How-To: Get Your Windows Phone 7 in Sync with Exchange
The new Windows mobile platform, code-named "Mango," brings back some of the synchronization features important for enterprise use.
When Microsoft released Windows Mobile 6.1 and 6.5, it seemed like an earnest attempt to make Windows Mobile the enterprise-grade mobile computing platform of choice. With both of these versions, you could enroll devices in a domain and manage them with Group Policy.
Microsoft also introduced dozens of new ActiveSync mailbox policies in Exchange Server 2007. Many of these new policies you could only use with fully provisionable mobile devices. That meant for a while, Windows Mobile was the only mobile OS that would support them.
Then late last year, Microsoft released Windows Phone 7. With this new platform came a completely new philosophy. Microsoft removed many of the features you might find useful (if not essential) as an IT professional. The intent seemed to be to make the device more consumer-oriented.
One of the most surprising of these changes was the lack of support for ActiveSync mailbox policies. You can still connect Windows Phone 7 to Exchange by way of ActiveSync, but many of the ActiveSync mailbox policies that had previously received so much attention no longer work. Windows Mobile 6.1 supported 43 different ActiveSync mailbox policies when used with Exchange Server 2007 SP1 (read more about that here).
However, Windows Phone 7 only truly supports seven of those policies. The same holds true when you use Windows Phone 7 with Exchange Server 2010 (read more about that here).
So what happened to the remaining ActiveSync mailbox policies? Some of them are supported to some degree, but not really. For example, you can still use the DisableRemovableStorage policy setting, but it will always return a value of True because Windows Phone 7 doesn't support using removable storage.
The lack of support for ActiveSync mailbox policies isn't the only area in which Windows Phone 7 is less suitable for enterprise use. Another sorely missed component is the certificates management console.
In Windows Mobile 6.1 and 6.5, Microsoft provided a console you could use to manage digital certificates. This console doesn't exist in Windows Phone 7. This is a problem because ActiveSync uses SSL encryption, which is based on certificate use. Windows Phone 7 devices have built-in support for certificates issued by well-known commercial certificate authorities (CAs), such as VeriSign or Go Daddy. However, certificate management can be a challenge if your organization is using its own enterprise CAs.
When first connecting my Windows Phone 7 device to Exchange through ActiveSync, the connection wouldn't work because my Windows Phone 7 device didn't trust my enterprise CA. To get around this, I set up a Hotmail account on my Windows Phone 7 device, e-mailed myself the necessary certificate, and installed the certificate by opening the e-mail attachment. Only then was I able to connect my Windows Phone 7 device to Exchange Server.
Besides the reduced ActiveSync support in Windows Phone 7, other enterprise features are missing as well. For example, you can't enroll a Windows Phone 7 device in a domain or manage it with Group Policy. There have already been a couple of updates, one of which added copy and paste functionality. However, Microsoft has a major update, code-named "Mango," slated for release this fall.
Messaging with Mango
Mango, which will officially be known as Windows Phone 7.5, will add more than 500 new features to the Windows Phone platform. While many of these new features are consumer-oriented, Microsoft has also revealed a number of new features that IT professionals have been requesting.
A lot of the new features pertain to messaging. The original Windows Phone 7 included one major messaging improvement. Unlike previous versions of Windows Mobile, you could configure Windows Phone 7 to connect to multiple e-mail accounts. One of the ways Microsoft built onto this functionality in Mango is by allowing multiple Exchange ActiveSync connections from a single device. This new feature should prove to be helpful if you need to monitor multiple mailboxes.
Another improvement to Windows Phone 7 messaging is that the phone now supports conversation view for e-mail messages. This gives you an experience that's more like what you're used to on the desktop.
Support for the Microsoft Exchange AutoDiscover service is more important from an IT perspective. To connect a Windows Phone 7 device to an Exchange Mailbox, you had to enter the user's e-mail address and password. After doing so, the device would try to connect to the user's mailbox, but it would almost always time out after failing to connect. At that point, you often had to work through the advanced setup process. In Mango, however, the AutoDiscover service promises to greatly simplify the process of connecting Windows Phone 7 devices to Exchange Server mailboxes.
Of all the new messaging features, built-in support for Out of Office is a huge help. If you've ever been out of the office and forgotten to activate an Out of Office message, you'll be happy to know that Mango should solve this problem once and for all. You'll be able to turn Out of Office messages on or off directly from the phone.
The ability to search an Exchange server for messages that aren't saved on the phone is another helpful new feature. Windows Phone 7 stores a limited amount of mail locally on the device. On my own phone, for example, I store the messages from the last five days. Every once in a while, I need a message I've purged from my phone.
Previously, the only way to access a purged message was to temporarily reconfigure the phone to retain a longer e-mail history. In Mango, you'll be able to perform a mailbox search and retrieve messages directly from your Exchange mailbox, even if those messages are older than what would normally be saved on the phone.
"Pinnable" folders are another handy messaging feature. Windows Phone 7 has always let you access any of your mail folders (although some folders are not automatically synced), but the process for doing so was cumbersome. If you have a specific mail folder you frequently use, then Mango will let you pin that folder to the Start screen. This gives you one-touch access to the folder.
The original Windows Phone 7 release was a bit lacking when it came to security. While Windows Phone 7- based devices are not inherently insecure, there were many organizations that did not permit their use due to security concerns.
Microsoft has made several security improvements in Mango. The most urgently needed of these improvements is probably support for complex passwords. Windows Phone 7 lets you lock your device, but you're limited to a simple numeric PIN.
Mango will let you lock down your Windows Phone 7-based devices using complex passwords, and will control device password settings through Exchange ActiveSync policies. Some of the password-related policy settings Mango will support include:
- Password Required
- Password Expiration
- Password History
- Allow Simple Passwords
- Minimum Password Length
In addition to these password-related settings, you'll also be able to enforce device locks after periods of inactivity. In addition, you'll be able to automatically wipe a device after a password has been repeatedly entered incorrectly. Of course, you can still wipe lost or stolen devices remotely.
As mentioned earlier, Mango will let your devices simultaneously connect to multiple Exchange Server mailboxes through ActiveSync. ActiveSync policies are applied at the mailbox level, so devices connected to multiple mailboxes could be subject to multiple (and possibly contradictory) ActiveSync policies.
Microsoft gets around this by using a formula in which the most restrictive policy setting takes precedence. For example, if one ActiveSync policy sets the inactivity period to five minutes and another policy sets the inactivity period to 10 minutes, then the five-minute inactivity timeout would be the effective policy setting because it's the more restrictive of the two. Keep in mind that Mango looks at each policy setting individually and applies the most restrictive policy settings even if that means mixing and matching settings from multiple policies.
Another feature that can help improve security is that Mango is Information Rights Management (IRM) aware. As such, Mango will let you open IRM-protected e-mail messages and Microsoft Office documents directly on your mobile device.
Windows Phone 7-based devices are often used in enterprise environments dealing with sensitive information, so Microsoft has taken steps to prevent data leakage. For example, you can only synchronize e-mail messages over a cellular connection or Wi-Fi connection. Users can't synchronize their mail simply by plugging their phone into a desktop PC as they could in the past.
Similarly, you can only transmit data files over a cellular or Wi-Fi connection. In some previous versions of Windows Mobile, you could transmit data using Bluetooth or Infrared Data Association. That's not allowed under Mango.
Windows Phone 7-based devices don't let you store data on removable storage cards. You can only store data within the device. It's great that Microsoft has taken so many steps to prevent data from being extracted from a Windows Phone 7-based device. It would have been even better if Microsoft had taken it one step further and enabled device-level encryption.
Mango offers several badly needed networking-related improvements. Most importantly, it will support connecting to wireless access points that use hidden Service Set Identifiers. Besides a free Lync Mobile app, the devices will also support availability information. The Microsoft Lync Mobile app will let you search the corporate contact list and chat with multiple people simultaneously. Mango also adds broad support for SharePoint and Microsoft Office 365.
As you can see, Windows Phone 7 was initially a bit lacking, but Microsoft seems to be making a serious effort to make Windows Phone 7.1 the enterprise mobile platform of choice.
About the Author
Brien Posey is a 21-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.