Now that Exchange 2013 is RTM and some deployments are being planned,
designed and even deployed in some corporations, I am going to have a
series of How To’s on configuring some settings that may not be as easy
as it once was. Take for example your Mobile Device policies. If we take
a look at what is available in the Exchange Administration Console we
see that there are only a few settings in the new GUI for Exchange
Server:
Now, if we look back at Exchange 2010, we can see that things have changed quite a bit in the GUI:
So how do we configure a more robust and feature rich policy in Exchange Server 2013?
Below is a comparison of the options for Exchange 2010 and Exchange 2013 when it comes to configuring the ActiveSync or Mobile Device policies (depending on the Exchange version). Differences are noted by the blue text. Some that are highlighted are just named differently in the versions:
The main differences are name changes for the options and the dropping of Bluetooth in the options configuration:
On to configuring! First step is to create a new policy for your
mobile active sync devices. The cmdlet we use here is
‘New-MobileDeviceMailboxPolicy’. Here is an example of this command
used to create a new policy for your IT department:
Now we have a basic policy that enforces an alphanumeric password with three types of characters and has a ten password history.
Once we have a policy created we can verify the policies that are
enabled in Exchange with the Get-MobileDeviceMailboxPolicy PowerShell
command:
Now let’s say that in the future you are required to change some of
the settings in your policy. For example you are required to have a 15
password history and allow password recovery. For this we can use the
‘Set-MobileDeviceMailboxPolicy’:
If you need to remove a policy, simply use the Remote-MobileDeviceMailboxPolicy command:
Further Reading
Get-MobileDeviceMailboxPolicy
New-MobileDeviceMailboxPolicy
Remove-MobileDeviceMailboxPolicy
Set-ActiveSyncMailboxPolicy ***
Set-MobileDeviceMailboxPolicy
*** The Set-ActiveSyncMailboxPolicy cmdlet will be removed in a future version of Exchange. Use the Set-MobileMailboxPolicy cmdlet instead. If you have any scripts that use the Set-ActiveSyncMailboxPolicy cmdlet, update them to use the Set-MobileMailboxPolicy cmdlet.
PowerShell
Configuring the Mobile Policies via Powershell in Exchange 2013 is
almost exactly the same as in Exchange Server 2010 and the options that
can be configured are essentially the same as well.Below is a comparison of the options for Exchange 2010 and Exchange 2013 when it comes to configuring the ActiveSync or Mobile Device policies (depending on the Exchange version). Differences are noted by the blue text. Some that are highlighted are just named differently in the versions:
Exchange Server 2013 |
Exchange Server 2010 |
| -AllowBrowser | -AllowBluetooth |
| -AllowCamera | -AllowBrowser |
| -AllowConsumerEmail | -AllowCamera |
| -AllowDesktopSync | -AllowConsumerEmail |
| -AllowExternalDeviceManagement | -AllowDesktopSync |
| -AllowHTMLEmail | -AllowExternalDeviceManagement |
| -AllowInternetSharing | -AllowHTMLEmail |
| -AllowIrDA | -AllowInternetSharing |
| -AllowMobileOTAUpdate | -AllowIrDA |
| -AllowNonProvisionableDevices | -AllowMobileOTAUpdate |
| -AllowPOPIMAPEmail | -AllowNonProvisionableDevices |
| -AllowRemoteDesktop | -AllowPOPIMAPEmail |
| -AllowSimplePassword | -AllowRemoteDesktop |
| -AllowSMIMEEncryptionAlgorithmNegotiation | -AllowSimpleDevicePassword |
| -AllowSMIMESoftCerts | -AllowSMIMEEncryptionAlgorithmNegotiation |
| -AllowStorageCard | -AllowSMIMESoftCerts |
| -AllowTextMessaging | -AllowStorageCard |
| -AllowUnsignedApplications | -AllowTextMessaging |
| -AllowUnsignedInstallationPackages | -AllowUnsignedApplications |
| -AllowWiFi | -AllowUnsignedInstallationPackages |
| -AlphanumericPasswordRequired | -AllowWiFi |
| -ApprovedApplicationList | -AlphanumericDevicePasswordRequired |
| -AttachmentsEnabled | -ApprovedApplicationList |
| -Confirm | -AttachmentsEnabled |
| -DeviceEncryptionEnabled | -Confirm |
| -DevicePolicyRefreshInterval | -DeviceEncryptionEnabled |
| -DomainController | -DevicePasswordEnabled |
| -Identity | -DevicePasswordExpiration |
| -IrmEnabled | -DevicePasswordHistory |
| -IsDefault | -DevicePolicyRefreshInterval |
| -MaxAttachmentSize | -DomainController |
| -MaxCalendarAgeFilter | -Identity |
| -MaxEmailAgeFilter | -IrmEnabled |
| -MaxEmailBodyTruncationSize | -IsDefaultPolicy |
| -MaxEmailHTMLBodyTruncationSize | -MaxAttachmentSize |
| -MaxInactivityTimeLock | -MaxCalendarAgeFilter |
| -MaxPasswordFailedAttempts | -MaxDevicePasswordFailedAttempts |
| -MinPasswordComplexCharacters | -MaxEmailAgeFilter |
| -MinPasswordLength | -MaxEmailBodyTruncationSize |
| -MobileOTAUpdateMode | -MaxEmailHTMLBodyTruncationSize |
| -Name | -MaxInactivityTimeDeviceLock |
| -PasswordEnabled | -MinDevicePasswordComplexCharacters |
| -PasswordExpiration | -MinDevicePasswordLength |
| -PasswordHistory | -MobileOTAUpdateMode |
| -PasswordRecoveryEnabled | -Name |
| -RequireDeviceEncryption | -PasswordRecoveryEnabled |
| -RequireEncryptedSMIMEMessages | -RequireDeviceEncryption |
| -RequireEncryptionSMIMEAlgorithm | -RequireEncryptedSMIMEMessages |
| -RequireManualSyncWhenRoaming | -RequireEncryptionSMIMEAlgorithm |
| -RequireSignedSMIMEAlgorithm | -RequireManualSyncWhenRoaming |
| -RequireSignedSMIMEMessages | -RequireSignedSMIMEAlgorithm |
| -RequireStorageCardEncryption | -RequireSignedSMIMEMessages |
| -UnapprovedInROMApplicationList | -RequireStorageCardEncryption |
| -UNCAccessEnabled | -UnapprovedInROMApplicationList |
| -WhatIf | -UNCAccessEnabled |
| -WSSAccessEnabled | -WhatIf |
| -WSSAccessEnabled |
Exchange Server 2013 |
Exchange Server 2010 |
| -AllowBluetooth | |
| -AllowSimplePassword | -AllowSimpleDevicePassword |
| -AlphanumericPasswordRequired | -AlphanumericDevicePasswordRequired |
| -PasswordEnabled | -DevicePasswordEnabled |
| -PasswordExpiration | -DevicePasswordExpiration |
| -PasswordHistory | -DevicePasswordHistory |
| -IsDefault | -IsDefaultPolicy |
| -MaxInactivityTimeLock | -MaxInactivityTimeDeviceLock |
| -MaxPasswordFailedAttempts | -MaxDevicePasswordFailedAttempts |
| -MinPasswordComplexCharacters | -MinDevicePasswordComplexCharacters |
| -MinPasswordLength | -MinDevicePasswordLength |
New-MobileDeviceMailboxPolicy -name:”IT
Mobile Devices” -AlphaNumericPasswordRequired:$true
-MinPasswordComplexCharacters:3 -PasswordHistory:10
Now we have a basic policy that enforces an alphanumeric password with three types of characters and has a ten password history.
Further Reading
Get-MobileDeviceMailboxPolicy
New-MobileDeviceMailboxPolicy
Remove-MobileDeviceMailboxPolicy
Set-ActiveSyncMailboxPolicy ***
Set-MobileDeviceMailboxPolicy
*** The Set-ActiveSyncMailboxPolicy cmdlet will be removed in a future version of Exchange. Use the Set-MobileMailboxPolicy cmdlet instead. If you have any scripts that use the Set-ActiveSyncMailboxPolicy cmdlet, update them to use the Set-MobileMailboxPolicy cmdlet.
No comments:
Post a Comment