Long time lurker, first-time poster.
I'm after some advice concerning using Windows Mobile in a corporate environment. My company is currently dishing out Blackberry RIM devices to anyone who needs email on the go, but we've got a really stable and secure AD infrastructure, and are going to go with WM ASAP for email, contacts, web etc etc etc.
Anyway, I've been tasked to bring these devices into the company properly; making sure the devices are fit for purpose, making sure that there's hardware support, and...making sure that they can be managed from our Service Desk, which is where I need some input.
I've used SOTI's Pocket Controller in the past and immediately had this in mind to deal with remote management. MobiControl takes this several steps forward and really does tick every box. I've scoured the 'net for other remote management/administration apps, but have more or less hit a blank. The only one that can be considered close is IntelliSync, but seems to fall over in several areas. Does anyone know of any other remote admin apps out there that can operate over wireless/cellular data connections? At the very least, I cannot deliver a choice of one to choose from, although I can't imagine anything else coming close to MobiControl.
Thanks, and well done everyone - top top site!
H
Do you use Exchange 2003? Either standalone or as part of SBS2003?? If so, Exchange 2003 SP2 has the MSFP (Messaging and Security Feature Pack) included, which allows remote administration - and remote wipe - of Windows Mobile devices (especially if they run Windows Mobile 6.0!!).
Another product from MS is the new System Center Configuration Manager (replacement for SMS) - this includes mobile device provisioning. There's a 120-day trial available, but I'm not sure when/if the product has been released yet. See this link for more details.
My company will be looking into SCCM in the new year as, at last, some of our senior execs are just getting wise to the possiblility of getting their email on the move (We won't be touching those "dark coloured fruit" devices with a long stick!!).
Cheers,
Mark.
Thanks Mark,
Yep - we're running Exchange 2K3 but I'm not sure what service pack we're on. I think our Exchange team are in the process of upgrading to 2007 - hopefully, this will also include some Windows Mobile goodies.
Most of our devices are WM5; I'm the only one running WM6, but most of the devices we're looking at are WM6.
One of my colleagues were talking to our Orange account manager a couple of days ago, and they mentioned Mobile Device Manager 2008. I will check out System Centre - thank you for the pointer.
Just out of interest, what line of business is your company in? From my converations with the other Groups within my company, the scope of this "investigation" has become rather large! Initially, it was going to be a straight swap for the PIM functions of the Blackberry, but I'm also now looking at GPS navigation via longitude and latitude co-ordinates, barcode scanning, printing via Bluetooth AND across the cellular data link, and a few other small (but useful) functions.
Can of worms...pop!
H
Related
My IT manager has informed me that the XDA II will have blackberry capabilities once "O2 implement some changes to their servers" , which will apparently happen somewhere after X-mas.
Anybody else heard of this?
It was my impression, from something I read I believe, that the functionality comes from both 2003 mobile upgrade, and microsoft .net (2003) exchange server. Basically I was lead to believe that if you have say MS exchange server .net or 2003 what ever it is officially called, and a pocket pc phone running 2003 mobile the blackberry type functions can be had.
RIM client is being shipped in new O2 XDA II firmware next year. This means you can use it with RIM BES servers to deliver push E-mail.
This will not give the true Blackberry experience though as the carriers have only licensed a portion of the BES solution and it's functionality is limited. There is no push calendar, contacts etc. etc. and the configuration aspects are limited on PPC2003.
Good for marketing purposes but pretty much useless in my view in an enterprise deployment. It's my understanding that the RIM BES support is a firmware only solution and you will not be able to add extra functionality without the carrier licencing it and delivering it to you in ROM form.
The RIM BES is done with software. So in theory it could be implemented on the XDA II. However the BES is not cheep!!
It would be good to see if an XDA II could get the seamless e-mail connection that the Blackberry does. However the Blackberry is not a particularly good phone and when I last looked did not support SMS but P2P. If they can get over the technical aspect and the cost of the BES it would be great and I for one would perches the service in a second.
Gil.
Yes it can
the xmail software can be used to match what blackberry can provide - you will need a computer permanently linked to the network (either yours or a shared machine)
A T-Mobile manager in San Francisco explained it this way: The combination of the new Pocket PC Phone Edition 2003 software on your PDA and new mail server software (undoubtedly Exchange Server 2003, although she didn't say), lets email show up on your PDA without you having to check for it manually, just like SMS messages do. If that's what you mean by Blackberry capabilities, then it looks like everyone who has or upgrades to Pocket PC Phone Edition 2003 and gets email from an updated Exchange Server will have "Blackberry capability." She explained that the mail server will send a specially coded SMS message to your PDA (which you will never see) which will notify the OS that there is email waiting to be downloaded. The PDA will then automatically initate a download of the email. From your perspective, it will seem that the email will simply show up -- a la with a Blackberry device.
It is Exchange 2003 and Windows Mobile 2003 combo. You can set Active Sync to sync "as new items arrive" option. This option sends a special email via SMS to your phone to pull the new data. So, it becomes very close to Blackberry RIM, I love it. It saves my time to check for new messages on the road.
People are confusing two capabilities here
RIM / Blackberry INBOX software is rumored to be shipping with / in the XDA II firmware sometime in '04 (might be available now). This would allow EITHER a RIM desktop redirector OR a Blackberry Enterprise Server to wireless synchronize Exchange email with the XDA II. The BES option is much better than the 'redirector' as it doesn't require a PC to be constantly running redirecting email for every user doing this (dumb approach).
There are multiple "Blackberry Like" capabilities that support the XDA II that some of you have been referring too. Microsoft new 'titanium' / Exchange uses SMS (dumb approach) to wake up the XDA II and 'tell it' to come pick up it's mail, calendar, etc. SMS is costly in some cases, and not guaranteed message protocol in all cases.
Other ISV's are developing / have developed 'Berry like' capability for XDA II -- Synchrologoc, Extended Systems, Sybase iAnywhere, others.
Most of these take the same approach as described above by Microsoft -- some are a bit more clever approach that uses TCP/IP as the underlying Push notification vs. SMS -- which makes them alot more flexible and reliable.
NET-net: There are two options to achieving the Pushed email / PIM to the XDA II: via RIM / Blackberry approach, or via the MS / ISV approach described above.
Make sense? FYI: I know this because I am the RIM product mgr for my company, and have been exploring some of the options that are RIM-like with other device and platforms.
jpd
There are 3rd party solutions that allow for this kind of thing also. We are currently using Synchrologic Email Accelerator to do true IP push to our WM2003 devices. The device polls the server to see if new messages are there and pulls them down if there are any new items. Email, Contacts, Tasks...any of your PIM items are "pushed" (it actually appears to be a pull, but oh well) without SMS messaging taking place.
I guess my point is that this is WM2003 capability, not necessarily XDA II. You can have this "blackberry experience" today if you use the right software. Granted, its not cheap, but I know our mobile users love it.
-wurd up
wurdipus said:
There are 3rd party solutions that allow for this kind of thing also. We are currently using Synchrologic Email Accelerator to do true IP push to our WM2003 devices. The device polls the server to see if new messages are there and pulls them down if there are any new items. Email, Contacts, Tasks...any of your PIM items are "pushed" (it actually appears to be a pull, but oh well) without SMS messaging taking place.
Click to expand...
Click to collapse
Yeah but the device has to be on to do this, right? I mean to "poll" the server, your PPC has to be turned on, right?
With the Exchange Server method, it will send the SMS which will cause your PPC to wake up, dl the email, and tell you "you've got mail".
-arebelspy
your PDA is never actually off unless you let the battery die. When you turn it "off" the screen just blanks to save battery. I agree, SMS message wakeup is a stupid and wasteful approach.
I've been running a project on mobile computing at work which obviously means that I get loads of cool toys to play with.
So today I connected my XDA II to a server (via D-Link router) running MS Exchange and MS Sharepoint.
Limited success with Sharepoint, it renders ok but you lose a fair bit of functionality which must be down to advanced IE features not present in the mobile version.
Exchange Web Access worked like a dream though (albeit, a dream where the browser window is too small and the wrong form factor!)
However I was doing 3 things at once and ticked "remember password" when initially logging on to the server and the damned thing just bypassed authentication from then on meaning I couldn't try different accounts.
So to the "does anyone know" bit, Firstly anyone have any ideas about clearing the "remember passwords" nightmare, tried stopping explorer, clearing cache and cookies and even a soft reset with no joy.
The main idea of the project is to give our key mobile workers (mainly our Directors) access to this technology, now I would never suggest that Directors are thick (and some of ours are anything but) however the process for selecting and connecting to networks seems bloody fiddly at best, anyone know of any decent software that makes this a bit more intuitive?
Gonna try and make time to try my BTOpenzone account out with the XDA II tomorrow, any thoughts?
For the auto authenticate part, why not just change your account password on your exchange server, youll get a refused connection and asked for password and username again.
I've tried owa on the xda2 and found it very unwield, so I use imap into pocket outlook instead check it just like you would pop3, infact you could use pop3 aswell / instead.
Forgot to mention, have you had a play with remote admin using the xda yet? I'm looking for a better way than the admin website (same problem as owa)
Good idea on the password, owa is being as we have an existing (large) corporate Exchange set up and want a relatively seamless mobile experience. When using notebooks etc away from the office we'll be using OWA so using it on the Xda's too makes it easier for our high powered thinkers!
Might just have to get some iPaq 4150's for the landscape mode while waiting for Xda III!
Not touched remote admin and probably not likely to, the final system will likely be installed in a fully supported datacentre.
Sounds like a fun setup, love to get my hands on a rig like that (probably bring the whole system down!!! LOL).
I think that owa uses editable html pages, so you could maybe create a more pocket pc friendly layout, I would think that you could redirect clients by browser type so that pc users got the standard layout, and xda's got the modified one.
I've found that if you keep the possible number of connection options down the auto select works pretty well.
I have owned an O2 XDA for a while and I currently use an XDA II (Himalaya). I have now found myself supporting 8 XDA IIs devices and 15 XDA IIi devices, in addition to 6 Blackberries.
We are currently running Blackberry Enterprise Server and although I do not like the software or the devices very much I can't deny their impressive features. For the XDA devices we have a contract with O2 and provide wireless Active Sync and OMA using MS Exchange over both WiFi and GPRS, however management for the devices is a bit lacking. I am forever setting up devices for users who have hard re-set their devices or let them go flat.
With the Blackberrys the BES software can manage the fleet of devices, push software to them, define policy etc.
My question is, has anyone else used software that can manage PDA devices in an organization. I have been reading about MS System Management Server and its Device Management Feature Pack. Has anyone used this, is it any good, reliable etc.
I have looked into Blackberry software for the PDA's and it seems possible, but I would rather integrate with active directory and group policy if I can.
Also what are the possibilities of cooking ROMs and deploying them, such as getting rid of that damn O2 software and installing the GPRS monitor? While I am at it can I automatically collect log files in any way, such as the GPRS software or Active Sync errors (coz I get that allot of them). It would beet setting up all this stuff by hand. I will go ahead and give this a try anyway I think but I would be interested in talking to any one that has done this before.
In return I have noticed that there is not much information here on these subjects, and I would be happy to share my experiences in this area if it is needed.
Thanks for the advice.
I think you scared everyone off. What a scary thought, having to support that many devices. Just one is enough of a pain for most on here!
Well I have managed to configure the ExtROM of the blueangle deviced, and i am happy to say that my users can now take there xda IIs devices on the road, if they go flat, or hard reset, all is ok. I installed the demo version of Microsoft SMS server on my test network at home and i love it. Using this I created cab files that configured activesync, GPRS, VPN and browser settings that now mean my users only need to set the time, and put in the username and password and the hole thing is up and running, GPRS sync and all (my boss is very happy). All I need to do now is convince them to buy the software.
I am looking in to useing WMI to collect device information, and perhaps a .NET app to gather loggs etc.
Thanks for all your help. I could not have done this without this forum, cooking up my ExtROM and geting rid of the O2 software and even puting on a company splash screen are all very cool. (oh and i upgraded my xda 2 to 2005 while i was at it )
Some thougts
a cab to configure WiFi ? (registery patch?)
will the XDA IIi be as easy?
could i install tom tom useing the ExtROM ? to many prompts ?
and my origanl plee for help stands,
thanks again guys
Running 40 XDA2, some on a BES server, all using a flaky bespoke software requiring a BT connection!
Need some help on the MKROM stuff as I'm fed up of activsync 10+ times a day
Hello everyone,
Eventhough I have BB Conn on my AT&T 8525, my company would not help me get it paired with our BES, so I had them get me an actual BB. Now I'd like to just pull the SIM card put it in my 8525 and use BB conn. From what I have read, this should not be an issue; but I understand that the device type will show up on the BES. Now I doubt they have someone monitoring with such a fine comb, but since They will not let personal devices on, oh yeah, nor would they let me get a TILT as a BB, is there a way to spoof the device type on the BES or is this something someone would be interested in looking into as my programming skills are long gone. Thanks in advance for all your replies.
As far as i know there is no way of spoofing the BB device so that the BES sees your WinMo device as a BB.
Also i think it would be necessary for you to redo the Enterprise Activation anyway, as from the BES's point of view you would be a new device, this would require the assistance of your BES Admin.
This same solution worked for me.
But I am using BBC 2 on my Wizard.
All I had to do is to get a good (that is: BBC compatible) ROM version(I hacked it) and AKU value in the registry (hacked that as well).
I was then able to connect my WM device to the BES using the BBC desktop software. The BBC desktop software seems to push the device PIN (which is different on the WM device than on the BB device) to the BES.
Works flawlessly. BBC has some drawbacks BTW: I cant cope with big mail or calendar archives, so you have to clean up your Exchange account once in a while. BBC 2 is a memory hog as well (and it seems to have a memory leak). But a weekly / bi-weekly softreset fixes hat.
I am still curious to get BBC 4 on my device. This new version seems to have more difficult catches.
A how to guide on hacking the OS in order to rum BBC is in the development & hackng forum.....
That's as maybe, but if the BES admin has set it up so that only an allowed list of devices are allowed then BBC will not connect.
Also as there is an existing embargo on personal devices could it be against company policy and thus disciplinable to circumvent things?
As a BES Admin I can confirm that non BBs show up as something different. We have a Nokia Communicator running BBC on our BES and it shows as a Nokia RA-6
jrosaly said:
Hello everyone,
Eventhough I have BB Conn on my AT&T 8525, my company would not help me get it paired with our BES, so I had them get me an actual BB. Now I'd like to just pull the SIM card put it in my 8525 and use BB conn. From what I have read, this should not be an issue; but I understand that the device type will show up on the BES. Now I doubt they have someone monitoring with such a fine comb, but since They will not let personal devices on, oh yeah, nor would they let me get a TILT as a BB, is there a way to spoof the device type on the BES or is this something someone would be interested in looking into as my programming skills are long gone. Thanks in advance for all your replies.
Click to expand...
Click to collapse
I ended up doing exactly what you have done due to corporate policy. However I have never even unboxed the BlackBerry they posted me. I had to call the helpdesk to get them to create a password for the Enterprise Activation but that was it. I then installed BBC (4.0.0.97) and just did the activation and it all worked.
I tried version 4.0.0.100 but it didn't work for some reason so I ended up using the slightly older version as I had seen various reports of it working. I think our IT department must know I am using a HTC Kaiser, however I think as long as I don't start asking for support they are OK with it.
When they created the password for enterprise activation it lasts for a day or so and then can't be used and you have to request another activation. I can see this being a pain if you want to play about installing new ROMs.
HTH
Andy
Hi *,
From a long time i'm trying to find a rom for Magic 32B be used for work.
My needs is to have a rom with ActiveSync (Mail, Calendar and Contacts) and, if possible, lookup in the "GAL" of Microsoft Exchange.
I know many software for these features, but it's possible inclusion in a rom?
Thanks in advance!
Ale
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
DarkOne951 said:
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
Click to expand...
Click to collapse
Thanks for the reply.
Android 2.1 ROM sync ONLY Email and Contacts. NO CALENDAR
ckale82 said:
if possible, lookup in the "GAL" of Microsoft Exchange.
Click to expand...
Click to collapse
I haven't seen any rom you can do that in ...
1.6 roms seem to use the 'work email' app which is an adapted version of the htc mail app from non-google branded htc devices.
2.x roms have native exchange support, mail and contacts sync only.
I believe you could get what you're looking from the market but you'll probably have to get your wallet out and pay.
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
That's what I thought too. However I never had a need for it and only basic needs for exchange. gmail for sure did calendar sync.
You'll want to go 3rd party and get a fancy one anyway. Should be worth the money if the feature set is important (not withstanding my opinion).
st0kes said:
I haven't seen any rom you can do that
Click to expand...
Click to collapse
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
yep. the old 1.5 rom with htc framework does exactly this.
i know, because i still use 1.5 for just this reason.
the best rom you'll find that does this without any need for third party apps etc is enomther's the original rogers rom. (not to be confused with his the original donut roms.)
you'll find it in the G1 development forum.
in order to use GAL addresses, you have to use "add receipient" to fill out the "to" field when doing an email. then you can choose between "contacts" (google) or "company" (GAL).
you can't browse the GAL as far as i am aware, but you can search it.
EDIT: by the way, it does full exchange sync. emails, contacts and calendar.
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
you can purchase touchdown and it does everything you ask
on any version you want
includes searchable GAL
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
gymmy said:
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
Click to expand...
Click to collapse
umm android has all those through applications available in the market ....
What are moto apps
markkohfm said:
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
Click to expand...
Click to collapse
What are moto apps - can' seem to find it searching on xda... If anyone could enlighten me, I would appreciate it.
I whole-heartedly recommend Nitrodesk TouchDown. It's a kick-ass app for Exchange. You get push updates for Mail, Calendar, etc.
It might seem expensive relative to your average mini-app, but you have to keep in mind that this is way more useful than those.
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
BigRD said:
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
Click to expand...
Click to collapse
glad we reached a consensus that business users need to stop whining about exchange and drop 20$ for touchdown
is really a stellar exchange client
hopefully there will not always be a need for this as it should be part of the base OS
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy.
The enterprise I work for, doesn't use the Active Sync certificates forced and runs on Exchange server 2007. No issues with the Exchange Android OS. No touchdown needed.
The partner who we support has to fetch the certificates and runs on Exchange server 2003. Now, they will migrate everything to Exchange 2007..., than I want to see what will happen because they will keep the security policy or adapt it to the new infra. I'm using the touchdown, because otherwise I'll have my account locked on the Radius server.
iPhone's are even more limited. To sync an iPhone with my partner Exchange server 2003, you need the following:
- On the Inbox folder have less than 500Mb
- Be over the OS version 3.x.x
- If you make a NT password reset, you have to re-create the profile and sometimes hope for a miracle or change the domain to the complete address or insert it on the username.
Once again on the Exchange 2007, no issues.
I had the same issue with android because I use exchange calendar and mail.
CursorSense has exchange calendar, it is 1.5, but works very smooth for me. The main problem was the initially pin, I had to call my exchange IT person to remove that security so I can use it. Otherwise, you are out of luck.
I've never had success with android 1.6. I've tried the Moto apk, and many other names, adb push it to the phone, and it just doens't work. So, for me, 1.6 has no exchange calendar, but only email.
As for 2.1, it does support exchange calendar. But I'm waiting a faster rom to start using it. In the meantime, I use touchdown, which is WAYYYY better than the native software from android. The widget actually works!! The widget from android in 2.1 includes Email and Calendar, but none of them refreshes the information all the time, so you will actually have to go in the email account to see new email, and your calendar to see new updates. With Touchdown, the widget is easier to use and it updates quickly. It is too expensive, I agree.
There is another app, called Roadsync, but I don't like the UI.
ricardomega said:
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy
Click to expand...
Click to collapse
Well, that is down to the business running Exchange, not anything to do with Android ... enterprises should be using universally trusted certificates.
If you get a certificate error in activesync it means your exchange admin bought a cheap SSL certificate that your device doesn't trust.
Not agreed.
Ref. 1 (Wiki):
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the IETF standards.[1]
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.[2]
RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine.[3] RADIUS serves three functions:
to authenticate users or devices before granting them access to a network,
to authorize those users or devices for certain network services and
to account for usage of those services.
Click to expand...
Click to collapse
This is GOOD. IT MEANS SECURITY.
Talking about universally trusted certificates... if the windows mobile since 5.1 version and other devices exchange services (like Symbian S60 devices up and others) work flawless ... our new gadgets are the one's who doesn't work ...
The partner that I was speaking are leaders on their security division product for decades.
Sorry, but please point out the Apps.
1: Client side cert import for access to company websites ?
2: Encryption which is FIPS 104-2 certified
3: Group Policy enforcement
Touchdown does work, but its not just exchange email which uses certification