Enabling ActiveSync in Exchange Server 2007

Microsoft Exchange ActiveSync is a technology that allows information workers to gain access to their messaging data, calendaring, and other information from a handheld device. ActiveSync works by tunneling the data over Hypertext Transfer Protocol (HTTP), the same one used for web traffic on the Internet.

Using ActiveSync in an Exchange 2007 environment gives organizations unprecedented control over the management of the remote devices and over their security, allowing for lost or stolen devices to be wiped, and enforcing policies that require encryption of data and passwords to be used.

Outlining the History of Exchange Mobility Enhancements

ActiveSync was originally released as an add-on product to Exchange 2000 Server known as Mobile Information Server (MIS). MIS was the first foray Microsoft had into syncing handheld devices and saw limited deployment.

Exchange Server 2003 was the first release of the Exchange messaging platform that included built-in ActiveSync functionality, though it had to be enabled in a separate step. The first versions of the software in 2003 did not support automatically pushing emails out to the handhelds, with the exception of a concept called Always Up to Date that would notify the device via a short message service (SMS) text message. The device would then dial in and sync. This was time and battery consuming and costly.

Service Pack 2 for Exchange Server 2003 introduced the concept of Direct Push technology, similar to BlackBerry style technology, where messages were automatically pushed out to a handheld as they were received. This improvement was warmly received.

At the same time, Windows Mobile, the handheld operating system formerly known as Windows CE and PocketPC, was evolving. The Messaging Security and Feature Pack (MSFP) for Windows Mobile 5.0 allowed for built-in, file-level encryption for the devices, and integrated them with 2003 SP2’s abilities to provision and deprovision devices over the air.

Exchange Server 2007 expands even further beyond 2003 SP2’s Direct Push technology, allowing for other improvements, such as the ability to automatically configure a handheld, encrypt connections, reset passwords, and view file data on a SharePoint server.

Exploring Exchange ActiveSync

Exchange ActiveSync is a service that runs on a client access server (CAS) in an Exchange 2007 topology. It uses the same virtual server that other HTTP access methods to Exchange use, such as Outlook Web Access and Outlook Anywhere. In ActiveSync’s case, however, it uses its own virtual directory, named Microsoft-Server-ActiveSync.

Because it uses the same type of access mechanism as Outlook Web Access (OWA) does, ActiveSync can be designed using the same CAS considerations that OWA and Outlook Anywhere does. In most cases, it is deployed as an ancillary service to these offerings. In any case, when it is deployed, it becomes a vital service to the organization.

Enabling ActiveSync in Exchange Server 2007

In Exchange 2007 ActiveSync, the application itself has become more integrated with the rest of Exchange functionality. After the CAS role has been assigned to a server, the server is closely positioned to enable ActiveSync support. That said, several configuration steps can be taken to improve and streamline ActiveSync access, per Microsoft best practices.

Working with ActiveSync Settings in the Exchange Management Console

Many of the ActiveSync settings on a CAS can be modified within the Exchange Management Console, from the Client Access node, as shown in Figure 1. The console allows for ActiveSync to be disabled, or for individual ActiveSync settings to be modified on individual recipient mailboxes.

Figure 1. Administering ActiveSync settings.

Right-clicking on the Microsoft-Server-ActiveSync listing in the details pane and choosing Properties allows for several other ActiveSync settings to be modified, such as the following:

• External url— This setting allows an administrator to enter in the fully qualified domain name (FQDN) that will be used to access ActiveSync from the Internet. An example of this is http://mail.companyabc.com/Microsoft-Server-ActiveSync.

• Authentication— Authentication methods for the ActiveSync virtual directory can be entered here. This tab allows an administrator to configure the server to use Basic authentication, which is commonly used with Secure Sockets Layer (SSL) encryption. There is also an option to define whether dual-factor authentication using client certificates is required or accepted.

• Remote File Servers— This tab, shown in Figure 2, introduces some of the new functionality in Exchange 2007 in regard to Windows Mobile access to file data in shares via Universal Naming Convention (UNC) paths, or on Windows SharePoint Services Sites.

  Figure 2. Configuring Remote File Servers options in ActiveSync.

  

Configuring Per-User ActiveSync Settings

Individual mailbox settings can be configured for ActiveSync in the Mailbox node under Recipient Configuration in the console pane, shown in Figure 3. Enabling and disabling ActiveSync on an individual mailbox can be controlled from here, as well as the ability to add a mailbox to a specific ActiveSync mailbox policy.

Figure 3. Viewing mailboxes in Exchange Management Console.

Right-clicking on an individual mailbox and choosing Properties invokes the Properties dialog box. Choosing the Mailbox Features tab, shown in Figure 4, allows for Exchange ActiveSync to be enabled or disabled for that particular mailbox. In addition, clicking the Properties button gives the option to join the mailbox to a specific ActiveSync policy, as mentioned earlier.