSync does not require special data plans or subscriptions. A user can buy as much data as he or she needs through a standard data plan and can use his or her mobile devices globally.
Based on customer feedback regarding the limitations of using SMS to notify a supported device, we’ve improved the experience in Exchange Server 2003 SP2. The following is being delivered with the new Exchange direct push technology:
A standard data plan is the only subscription you need to have to synchronize with Exchange Server.
It works globally.
No need to deploy additional infrastructure in your Exchange Server environment.
No need for SMS notification or any other “out-of-band” schemes.
No special configuration on the mobile device.
Direct push is enabled by default. The immediate effect of direct push is that you will see an increased number of open connections that the server must handle. This increase in connections puts more pressure on the memory, but not necessarily on the CPU. With the memory improvements in Windows Server™ 2003 SP1, it is recommended that you run Exchange Server 2003 SP2 on this version of the Windows® operating system.
Direct push is designed to minimize the effect to e-mail traffic. For example, the synchronization operations that are performed in direct push are targeted at only those folders that contain changes, so you’re never issuing a lot of empty synchronizations as you would with a scheduled or manual synchronization. There are other optimizations that are performed both by the server and the mobile device.
SecurID is supported by Exchange ActiveSync. However, for every request that goes to the server, you need to re-enter the SecurID key. This requirement effectively prevents using direct push or scheduled synchronization because, in these instances, the mobile device should be synchronizing without user intervention.
The Microsoft Exchange ActiveSync Mobile Administration Web tool enables the remote wipe feature added in SP2. This tool enables administrators and help desk professionals to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices. After the remote wipe has been completed, the administrator receives an acknowledgement that the mobile device has been wiped. The ability to perform a remote wipe is useful when an end user loses his or her mobile device, or if the device is stolen and there is a risk that personal or confidential information could be accessed.
This feature is enabled over a Web application that is restricted to Exchange Administrators by default. Other individuals can be added as required. Using this Web application, you can perform the following tasks:
View a list of all mobile devices that are being used by any enterprise user.
Send or cancel remote wipe commands to mobile devices.
View the status of pending remote wipe requests for each mobile device.
View a transaction log that indicates which administrators have issued remote wipe commands, in addition to the mobile devices those commands pertain to.
Delete an old or unused partnership between devices and users.
The Microsoft Exchange ActiveSync Mobile Administration Web tool is available from the Exchange Server 2003 Tools download center at Tools for Exchange Server 2003.
With Exchange Server 2003 SP2, you can receive contact properties for individuals in the global address list (GAL) from your approved mobile device. By using these properties, you can quickly search for a person and obtain the information that you need to be able to connect with your contact.
A good way to perform a lookup is to use alias, display name, first name, or last name. The number of results is limited to one hundred items; therefore, you should ensure that your queries are well scoped.
The search query is a string that can denote different Active Directory® directory service properties such as display name, office, alias, and first name. The query string is then used on the server to do a prefix search on ambiguous name resolution (ANR) indexable properties for all the mail-enabled objects on the Exchange server. The objects whose ANR indexable properties match the search query are returned as the response results.
The response provides 10 non-customizable properties as follows: first name, last name, display name, office location, title, company, office telephone, mobile phone, alias, and e-mail address.
There are no special requirements or steps to have this feature working. GAL lookup is installed and enabled by default and cannot be turned off.
Previously, there was not a solution for enforcing passwords using Exchange Server. In SP2, this capability is now provided by configuring a central policy to enforce a password on the mobile device.
After you enable the policy, you can configure the following device security options:
- Minimum password length (characters) This option specifies the length of the password for the device. The default is four (which is also the minimum length). You can specify up to 18 characters.
- Require both numbers and letters This option determines password strength. You can enforce usage of a character and/or symbol in the password.
- Inactivity time (minutes) This option determines how long the device needs be inactive before the user is prompted for the password.
- Wipe device after failed (attempts) This option lets you specify whether you want the device memory wiped after multiple failed logon attempts.
- Refresh settings on the device (hours) This option forces the mobile device to verify and re-download the policies at set intervals.
- Allow access to devices that do not fully support password settings This option permits you to specify whether devices that do not fully support the device security settings are able to synchronize with the Exchange Server.
- Exceptions You can specify users who are exempt from the configured settings by adding the users to the Device Security Exceptions List.
For more information about how to use the policy from the user interface in Exchange System Manager, as well as for other mobility-related tasks, see the updated Exchange Server 2003 SP2 Help (installed with Exchange Server 2003 SP2).