I've read a few threads after searchign on Android and Exchange but can't really find what I'm after.
I need to enforce a security policy if users want to sync their exchange account. There's a few people in the office who want Android devices (we provide them with a device) but until there's somethign which enforces something along the lines fo a PIN after 20 mins ala WinMo then we can't do it.
Anyone have any ideas if it's coming or if there's an app to do it? I've tried Touchdown but just seems the same as the Hero Exchange app to me.
I've not tried Touchdown, but they say they support PIN enforcement.
http://www.nitrodesk.com/dk_touchdownFeatures.aspx
Regards,
Dave
Yes, Touchdown and Roadsync both support the PIN function (they ignore it somehow, as android doesn't have a PIN function!)
although i do believe that it is technically possible to exclude individual accounts from the policy on the server (although not exactly the best idea in terms of security).
Alternatively, just do what we did at work and say 'No, you cannot have an Android Phone for your Work Phone'.
Since the ROM update on the HTC hero, I have been able to access my work email (a massive highly secured company who generally know what they are doing) and I know for a fact that they enforce this kind of security arangement on mobiles that want to connect - however android has somehow got around this and there is no remote enforcement and I can use my phone for these emails via PUSH. (I use the gesture lock as a password) You could get them to sign an agreement that they will apply this kind of thing to their phone manually. I don't know if there is an app for remote wipe.
Your company isn't allowing you in some backdoor or anything... depending on their version of exchange they are simply allowing you to use activesync through exchange.
What we all really need is an andriod client to take advantage of exchange 2007's exchange web services protocol, activesync is old technology and limited.
O.P. - You can limit users on a single user basis, if you're running windows active directory. Need a little more info on what you are trying to accomplish. If you're allowing them to use their mail client setup they are saving a password that is not clear text and is hashed... you can install a remote wipe on the phone and if they lose it, simply wipe it and forget it.
Hi *,
From a long time i'm trying to find a rom for Magic 32B be used for work.
My needs is to have a rom with ActiveSync (Mail, Calendar and Contacts) and, if possible, lookup in the "GAL" of Microsoft Exchange.
I know many software for these features, but it's possible inclusion in a rom?
Thanks in advance!
Ale
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
DarkOne951 said:
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
Click to expand...
Click to collapse
Thanks for the reply.
Android 2.1 ROM sync ONLY Email and Contacts. NO CALENDAR
ckale82 said:
if possible, lookup in the "GAL" of Microsoft Exchange.
Click to expand...
Click to collapse
I haven't seen any rom you can do that in ...
1.6 roms seem to use the 'work email' app which is an adapted version of the htc mail app from non-google branded htc devices.
2.x roms have native exchange support, mail and contacts sync only.
I believe you could get what you're looking from the market but you'll probably have to get your wallet out and pay.
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
That's what I thought too. However I never had a need for it and only basic needs for exchange. gmail for sure did calendar sync.
You'll want to go 3rd party and get a fancy one anyway. Should be worth the money if the feature set is important (not withstanding my opinion).
st0kes said:
I haven't seen any rom you can do that
Click to expand...
Click to collapse
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
yep. the old 1.5 rom with htc framework does exactly this.
i know, because i still use 1.5 for just this reason.
the best rom you'll find that does this without any need for third party apps etc is enomther's the original rogers rom. (not to be confused with his the original donut roms.)
you'll find it in the G1 development forum.
in order to use GAL addresses, you have to use "add receipient" to fill out the "to" field when doing an email. then you can choose between "contacts" (google) or "company" (GAL).
you can't browse the GAL as far as i am aware, but you can search it.
EDIT: by the way, it does full exchange sync. emails, contacts and calendar.
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
you can purchase touchdown and it does everything you ask
on any version you want
includes searchable GAL
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
gymmy said:
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
Click to expand...
Click to collapse
umm android has all those through applications available in the market ....
What are moto apps
markkohfm said:
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
Click to expand...
Click to collapse
What are moto apps - can' seem to find it searching on xda... If anyone could enlighten me, I would appreciate it.
I whole-heartedly recommend Nitrodesk TouchDown. It's a kick-ass app for Exchange. You get push updates for Mail, Calendar, etc.
It might seem expensive relative to your average mini-app, but you have to keep in mind that this is way more useful than those.
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
BigRD said:
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
Click to expand...
Click to collapse
glad we reached a consensus that business users need to stop whining about exchange and drop 20$ for touchdown
is really a stellar exchange client
hopefully there will not always be a need for this as it should be part of the base OS
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy.
The enterprise I work for, doesn't use the Active Sync certificates forced and runs on Exchange server 2007. No issues with the Exchange Android OS. No touchdown needed.
The partner who we support has to fetch the certificates and runs on Exchange server 2003. Now, they will migrate everything to Exchange 2007..., than I want to see what will happen because they will keep the security policy or adapt it to the new infra. I'm using the touchdown, because otherwise I'll have my account locked on the Radius server.
iPhone's are even more limited. To sync an iPhone with my partner Exchange server 2003, you need the following:
- On the Inbox folder have less than 500Mb
- Be over the OS version 3.x.x
- If you make a NT password reset, you have to re-create the profile and sometimes hope for a miracle or change the domain to the complete address or insert it on the username.
Once again on the Exchange 2007, no issues.
I had the same issue with android because I use exchange calendar and mail.
CursorSense has exchange calendar, it is 1.5, but works very smooth for me. The main problem was the initially pin, I had to call my exchange IT person to remove that security so I can use it. Otherwise, you are out of luck.
I've never had success with android 1.6. I've tried the Moto apk, and many other names, adb push it to the phone, and it just doens't work. So, for me, 1.6 has no exchange calendar, but only email.
As for 2.1, it does support exchange calendar. But I'm waiting a faster rom to start using it. In the meantime, I use touchdown, which is WAYYYY better than the native software from android. The widget actually works!! The widget from android in 2.1 includes Email and Calendar, but none of them refreshes the information all the time, so you will actually have to go in the email account to see new email, and your calendar to see new updates. With Touchdown, the widget is easier to use and it updates quickly. It is too expensive, I agree.
There is another app, called Roadsync, but I don't like the UI.
ricardomega said:
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy
Click to expand...
Click to collapse
Well, that is down to the business running Exchange, not anything to do with Android ... enterprises should be using universally trusted certificates.
If you get a certificate error in activesync it means your exchange admin bought a cheap SSL certificate that your device doesn't trust.
Not agreed.
Ref. 1 (Wiki):
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the IETF standards.[1]
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.[2]
RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine.[3] RADIUS serves three functions:
to authenticate users or devices before granting them access to a network,
to authorize those users or devices for certain network services and
to account for usage of those services.
Click to expand...
Click to collapse
This is GOOD. IT MEANS SECURITY.
Talking about universally trusted certificates... if the windows mobile since 5.1 version and other devices exchange services (like Symbian S60 devices up and others) work flawless ... our new gadgets are the one's who doesn't work ...
The partner that I was speaking are leaders on their security division product for decades.
Sorry, but please point out the Apps.
1: Client side cert import for access to company websites ?
2: Encryption which is FIPS 104-2 certified
3: Group Policy enforcement
Touchdown does work, but its not just exchange email which uses certification
actually this is a question to all Gingerbread rom developers.
while using froyo i was able to use corporate exchange email and calendar without any security limitations, but after i tried almost all Gingerbread roms everyone force me to set phone unlock password and threatening me to provide to the server admins ability to wipe my phone remotely....how i can bypass that??just to have a same exchange features without that security staff??
tonyio said:
actually this is a question to all Gingerbread rom developers.
while using froyo i was able to use corporate exchange email and calendar without any security limitations, but after i tried almost all Gingerbread roms everyone force me to set phone unlock password and threatening me to provide to the server admins ability to wipe my phone remotely....how i can bypass that??just to have a same exchange features without that security staff??
Click to expand...
Click to collapse
If you revert back to FROYO does it not require PIN security? Is there any chance that you company now requires this?
I have Both G2 on CM 6.1.1 and HD2 on Gingerbread. However, my company does require PIN security. Now what bugs me is my Droid X did require a PIN every time I put the phone into "Sleep" Mode.
this is something that your companies Exchange Server admins have enforced. I know mine is that way.
i got back to the froyo and it DOES NOT required me to set any pin or password,it just works as before.
is there any way to port email application from froyo to gingerbread??
There is an excellent app on the Market which I have used for this purpose as my company block access from my phone. This bypasses, and even though I only have owa it acts as though I have active sync.
I have not posted the name as whilst it is free on trial for 30 days , it is then a paid app ( and it's not cheap!)
Pm me if you want more information
i know what u r talking abt, but i'd like not to share any passwords with 3rd part app.
i rolled back to froyo
i payed attention that corporate blackberry does not require any passwords, just simply unlocking the keyboard.
tonyio said:
i payed attention that corporate blackberry does not require any passwords, just simply unlocking the keyboard.
Click to expand...
Click to collapse
Blackberrys (*spit*) are different, they rely on a BES server which interfaces between the phones and the exchange server.
They can be be set to require a password, and can be set so that if you get the password wrong enough times it wipes the device.
Is there any way to get out of having to enter a pin because of the exchange server security requirements? I don't have any info on my work email I am worried about.. so it would be nice not to have to have a PIN/Password to be able to use it.
I have an exchange, it doesn't have to ise a pin at all, I just put it on to the native the email app
Just open and your in.
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
clintre said:
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
Click to expand...
Click to collapse
Ok. Guess I'll see if I can access it through other means than exchange. Not sure. Just hate typing in the pin all the time!!
Thanks for the info though
I run an exchange server myself with a few activesync devices running. It sounds like the pin you are describing is imposed by your system administrator, when I set up an account on an evo or inc all I need is my domain credentials and a server address.
I also run an Exchange setup. I can verify that a few native e-mail apps from 2.1 days somehow bypass certain Exchange requirements, much to my dismay (Motorola comes to mind). They pretty much lied to Exchange and said they were compliant when they weren't and didn't enforce some rules. However, all the new stuff follows the ActiveSync rules, assuming that's the setup you're aiming for. I suppose if you really wanted to bypass the security you could check to see if they left IMAP or POP open, but then they'd just be some not-very-smart sysadmins.
Also, you shouldn't need anything more than your e-mail address and your password to ActiveSync. After the initial attempt at syncing it will ask for you to verify the security permissions. If it drops out and asks for your server name, domain, and such then tell your admins to fix AutoDiscover.
Oh, and while the thought of your admins being able to wipe on command is scary, you will have the ability to remote wipe your device in the event you lose it. It'll be accessible under OWA, so that's handy.
Hi,
I configured our exchange server for corporate push mail on my Galaxy Note with March 2012 firmware. There's "optional encryption" requirement in the policy, where Exchange server ask for encryption if the device supports it.
Since Galaxy Note supports encryption, it enabled the encryption and asked me for a password.
Now, each time the screen locks, I have to enter a complicated password (consisting of characters, digits & a special character!) to unlock it! The phone became very unusable!
I understood from the post of "Eviip" in the page below that this is actually a requirement from Samsung side when you enable encryption, since my Exchange policy definitely does not require this. All other colleagues with Androids that can't do encryption or using iPhone's can just type a 4-digit pin code and use their phones.
http://www.google.com/support/forum/p/Google+Mobile/thread?tid=6355566b726a0932&hl=en
Is there anything I can do for this, except buying a 3rd party mail application?
Weird, because as far add I understand it GB doesn't support device encryption, only ICS does...
What ROM are you running?
Also, did the exchange policy configure the encryption or did you do it? Because as I understand it the exchange policies don't demand device encryption, just mail stream encryption (but I'll look into that further) and that is pretty innocuous stuff...
Sent from my GT-N7000 using Tapatalk
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
thomas_d_j said:
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
Click to expand...
Click to collapse
touchdown is no option for me, because it supports 2 different exchange accounts at a time only with "profiles", which is unusable for me!
regarding your problem: i know for sure that there were some hacks for this (a modified apk which doesn't incorporate the lock requirements. the downside is: with every rom upgrade you would have to redo this hack, as the mentioned apk may change in the system itself to a newer version...
Yeah, same to me
I 've update to 4.0.3 ICS but now I want to no use password or PIN for unlock screen mean that can I not use my exchange policy? (cause my GN haven't any privacy data to secure
so can you show for me? thanks!
I finally gave up with this and used the patch that I found in the forums (for rooted phones). It works pretty well!
http://forum.xda-developers.com/showthread.php?t=1117452