As mentioned in BYOD Basics: Proper Planning and Considerations , "Bring Your Own Device" provides great potential to one's organization when planned for properly. Choosing the right tools that meet the requirements of your organization requires proper research to ensure said organization's mobile worker connectivity goals are achieved without sacrificing security. This applies to all sizes of organizations. While larger businesses have specific requirements around smartphone and tablet enablement, smaller to medium size businesses can sometimes get by on the bare essentials. While there are a barrage of software offerings to manage and control any BYOD deployment, sometimes all an organization needs is the software already deployed in their own infrastructure.
Microsoft ActiveSync, included with Microsoft Exchange since 2003 SP2 and with Office 365 since inception, can provide secure connectivity to one's email but can also do so much more. It can enable IT departments with the ground tools necessary to begin their BYOD enablement strategy on behalf of their organization. What's more, Microsoft Exchange ActiveSync not only support Windows Phone, but iOS, Android, and even BlackBerry natively without third party software requirements. While granted, some organizations will require more than the ability to remotely wipe a device if lost or stolen or enforce the requirement for passwords on said devices, the capabilities of enablement ActiveSync provides extend beyond just that.
The following is a small example of the policing capabilities provided by Microsoft Exchange ActiveSync:
Product | Windows Phone | Windows Phone | Windows Phone | iPhone (iOS) | BlackBerry 10 | Android | ||
Version | 7.0 | 7.5 | 8.0 | 5.0 | 10.0 | 2.2, 2.3 | 3.0, 3.1 | 4.0 |
Remote wipe | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
SSL encrypted transmission | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Min Password Length | Yes | Yes | Yes | Yes | Yes | Depends On Manufacturer | ||
Password Complexity | Yes | Yes | Yes | No | Yes | Depends On Manufacturer | ||
User started remote wipe | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
PIN reset | No | No | No | No | No | No | No | No |
Auto Discover Settings | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Bandwidth reduction | No | Yes | Yes | Yes | Yes | No | No | Yes |
Allow attachment download (client side) | No | No | Yes | No | Yes | No | No | Yes |
Maximum attachment size | No | No | Yes | No | Yes | No | No | Yes |
Allow simple password | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Password expiration | Yes | Yes | Yes | Yes | Yes | Depends On Manufacturer | ||
Enforce password history | Yes | Yes | Yes | Yes | Yes | Depends On Manufacturer | ||
Encrypt storage card | No | No | No | N/A | Yes | Depends On Manufacturer | ||
Disable removable storage | Yes | Yes | Yes | N/A | No | No | No | No |
Require device encryption | No | No | Yes | Yes16 | Yes | No | Yes | Yes |
Allow IRM over EAS | No | Yes | Yes | No | No | Depends On Manufacturer | ||
Allow/Block/Quarantine Capabilities
One additional item to make mention of which is natively available in Exchange 2010 and up is the ability to Allow, Block or Quarantine (ABQ for short) devices attempting to connect to your organization's infrastructure through Exchange ActiveSync. This ability of control allows IT departments the ability to allow approved devices, block devices that do not meet the specific requirements as agreed to by the organization, or to quarantine, in essence await access approval, devices pending further investigation around device capabilities.
As stated earlier, Microsoft Exchange ActiveSync provides a great ground level BYOD strategy. While it does not have all the features full blown mobile device management suites offer, the policies provided do give IT departments the ability to enable an organization's workforce with secure access in mind.
Further information regarding Microsoft Exchange ActiveSync can be found here.