MSFP Features

  • Article

6/2/2010

MSFP adds security and direct push capability to a device. When used with Exchange ActiveSync 4.1 or later, it enables Outlook® Mobile users to stay connected to Personal Information Manager (PIM) data and E-mail in their work environments.

MSFP includes the following features:

  • The direct push technology is a synchronization feature in which the client establishes an HTTP connection with the Exchange Server and then waits for change or status notification from the server. Exchange ActiveSync, a synchronization protocol on the server, uses this connection to issue notifications to the client. E-mail, calendar, contacts, and tasks are kept current with immediate delivery of data from the user’s Exchange mailbox.
  • User access to the Global Address List (GAL) that is stored on Microsoft Exchange Server 2003 Service Pack 2.
  • New security features, such as:
    • Password enforcement supports the Exchange Server requiring a minimum password length and pin for sign-on.
    • Local data wipe helps protect device data unauthorized entry to the device by automatically resetting the data when the password is entered incorrectly a specified number of times
    • Remote policy enforcement helps IT staff remotely manage and enforce corporate IT policies over the air using the Exchange System Manager; for example, requiring a PIN password for every device.
    • Remote device wipe helps protect device data in the event a device is lost, stolen, or otherwise compromised. System administrators can remotely delete device data by using the Microsoft Exchange ActiveSync Mobile Administration Web tool.
    • Certificate based authentication increases security for accessing Microsoft Exchange Server 2003 Service Pack 2 and eliminates the need to store corporate log-in credentials on the device.
    • Native support of Secure/Multipurpose Internet Mail Extension (S/MIME) helps protect E-mail content. Messages can be signed and encrypted with digital certificates.

Most of the administration of the security features for the mobile device occurs on the Exchange Server or on the Exchange ActiveSync Mobile Administration Web tool. The following table summarizes the features and the settings required on the Exchange Server or on the mobile device.

Feature Exchange Server Setting Mobile Device Setting

Exchange direct push technology

Enabled by default with Exchange Server 2003 SP2

  • Protected configuration with firewall or ISA Server
  • Set session timeout time to 30 minutes

No preliminary device setup required. The device automatically switches from SMS to direct push technology when it synchronizes with ActiveSync®; the user steps thru ActiveSync wizard upon login to Exchange server.

Exchange ActiveSync

Enabled by default with Exchange Server 2003 SP2

Set parameters by using Exchange System Manager's Mobile Services Properties.

No preliminary device setup required; user steps thru ActiveSync wizard upon login to Exchange server.

Wireless access to global address list (GAL)

Default Exchange Server setup

Requires Outlook Web Access published on Exchange Server.

No preliminary device setup required

Privileged devices have automatic access to GAL.

Remotely enforced IT policy

Enable direct push technology in Exchange ActiveSync

Use Exchange System Manager's Mobile Services Properties to apply policies.

No preliminary device setup required; user steps thru ActiveSync wizard upon login to Exchange server and accepts IT policies.

Remote Wipe

Enable direct push technology in Exchange ActiveSync

Use Mobile Administration Web tool to initiate, track, and cancel the remote wipe.

No preliminary device setup required; user steps thru ActiveSync wizard upon login to Exchange server and accepts IT policies.

Certificate-based authentication

Install certificate on Exchange Servers

Deploy ActiveSync 4.1 to desktops

Use the Certificate Enrollment tool to configure the devices through ActiveSync.

Initial certificate enrollment using Desktop ActiveSync is required.

S/MIME mobile device support

Deploy an Exchange Server 2003 messaging system with PKI security.

Install certificate enrollment protocol and key on the device.

See Also

Concepts

Mobile Operator Guide to Messaging and Security Feature Pack For Windows Mobile 5.0-based Devices