actually this is a question to all Gingerbread rom developers.
while using froyo i was able to use corporate exchange email and calendar without any security limitations, but after i tried almost all Gingerbread roms everyone force me to set phone unlock password and threatening me to provide to the server admins ability to wipe my phone remotely....how i can bypass that??just to have a same exchange features without that security staff??
tonyio said:
actually this is a question to all Gingerbread rom developers.
while using froyo i was able to use corporate exchange email and calendar without any security limitations, but after i tried almost all Gingerbread roms everyone force me to set phone unlock password and threatening me to provide to the server admins ability to wipe my phone remotely....how i can bypass that??just to have a same exchange features without that security staff??
Click to expand...
Click to collapse
If you revert back to FROYO does it not require PIN security? Is there any chance that you company now requires this?
I have Both G2 on CM 6.1.1 and HD2 on Gingerbread. However, my company does require PIN security. Now what bugs me is my Droid X did require a PIN every time I put the phone into "Sleep" Mode.
this is something that your companies Exchange Server admins have enforced. I know mine is that way.
i got back to the froyo and it DOES NOT required me to set any pin or password,it just works as before.
is there any way to port email application from froyo to gingerbread??
There is an excellent app on the Market which I have used for this purpose as my company block access from my phone. This bypasses, and even though I only have owa it acts as though I have active sync.
I have not posted the name as whilst it is free on trial for 30 days , it is then a paid app ( and it's not cheap!)
Pm me if you want more information
i know what u r talking abt, but i'd like not to share any passwords with 3rd part app.
i rolled back to froyo
i payed attention that corporate blackberry does not require any passwords, just simply unlocking the keyboard.
tonyio said:
i payed attention that corporate blackberry does not require any passwords, just simply unlocking the keyboard.
Click to expand...
Click to collapse
Blackberrys (*spit*) are different, they rely on a BES server which interfaces between the phones and the exchange server.
They can be be set to require a password, and can be set so that if you get the password wrong enough times it wipes the device.
Related
I've read a few threads after searchign on Android and Exchange but can't really find what I'm after.
I need to enforce a security policy if users want to sync their exchange account. There's a few people in the office who want Android devices (we provide them with a device) but until there's somethign which enforces something along the lines fo a PIN after 20 mins ala WinMo then we can't do it.
Anyone have any ideas if it's coming or if there's an app to do it? I've tried Touchdown but just seems the same as the Hero Exchange app to me.
I've not tried Touchdown, but they say they support PIN enforcement.
http://www.nitrodesk.com/dk_touchdownFeatures.aspx
Regards,
Dave
Yes, Touchdown and Roadsync both support the PIN function (they ignore it somehow, as android doesn't have a PIN function!)
although i do believe that it is technically possible to exclude individual accounts from the policy on the server (although not exactly the best idea in terms of security).
Alternatively, just do what we did at work and say 'No, you cannot have an Android Phone for your Work Phone'.
Since the ROM update on the HTC hero, I have been able to access my work email (a massive highly secured company who generally know what they are doing) and I know for a fact that they enforce this kind of security arangement on mobiles that want to connect - however android has somehow got around this and there is no remote enforcement and I can use my phone for these emails via PUSH. (I use the gesture lock as a password) You could get them to sign an agreement that they will apply this kind of thing to their phone manually. I don't know if there is an app for remote wipe.
Your company isn't allowing you in some backdoor or anything... depending on their version of exchange they are simply allowing you to use activesync through exchange.
What we all really need is an andriod client to take advantage of exchange 2007's exchange web services protocol, activesync is old technology and limited.
O.P. - You can limit users on a single user basis, if you're running windows active directory. Need a little more info on what you are trying to accomplish. If you're allowing them to use their mail client setup they are saving a password that is not clear text and is hashed... you can install a remote wipe on the phone and if they lose it, simply wipe it and forget it.
Hi *,
From a long time i'm trying to find a rom for Magic 32B be used for work.
My needs is to have a rom with ActiveSync (Mail, Calendar and Contacts) and, if possible, lookup in the "GAL" of Microsoft Exchange.
I know many software for these features, but it's possible inclusion in a rom?
Thanks in advance!
Ale
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
DarkOne951 said:
Back in the day Eclair ROMs required you to sync your email, contacts, ect. through exchange because Google sign-in was broken. Now-a-days, the sign-in is working, but still. Point of it all is that any Eclair ROM will do what your asking. Just go to the G1 Android Development section here at XDA and find any Android 2.1 ROM you like, then go for it.
Click to expand...
Click to collapse
Thanks for the reply.
Android 2.1 ROM sync ONLY Email and Contacts. NO CALENDAR
ckale82 said:
if possible, lookup in the "GAL" of Microsoft Exchange.
Click to expand...
Click to collapse
I haven't seen any rom you can do that in ...
1.6 roms seem to use the 'work email' app which is an adapted version of the htc mail app from non-google branded htc devices.
2.x roms have native exchange support, mail and contacts sync only.
I believe you could get what you're looking from the market but you'll probably have to get your wallet out and pay.
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
That's what I thought too. However I never had a need for it and only basic needs for exchange. gmail for sure did calendar sync.
You'll want to go 3rd party and get a fancy one anyway. Should be worth the money if the feature set is important (not withstanding my opinion).
st0kes said:
I haven't seen any rom you can do that
Click to expand...
Click to collapse
ckale82 said:
But.... the old rom 1.5 with HTC framework had this features... or i'm crazy?
Click to expand...
Click to collapse
yep. the old 1.5 rom with htc framework does exactly this.
i know, because i still use 1.5 for just this reason.
the best rom you'll find that does this without any need for third party apps etc is enomther's the original rogers rom. (not to be confused with his the original donut roms.)
you'll find it in the G1 development forum.
in order to use GAL addresses, you have to use "add receipient" to fill out the "to" field when doing an email. then you can choose between "contacts" (google) or "company" (GAL).
you can't browse the GAL as far as i am aware, but you can search it.
EDIT: by the way, it does full exchange sync. emails, contacts and calendar.
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
you can purchase touchdown and it does everything you ask
on any version you want
includes searchable GAL
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
gymmy said:
I trial a HEAP of different phones for work and this is pretty much what it comes down to when you are talking business use.
While i love the Android and have a N1 myself it falls over on some MAJOR areas.
1: No Client side cert capability.
2: No Encryption
3: No Group Policy Abilities
4: No Remote Wipe of the device
5: Not FIPS rated (no encryption)
The Google phone is great, i love it over an Iphone but until these issues are sorted I would NOT recommend these for business use. As far as personal phones go they are awesome !
The only phones that are correctly rated for use as far as encryption and GPO are unfortunately WM6 and WM6.5 I HATE these phones cant stand them but they are (Believe it or not) the most secure ! Lets hope when the Iphone releases their new OS in the next month or so they may become a more realistic player in the business market.
Or (Fingers crossed) Google and Droid do some real work into making these phones more secure.. If they did i know they would be more popular with the business community !
G.
A.
Click to expand...
Click to collapse
umm android has all those through applications available in the market ....
What are moto apps
markkohfm said:
you can get a 2.1 rom and flash the moto apps from droid that includes gal, corporate calendar. that is what i am using now.
Click to expand...
Click to collapse
What are moto apps - can' seem to find it searching on xda... If anyone could enlighten me, I would appreciate it.
I whole-heartedly recommend Nitrodesk TouchDown. It's a kick-ass app for Exchange. You get push updates for Mail, Calendar, etc.
It might seem expensive relative to your average mini-app, but you have to keep in mind that this is way more useful than those.
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
BigRD said:
My employer's MS exchange set-up incorporates security pin that none of the Android ROMs support - that I'm aware off! I'm currently on day 20 of the 30 day trial with Touchdown and really am impressed. It supports mail, calendar and contacts with GAL and most importantly for me I can finally log on because of the pin security support. The iPhone supports this too however the pin is required every time you want to use it for any app whereas on Android you enter the pin when launching Touchdown. Worth the $20 imo
Click to expand...
Click to collapse
glad we reached a consensus that business users need to stop whining about exchange and drop 20$ for touchdown
is really a stellar exchange client
hopefully there will not always be a need for this as it should be part of the base OS
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy.
The enterprise I work for, doesn't use the Active Sync certificates forced and runs on Exchange server 2007. No issues with the Exchange Android OS. No touchdown needed.
The partner who we support has to fetch the certificates and runs on Exchange server 2003. Now, they will migrate everything to Exchange 2007..., than I want to see what will happen because they will keep the security policy or adapt it to the new infra. I'm using the touchdown, because otherwise I'll have my account locked on the Radius server.
iPhone's are even more limited. To sync an iPhone with my partner Exchange server 2003, you need the following:
- On the Inbox folder have less than 500Mb
- Be over the OS version 3.x.x
- If you make a NT password reset, you have to re-create the profile and sometimes hope for a miracle or change the domain to the complete address or insert it on the username.
Once again on the Exchange 2007, no issues.
I had the same issue with android because I use exchange calendar and mail.
CursorSense has exchange calendar, it is 1.5, but works very smooth for me. The main problem was the initially pin, I had to call my exchange IT person to remove that security so I can use it. Otherwise, you are out of luck.
I've never had success with android 1.6. I've tried the Moto apk, and many other names, adb push it to the phone, and it just doens't work. So, for me, 1.6 has no exchange calendar, but only email.
As for 2.1, it does support exchange calendar. But I'm waiting a faster rom to start using it. In the meantime, I use touchdown, which is WAYYYY better than the native software from android. The widget actually works!! The widget from android in 2.1 includes Email and Calendar, but none of them refreshes the information all the time, so you will actually have to go in the email account to see new email, and your calendar to see new updates. With Touchdown, the widget is easier to use and it updates quickly. It is too expensive, I agree.
There is another app, called Roadsync, but I don't like the UI.
ricardomega said:
FYI
The only thing that is needed comparing from the touchdown app to any Android OS to have full Exchange support is to fetch the Active Sync certificates forced by the enterprise security policy
Click to expand...
Click to collapse
Well, that is down to the business running Exchange, not anything to do with Android ... enterprises should be using universally trusted certificates.
If you get a certificate error in activesync it means your exchange admin bought a cheap SSL certificate that your device doesn't trust.
Not agreed.
Ref. 1 (Wiki):
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the IETF standards.[1]
Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.[2]
RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine.[3] RADIUS serves three functions:
to authenticate users or devices before granting them access to a network,
to authorize those users or devices for certain network services and
to account for usage of those services.
Click to expand...
Click to collapse
This is GOOD. IT MEANS SECURITY.
Talking about universally trusted certificates... if the windows mobile since 5.1 version and other devices exchange services (like Symbian S60 devices up and others) work flawless ... our new gadgets are the one's who doesn't work ...
The partner that I was speaking are leaders on their security division product for decades.
Sorry, but please point out the Apps.
1: Client side cert import for access to company websites ?
2: Encryption which is FIPS 104-2 certified
3: Group Policy enforcement
Touchdown does work, but its not just exchange email which uses certification
My Mom is thinking about getting the Driod X. Her company said that only the iPhone and blackberries will sync with their exchange server. She currently has a blackberry now but it is not hooked up to the email server because they are making her pay the $15 a month for the corporate email. She would like to get her email without the extra cost so she is thinking about an android phone.
From my reading 2.2 fully supports exchange now but when the Verizon store called my mom's IT department to set up her email for her they said that it and all other Android phones are not supported. Needless to say she canceled that purchase.
My question is, is this true? If it is then are their ways around this?
I have an Evo and it works with my exchange server but I am pretty sure my company allows non provisioned devices to sync.
All lies. Just sounds like her IT department just doesn't want to support her and her Android.
If she knows how to get into her Exchange account via web..she can configure it herself. On the phone, just setup an account for Exchange, plug in username, password, mail server, and domain. Very easy setup.
Mail Server and Domain comes right from her web access address like...
https://mail.company.com
mail.company.com = mail server
company.com = domain
The address to her web account is the only variable. If she has never used it...get her to ask IT guys what it is. She can say so she can check her mail from home. If they are already supporting iPhones...Androids will come in on ActiveSync the same way. IT guys will never know the difference...unless they are network nazis that toggle Active-Sync on/off per user.
I mean they can go in and disable the mobile services in the Exchange tab in AD but i doubt they would do that for every user. I did try her account on my evo once but i didn't get it to work. Maybe i fat fingered something, idk. I need to test it again and maybe try touchdown. $20 one time fee is better than $15 a month and a new blackberry that is already out of date.
Does anyone have a Droid X with a nazi type IT department that can share some info? You guys are on Froyo by now right?
Ya best thing to do is try again on your Evo and verify all her settings. Using Touchdown instead of the built-in app is not going to make any difference. Either they will have her Active-Sync locked down or not.
I don't limit access to our Exchange and have connected some Xs (2.1) and several Incredibles (2.1/2.2).
I am working hard break all our Crackberry addicts, and I'm slowly getting there. I would love nothing more than to shutdown our Blackberry server for good.
Good Luck!
I'm not an exchange admin, but I think its either lies or stupidity
Exchange for android has the same remote wiping capabilities as the iphone I believe. Some companies are concerned about this enterprise functionality in case the user loses their personal phone.
Anyways, an exchange admin has to permit you to use a cell phone, unless they have it wide open. If you can get them to enable it for "iphone" it should also work for android.
you can even log into owa and wipe the phone remotely yourself if you want.
it does identify the type of phone you have though, so they will be able to tell you are not using an iphone.
there might be some reasoning behind them blocking android I am curious
Exchange Is Doable Even On 2.1
I currently have a Droid X. I exchanged it from a Droid 2 because I wanted the bigger screen and more SD memory. In any case, my company uses a hosted Exchange provider. Since I'm the lead System Admin, they had to give me an account that allows for Exchange to work with my Droid. Hell, most of the Senior IT Managers are already using the Incredible.
The bottom line is that the Exchange administrator can allow for a phone to access, just the same way as OWA works for remote users. Since mine is hosted, it cost the company $5 to give me an account allotment. However, if her Exchange server is in-house, then they should be able to provide access for her without any cost. Droid works fine with Exchange. I heard rumours that one of the delays for giving us X users the 2.2 update had something to do with Exchange - maybe they're trying to include Active Sync. However, my phone syncs fine already without Active Sync. So any statement that Droids and Exchange don't get along is a blatant lie or a sorry excuse - and that's coming from a total Noob.
I'd guess that perhaps her company is using a self signed certificate. In earlier versions (dont remember exactly which) of Android there was no "accept all certificates" option and a self signed cert would "fail" auth and not work. In at least 2.1 forward there is now an option for that. I used to have to use touchdown for this exact reason.
/my experience = network/system/exchange administrator.
Unless they explicitly blocked Android with isa or similar then they simply don't know what they are talking about.
Edit: it wasnt until 2.0 that this feature was added to stock email app. I am willing to bet money this is/was the issue.
Deyez said:
https://mail.company.com
mail.company.com = mail server
company.com = domain
Click to expand...
Click to collapse
That's not necessarily true. Mail server, yes but domain no. I would ask them the domain too as they could have named it anything they want (of course other easyways to find it too, but by the sounds of it they aren't saying they wouldn't let her just that it "won't work" which isn't true, so just have her ask.)
It could be that it is because the phone is still on 2.1 which isn't fully supported by exchange.
I actually hate the name "droid" because some people use it for all android phones and others for the Motorola android phones. My mom calls them all Droids and maybe the IT department says that because to them the Droid wasn't supported which had 2.1 and they just don't know the difference or anything about android 2.2
If they can see what type of phone it is then telling them it is an iPhone and then activating a Droid would probably piss them off and she doesn't want to do that.
Android 2.01 and above supported exchange. I believe 2.01 had some issues with self-signed certificates (I had a Droid 1 and took it back largely because of this ... I have a self-signed Exchange server and I had issues with attachments - but mail & contacts came through fine).
2.1 Improved exchange support and 2.2 is supposed to be even better (I've Froyo'd my X and haven't noticed any difference in my exchange experience)
How did you froyo your x???!!! Its not out yet on verizon.
Sent from my DROIDX using XDA App
avirnig said:
How did you froyo your x???!!! Its not out yet on verizon.
Sent from my DROIDX using XDA App
Click to expand...
Click to collapse
Leak has been out for a while. Heck, the second leak just popped up over the weekend.
See original thread here:
http://forum.xda-developers.com/showthread.php?t=758907
I am trying to find her external email server address with no luck. The webmail address she has only works when she is connected to her VPN. When she is outside of the VPN that owa address doesn't work in any browser. So how can I find the external webserver address only knowing the email address?
Sounds to me like owa is turned on but not accessible outside of your companies firewall. If that's the case you are probably out of luck.
Sent from my DROIDX using XDA App
The company had people with iPhones so it can't be entirely turned off. I think that they have an internal webmail address which would require the VPN and then an external webmail address which would work for phones.
Android pre 2.2 did not fully support all of the exchange security features so its not really a "lie" per say.
We use encryption and remote device wipe and all the security featuers to "lock down" our devices if they are lost / stolen because they could contain PHI.
If you have any phone with Android 2.2+ it should integrate seamlessly with exchange now so there is no reason to not allow the devices on the network unless they just made their own company policy saying so.
I'm not an iphone expert by any means, but I think iphones (pre-ios4.0) use some kind of enterprise sever like blackberry.
That server may be outside the firewall.
Sent from my DROIDX using XDA App
Is there any way to get out of having to enter a pin because of the exchange server security requirements? I don't have any info on my work email I am worried about.. so it would be nice not to have to have a PIN/Password to be able to use it.
I have an exchange, it doesn't have to ise a pin at all, I just put it on to the native the email app
Just open and your in.
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
clintre said:
If the Exchange is setup to require PIN, not all are, then no you will not be able to get around it. It depends on the IT policy who is running the Exchange environment. They can set it to wipe your phone as well if they wish. Both the native app and Touchdown will do this. If they allow other methods of accessing Exchange, then this will not be an issue. However if they are requiring a PIN then they probably don't.
Click to expand...
Click to collapse
Ok. Guess I'll see if I can access it through other means than exchange. Not sure. Just hate typing in the pin all the time!!
Thanks for the info though
I run an exchange server myself with a few activesync devices running. It sounds like the pin you are describing is imposed by your system administrator, when I set up an account on an evo or inc all I need is my domain credentials and a server address.
I also run an Exchange setup. I can verify that a few native e-mail apps from 2.1 days somehow bypass certain Exchange requirements, much to my dismay (Motorola comes to mind). They pretty much lied to Exchange and said they were compliant when they weren't and didn't enforce some rules. However, all the new stuff follows the ActiveSync rules, assuming that's the setup you're aiming for. I suppose if you really wanted to bypass the security you could check to see if they left IMAP or POP open, but then they'd just be some not-very-smart sysadmins.
Also, you shouldn't need anything more than your e-mail address and your password to ActiveSync. After the initial attempt at syncing it will ask for you to verify the security permissions. If it drops out and asks for your server name, domain, and such then tell your admins to fix AutoDiscover.
Oh, and while the thought of your admins being able to wipe on command is scary, you will have the ability to remote wipe your device in the event you lose it. It'll be accessible under OWA, so that's handy.
Hi,
I configured our exchange server for corporate push mail on my Galaxy Note with March 2012 firmware. There's "optional encryption" requirement in the policy, where Exchange server ask for encryption if the device supports it.
Since Galaxy Note supports encryption, it enabled the encryption and asked me for a password.
Now, each time the screen locks, I have to enter a complicated password (consisting of characters, digits & a special character!) to unlock it! The phone became very unusable!
I understood from the post of "Eviip" in the page below that this is actually a requirement from Samsung side when you enable encryption, since my Exchange policy definitely does not require this. All other colleagues with Androids that can't do encryption or using iPhone's can just type a 4-digit pin code and use their phones.
http://www.google.com/support/forum/p/Google+Mobile/thread?tid=6355566b726a0932&hl=en
Is there anything I can do for this, except buying a 3rd party mail application?
Weird, because as far add I understand it GB doesn't support device encryption, only ICS does...
What ROM are you running?
Also, did the exchange policy configure the encryption or did you do it? Because as I understand it the exchange policies don't demand device encryption, just mail stream encryption (but I'll look into that further) and that is pretty innocuous stuff...
Sent from my GT-N7000 using Tapatalk
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
thomas_d_j said:
I see the same behaviour (gNote running 2.3.6 XXLA6; ActiveSync / Exchange Server 2007 SP2). With ActiveSync policy pushed through to device, I have to use strong password to unlock, even though the policy only calls for 4-digit PIN.
I'm using TouchDown mail client as a workaround (at least for the next 30 days) but hoping the ICS update due out "soon" will fix the "problem".
Is there any feedback avenue to Samsung regarding this "feature"?
Click to expand...
Click to collapse
touchdown is no option for me, because it supports 2 different exchange accounts at a time only with "profiles", which is unusable for me!
regarding your problem: i know for sure that there were some hacks for this (a modified apk which doesn't incorporate the lock requirements. the downside is: with every rom upgrade you would have to redo this hack, as the mentioned apk may change in the system itself to a newer version...
Yeah, same to me
I 've update to 4.0.3 ICS but now I want to no use password or PIN for unlock screen mean that can I not use my exchange policy? (cause my GN haven't any privacy data to secure
so can you show for me? thanks!
I finally gave up with this and used the patch that I found in the forums (for rooted phones). It works pretty well!
http://forum.xda-developers.com/showthread.php?t=1117452