Related
I've read a few threads after searchign on Android and Exchange but can't really find what I'm after.
I need to enforce a security policy if users want to sync their exchange account. There's a few people in the office who want Android devices (we provide them with a device) but until there's somethign which enforces something along the lines fo a PIN after 20 mins ala WinMo then we can't do it.
Anyone have any ideas if it's coming or if there's an app to do it? I've tried Touchdown but just seems the same as the Hero Exchange app to me.
I've not tried Touchdown, but they say they support PIN enforcement.
http://www.nitrodesk.com/dk_touchdownFeatures.aspx
Regards,
Dave
Yes, Touchdown and Roadsync both support the PIN function (they ignore it somehow, as android doesn't have a PIN function!)
although i do believe that it is technically possible to exclude individual accounts from the policy on the server (although not exactly the best idea in terms of security).
Alternatively, just do what we did at work and say 'No, you cannot have an Android Phone for your Work Phone'.
Since the ROM update on the HTC hero, I have been able to access my work email (a massive highly secured company who generally know what they are doing) and I know for a fact that they enforce this kind of security arangement on mobiles that want to connect - however android has somehow got around this and there is no remote enforcement and I can use my phone for these emails via PUSH. (I use the gesture lock as a password) You could get them to sign an agreement that they will apply this kind of thing to their phone manually. I don't know if there is an app for remote wipe.
Your company isn't allowing you in some backdoor or anything... depending on their version of exchange they are simply allowing you to use activesync through exchange.
What we all really need is an andriod client to take advantage of exchange 2007's exchange web services protocol, activesync is old technology and limited.
O.P. - You can limit users on a single user basis, if you're running windows active directory. Need a little more info on what you are trying to accomplish. If you're allowing them to use their mail client setup they are saving a password that is not clear text and is hashed... you can install a remote wipe on the phone and if they lose it, simply wipe it and forget it.
Hi,
we are currently using active sync to sync a couple of mobiles with MS Exchange 2007 (via UMTS). We also do the same thing with our customers mobiles but with Exchange 2003. Unfortunately we do not use the standard port numbers to connect the mobiles via active sync because our network administrator becomes a total basketcase when using Microsoft standards over the internet .
Anyways... is there any chance to get active sync to work without using the standard ports in Windows Mobile 6.5? I know that it didn't work with previous versions. Symbian and iPhone OS on the other hand do work under the described conditions. So there should be a way
Bastian
Anybody?
During the weekend I did a complete search through the registry of a HTC P4350 with a custom WM 6.5 ROM but there was nothing which was at least close to a custom active sync port...
Won't work on custom ports
Use VPN tunnel and then sync with port 80 or 443
or buy iPhone (my.domainname.com:9999)
That's what I assumed but thanks anyway.
I already thought about the VPN solution but since we're using a Cisco VPN with RSA token authentication, that won't be that user friendly
I actually own an iPhone which works perfectly with MS Exchange and a custom port but one of our customers thinks about buying a HTC HD2. So he might have to get rid of the idea... too bad MS
This does look bad for droid
For all the talk of droid using Linux and being customizable, it's crazy you can't even enter a corporate or Exchange port. I used an iPhone and set them up fine for work, works great. You can synch calendars and contacts if you want. On replies it pulls work contacts while keeping them separate since I don't want the contact sync with my personal. You can even navigate email folders, real business class stuff. The droid doesn't let you enter an exchange port, just checks standard ports then throws an error. There are apps you can get that let you enter a port in but none of them seem to see any folder but the inbox. In a world of security issues and choices, this makes droid email less customizable and therefore less professional for the corporate exchange user, and I'd think the opposite, that the iPhone would be the strict one that didn't give options to do what you need.
This would be a very big obstacle to business-class use. This is over a year old. Is it still an issue with Windows phones too? It's an issue on the droid as of 03/2011. On the iPhone, when the automatic exchange setup fails, you manually enter the server with your open port number like serverort and bingo, awesome synch and Exchange integration. I didn't even know other phones couldn't do this, and I'm not sure if it's a Windows Mobile issue too or just the droid.
Is it possible that Windows and Android phones can't do this, while iPhone and Apple have the options to make non-standard secure Microsoft Exchange ports work correctly out of the box?
Hi *,
From a long time i'm trying to find a rom for Magic 32B be used for work.
My needs is to have a rom with ActiveSync (Mail, Calendar and Contacts) and, if possible, lookup in the "GAL" of Microsoft Exchange.
I know many software for these features, but it's possible inclusion in a rom?
Thanks in advance!
Ale
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
DarkOne951 said:
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
Click to expand...
Click to collapse
Thanks for the reply.
Android 2.1 ROM sync ONLY Email and Contacts. NO CALENDAR
ckale82 said:
if possible, lookup in the "GAL" of Microsoft Exchange.
Click to expand...
Click to collapse
I haven't seen any rom you can do that in ...
1.6 roms seem to use the 'work email' app which is an adapted version of the htc mail app from non-google branded htc devices.
2.x roms have native exchange support, mail and contacts sync only.
I believe you could get what you're looking from the market but you'll probably have to get your wallet out and pay.
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
That's what I thought too. However I never had a need for it and only basic needs for exchange. gmail for sure did calendar sync.
You'll want to go 3rd party and get a fancy one anyway. Should be worth the money if the feature set is important (not withstanding my opinion).
st0kes said:
I haven't seen any rom you can do that
Click to expand...
Click to collapse
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
yep. the old 1.5 rom with htc framework does exactly this.
i know, because i still use 1.5 for just this reason.
the best rom you'll find that does this without any need for third party apps etc is enomther's the original rogers rom. (not to be confused with his the original donut roms.)
you'll find it in the G1 development forum.
in order to use GAL addresses, you have to use "add receipient" to fill out the "to" field when doing an email. then you can choose between "contacts" (google) or "company" (GAL).
you can't browse the GAL as far as i am aware, but you can search it.
EDIT: by the way, it does full exchange sync. emails, contacts and calendar.
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
you can purchase touchdown and it does everything you ask
on any version you want
includes searchable GAL
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
gymmy said:
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
Click to expand...
Click to collapse
umm android has all those through applications available in the market ....
What are moto apps
markkohfm said:
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
Click to expand...
Click to collapse
What are moto apps - can' seem to find it searching on xda... If anyone could enlighten me, I would appreciate it.
I whole-heartedly recommend Nitrodesk TouchDown. It's a kick-ass app for Exchange. You get push updates for Mail, Calendar, etc.
It might seem expensive relative to your average mini-app, but you have to keep in mind that this is way more useful than those.
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
BigRD said:
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
Click to expand...
Click to collapse
glad we reached a consensus that business users need to stop whining about exchange and drop 20$ for touchdown
is really a stellar exchange client
hopefully there will not always be a need for this as it should be part of the base OS
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy.
The enterprise I work for, doesn't use the Active Sync certificates forced and runs on Exchange server 2007. No issues with the Exchange Android OS. No touchdown needed.
The partner who we support has to fetch the certificates and runs on Exchange server 2003. Now, they will migrate everything to Exchange 2007..., than I want to see what will happen because they will keep the security policy or adapt it to the new infra. I'm using the touchdown, because otherwise I'll have my account locked on the Radius server.
iPhone's are even more limited. To sync an iPhone with my partner Exchange server 2003, you need the following:
- On the Inbox folder have less than 500Mb
- Be over the OS version 3.x.x
- If you make a NT password reset, you have to re-create the profile and sometimes hope for a miracle or change the domain to the complete address or insert it on the username.
Once again on the Exchange 2007, no issues.
I had the same issue with android because I use exchange calendar and mail.
CursorSense has exchange calendar, it is 1.5, but works very smooth for me. The main problem was the initially pin, I had to call my exchange IT person to remove that security so I can use it. Otherwise, you are out of luck.
I've never had success with android 1.6. I've tried the Moto apk, and many other names, adb push it to the phone, and it just doens't work. So, for me, 1.6 has no exchange calendar, but only email.
As for 2.1, it does support exchange calendar. But I'm waiting a faster rom to start using it. In the meantime, I use touchdown, which is WAYYYY better than the native software from android. The widget actually works!! The widget from android in 2.1 includes Email and Calendar, but none of them refreshes the information all the time, so you will actually have to go in the email account to see new email, and your calendar to see new updates. With Touchdown, the widget is easier to use and it updates quickly. It is too expensive, I agree.
There is another app, called Roadsync, but I don't like the UI.
ricardomega said:
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy
Click to expand...
Click to collapse
Well, that is down to the business running Exchange, not anything to do with Android ... enterprises should be using universally trusted certificates.
If you get a certificate error in activesync it means your exchange admin bought a cheap SSL certificate that your device doesn't trust.
Not agreed.
Ref. 1 (Wiki):
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the IETF standards.[1]
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.[2]
RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine.[3] RADIUS serves three functions:
to authenticate users or devices before granting them access to a network,
to authorize those users or devices for certain network services and
to account for usage of those services.
Click to expand...
Click to collapse
This is GOOD. IT MEANS SECURITY.
Talking about universally trusted certificates... if the windows mobile since 5.1 version and other devices exchange services (like Symbian S60 devices up and others) work flawless ... our new gadgets are the one's who doesn't work ...
The partner that I was speaking are leaders on their security division product for decades.
Sorry, but please point out the Apps.
1: Client side cert import for access to company websites ?
2: Encryption which is FIPS 104-2 certified
3: Group Policy enforcement
Touchdown does work, but its not just exchange email which uses certification
I've had my Acer for about two weeks, and have had some trouble with connecting to my Exchange server at work. Actually, with every setup (Stock 3.1, HoneyVillain, Toobinay), I can set up my account and start using e-mail. Then, after a couple of days, I get a notification "Security update required" in the notification area, and a similar message across the top of the screen in the e-mail client. After this, the account sync stops. Touching the messages does nothing (does not launch a setup screen or anything like that). Deleting and re-configuring the account has worked temporarily, but stop shortly thereafter.
Is there a known work around for this problem?
I read in one (semi-related) thread that Acer required encryption, but if that was the case, then why would the account sync for a while and then stop working?
Is this build-related? I thought I some someone mention some fixes in the latest builds (...41), but this didn't work for the time that I was on Stock 3.1 (I don't recall the build number, but was there an update in the last two weeks?)
Would a HC3.2 ROM fix this issue?
Conversely, is there a separate client that anyone could work in managing the security for that e-mail (i.e. K9 or Touchdown) that also works well in tablet form factor?
Just as an update. Tried a 3.2 ROM (Minimal) without a change in the behavior. Then tried providing a password for encryption under security settings and activating ability to store encrypted credentials. This seems to have worked, but other measures have appeared to work. Keep my fingers crossed.
It's funny, IIRC, other devices of mine have automatically set that part up when connecting to my account.
I can't connect to Exchange account either. Mine at work is Exchnage 2010.
first you have to set a pin, then you have to encrypt your tablet, this is obviously something included since 1.39 in 3.01.
this may take up to an hour approximately.
then you should be able to connect.
by default, exchange 2007 and 2010 require device pins. You have to set one unless the exchange admin configures the server to allow insecure mobile devices in the exchange server configuration. I haven't come across a requirement for encrypting a mobile device yet, but it is likely a similar setting.
I usually turn off the pin requirement as it is rather annoying and does not always go over well with management types that want quick access to their phones. Fortunately that trend is changing with newer security threats and high profile phone losses/thefts.
I'm surprised you were able to connect at all. The native email client and touchdown both respect the pin requirements and won't allow you to finish configuring the account until the requirement is met.
With what I have done, I find that I can connect and use the exchange functions, but I continue to get the same message every now and then. Strangely enough, tapping on the message is now effective in re-enabling sync with my company's exchange server.
I have not yet done the whole device encryption as a possible solution. Does anyone know the kind of performance effects (if any) there are with encryption of the device?
Sent from my A500 Xoom using XDA Premium App
Now requesting security update again and is not syncing e-mail.
I encrypted device this morning without any benefit to the sync process.
On a related note, do I have to factory data wipe to remove encryption before making any other changes to my ROM (update current ROM or change to another)?
Figured out my primary issue. The administrators set a requirement for a alpha passcode that Android doesn't pick up, so my numeric passcode was creating a problem. Unfortunately, the system couldn't tell me it was a problem.
Still wondering what to do with my encryption now.
Sent from my Nexus S 4G using XDA Premium App
first of all, encryption does not slow down the ICONIA, because it decrypts data only during power up process, after the data is decrypted.
I am connecting to an exchange server 2007, and everything works fine once the encryption process is done. Otherwise no way to connect to the exchange server with or without ssl.
Thats why i found it strange that you can connect without encryption, because it is part of ANDROID 3.01 1.39 and upwards 3.14 and 3.2. This is not specifique to ACER in my mind.
So what ROM are you using?
zoubidou said:
first of all, encryption does not slow down the ICONIA, because it decrypts data only during power up process, after the data is decrypted.
I am connecting to an exchange server 2007, and everything works fine once the encryption process is done. Otherwise no way to connect to the exchange server with or without ssl.
Thats why i found it strange that you can connect without encryption, because it is part of ANDROID 3.01 1.39 and upwards 3.14 and 3.2. This is not specifique to ACER in my mind.
So what ROM are you using?
Click to expand...
Click to collapse
I'm using Minimal 3.2(.1), but was able to obtain the (limited) connectivity even with Stock, Taboonay, HV prior to encrypting.
I'm considering going back to stock and see what happens with different settings.
My clue to the passcode part was that I also have an iPad, which works fine to connect to the Exchange server (with an alpha passcode). I just tried switching it to a numeric passcode and could no longer connect. iOS was worst than Android as far as reasons, though, it just sat there trying to connect without any kind of error message.
There must have been something they changed recently in the security protocols for my company's Exchange, because the problem even happened on my phone, and I've been using a numeric passcode on that for some time. Trouble was, our IT helpdesk had no idea if anything was changed, so they were no help in identifying the issue.
which exchange server version are you running? 2003 2007 or 2010
i can give you a hint on 2007 which possibly also works with 2010
You open Exchange management, go into organisation configuration, client access,
create a new profile, go into "password" remove password required, and in "genera"l
activate "authorize dumb peripherals".
Make this new profile the default profile, then try again.
Right now, everything *seems* to be working (crosses fingers). I've even gone back to rooted stock with custom kernel, kept tablet encryption and all other security settings (alpha passcode, secure credentials, etc.).
I think I'll take the advice in your sig -- and not fix it
Thanks.
A further update.
Continues to work, but I still get the update required message on and off. At least I've determined an easy way to reset it in the accounts section. I think the tablet and/or server are somehow forgetting each other.
Sent from my A500 using XDA Premium App
first of all encryption does not hinder anything, as long as you use a stock compliant kernel like richardtip works very well including oc.
update or changing ROM does not require any changes as kong as they are compliant with stock and you don't have to factory reset.
mevensen said:
A further update.
Continues to work, but I still get the update required message on and off. At least I've determined an easy way to reset it in the accounts section. I think the tablet and/or server are somehow forgetting each other.
Sent from my A500 using XDA Premium App
Click to expand...
Click to collapse
Spoke too soon, now the security update message won't go away. I don't think I'll go back to 3.2 until the Acer update in a couple of weeks. Meanwhile, trying Moxier Mail application.
Sent from my A500 using XDA Premium App
I would only use stock 3.1 or stock compliant custom rom's with or without richardtrip's kernel. because obviously when it does a first time installation it calculates an offset (possible where there keys are stored) and this offset is never on the same place. It seems that this is proper to ACER, XOOM is doing things a different way, and hence does not work on an acer machine. The ACER 3.2 should be available end of this month (after 25), so why nit wait 10 days.
Hi,
I configured our exchange server for corporate push mail on my Galaxy Note with March 2012 firmware. There's "optional encryption" requirement in the policy, where Exchange server ask for encryption if the device supports it.
Since Galaxy Note supports encryption, it enabled the encryption and asked me for a password.
Now, each time the screen locks, I have to enter a complicated password (consisting of characters, digits & a special character!) to unlock it! The phone became very unusable!
I understood from the post of "Eviip" in the page below that this is actually a requirement from Samsung side when you enable encryption, since my Exchange policy definitely does not require this. All other colleagues with Androids that can't do encryption or using iPhone's can just type a 4-digit pin code and use their phones.
http://www.google.com/support/forum/p/Google+Mobile/thread?tid=6355566b726a0932&hl=en
Is there anything I can do for this, except buying a 3rd party mail application?
Weird, because as far add I understand it GB doesn't support device encryption, only ICS does...
What ROM are you running?
Also, did the exchange policy configure the encryption or did you do it? Because as I understand it the exchange policies don't demand device encryption, just mail stream encryption (but I'll look into that further) and that is pretty innocuous stuff...
Sent from my GT-N7000 using Tapatalk
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
thomas_d_j said:
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
Click to expand...
Click to collapse
touchdown is no option for me, because it supports 2 different exchange accounts at a time only with "profiles", which is unusable for me!
regarding your problem: i know for sure that there were some hacks for this (a modified apk which doesn't incorporate the lock requirements. the downside is: with every rom upgrade you would have to redo this hack, as the mentioned apk may change in the system itself to a newer version...
Yeah, same to me
I 've update to 4.0.3 ICS but now I want to no use password or PIN for unlock screen mean that can I not use my exchange policy? (cause my GN haven't any privacy data to secure
so can you show for me? thanks!
I finally gave up with this and used the patch that I found in the forums (for rooted phones). It works pretty well!
http://forum.xda-developers.com/showthread.php?t=1117452