[Q] Anyone familiar with Exchange ActiveSync policy? - Verizon Galaxy S 5 Q&A, Help & Troubleshooting

I work for a medical practice. We need to keep strict EAS policies such as force PIN or password, force Encryption, allow remote wipe, timeouts, etc. No exceptions if you want to have corporate e-mail on your mobile... and I simply can't live without it.
Anyways... I'm here to talk about biometrics. I think on Exchange 2013 they just patched in the ability to allow BM separately... but what about the rest of us who will be on 2010 for a good while longer? The iPhone totally has us beat in this category. We did some testing yesterday... and the iPhone 5S is actually "smart" enough to just push your set PIN into the phone on unlock and allows the continued use of BM. With my GS5, since BM is a completely different (unlinked) feature, it is greyed out. No BM for me. :crying:
I'm just curious if anyone else has dug into this? I have been taking a lot of flak from all my IT cohorts that I still need to use a PIN.

sipple31 said:
I work for a medical practice. We need to keep strict EAS policies such as force PIN or password, force Encryption, allow remote wipe, timeouts, etc. No exceptions if you want to have corporate e-mail on your mobile... and I simply can't live without it.
Anyways... I'm here to talk about biometrics. I think on Exchange 2013 they just patched in the ability to allow BM separately... but what about the rest of us who will be on 2010 for a good while longer? The iPhone totally has us beat in this category. We did some testing yesterday... and the iPhone 5S is actually "smart" enough to just push your set PIN into the phone on unlock and allows the continued use of BM. With my GS5, since BM is a completely different (unlinked) feature, it is greyed out. No BM for me. :crying:
I'm just curious if anyone else has dug into this? I have been taking a lot of flak from all my IT cohorts that I still need to use a PIN.
Click to expand...
Click to collapse
If you want to use the Finger Print reader to unlock on your phone and a pin just for your email, you can use email apps like Touchdown instead of the default email application. So the only time you would have to enter a pin is when you open touchdown app, not to unlock your phone.

Related

[Q] Screen lock with password protect

I read posts concerning screen lock and I'm having a similar problem, but it is compounded by an Enterprise email that forces password protect. Now, not only does the screen lock while on a call, but also requires the entry of a password to re-access the phone. I must have the account set up for work.
Also, I cannot seem to find a setting where I can even change the password that was chosen when setting up the email account. I would have made it a little simpler if I'd known the issues I would be experiencing.
If anyone has any ideas, I'd love to hear them. My phone is still un-rooted.
If you want serious corporate email capabilities, look no further than Touchdown. It's $20 on the Market, but well worth it. The built-in email/calendar functionality is a joke in comparison. Some will say its interface leaves something to be desired, but I personally have zero issues with it.
Sent from my SCH-I500 using XDA App
Thanks for the response
I'll check out Touchdown.
I did make a bit of progress. I reloaded my corporate email and despite being told I needed a 8 digit password, I entered one letter and it still worked. That makes unlocking the phone a lot easier. I will try it again later leaving it blank and see what happens.
I spoke with the IT guy at work and I thought it was a requirement placed on their end, but it is not... according to him.
Thanks again for the response.

Any way past corporate-required PIN locks?

My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
I think this has been discussed before, but maybe on a different phone (HeroC maybe) But essentially no there isn't away - to access the server the phone goes through a series of checks, one of the checks being that an appropraite pin was entered to unlock the phone. if that check fails, authentication to the server is denied. Someone *might* be able to spoof the check in the email app, but I am fairly sure its actually OS deep, not just within the mail client.
So it would be a large undertaking and potentially could cause you to loose your job by by passing security measures. I know I wouldn't think twice about firing someone who did it on my network.
No way that I know of, and is something that is on pretty much everyphone. Blackberrys the security policies can even block installation of 3rd party applications.
What's even more fun for you, is the ability of your it staff to lock you out of your phone or even remotely wipe your phone.
Sent from my SPH-D700 using XDA Premium App
Restola said:
My company upgraded their exchange server, and now requires lock screens (PIN or password, no pattern) if we want to access email on our personal phones.
As someone with a rooted phone, is there any way to disable this and still have access to my corporate email? It's really annoying to have to punch in a PIN 500 times a day, but I really do need email access on my phone as much as I'm on the road.
Click to expand...
Click to collapse
I think you are stuck. Do you have the option of getting a company-supplied phone to access the company email, and keep your personal Android separate?
There is a thread in Q&A talking about an app that does this.
Do you BONSAI?
Actually there is a way I had to do it to my coworkers phone for her pattern lock
What u need: locked phone phones #, wifi or u can use wifi tether if u have another phone
1. Call the persons phone #
2. Leave phone call connected on both sides
3. Connect to wifi if u havnt already
4. Goto settings/accounts manager setting or what ever and log into a diff google account then it should require u to change the password to by pass it
Should work hopefully I read this thread correctly and answered appropietly
Edit sorry read it wrong and u don't think there is a way
My way is how u get around it
Sent from my Epic 4.1g bonsai plant
Here's the link to the thread that may help:
http://forum.xda-developers.com/showthread.php?t=1033017
I thought it was just being big brother, turns out its a regulatory requirement since we were bought by a publicly traded company. I guess I'll deal with it. If it pisses me off too much I'll just get rid of my exchange account on my phone and stop responding to emails when I'm not at my desk.
A possible workaround would be to try touhdwn for your exchange mail instead of the default mail client. Its a paid app but there should be a demo version in the market. I have a dp2 for work and they pay for touchdown for us. When using touhdown it pin locks just the app instead of whole phone. On my Droid at least moto customized the screen timeout and lock to be different timers so I found the pin to be less annoying than the interface of touchdown.
With the epics slightly bigger screen to make the TD interface a litte less annoying(lots of small buttons instead of utilizing menu button) and since epics lock is all or nothing I think I might actually use TD on my epic if I were getting my corp email there.
While not a complete removal of the pin maybe it would at least make it less annoying for you. Plus I'd guess if work catches you wihout a pin it might not go over well. TD solution lets you protect the email if you lose your phone, and does have a remote wipe for the same scenario.

[MOD] Stock Mail.apk with the exchange policy removed

First off I take no credit for this at all. All credit goes to Rsotbiemrptson who is a Jedi master for creating this after many have tried and failed.
What you have here is a flashable crack to the HTC Mail.apk that will bypass any and all security administrators that may be otherwise forced onto your device when syncing to an exchange server.
To install:
1. You must remove all mail accounts that you have set up in the Mail app.
2. If you have any existing security administrators present from a previous exchange sync deactivate them.
3. Set your lock time out to none under security settings.
4. Reboot into recovery and wipe Dalvik Cache
5. Flash the attached file.
As with all mods or changes to ROMS do a complete backup in recovery.
If you find this useful please send all thanks to Rsotbiemrptson for cracking this bad boy.
Has anyone tried this?
sdorn77 said:
Has anyone tried this?
Click to expand...
Click to collapse
I don't really understand the point of it. Is there something wrong with Exchange on the Tbolt? Mine works fine.
Shiftyshadee said:
I don't really understand the point of it. Is there something wrong with Exchange on the Tbolt? Mine works fine.
Click to expand...
Click to collapse
This is for people who want to use their Exchange account on their Tbolt, but DON'T want to give their Exchange admin the ability to enforce security policies on their phone (like having to enter a PIN every time you unlock the screen). Sounds like your Exchange admin doesn't implement any of those policies, so you don't need this.
Is this something that was implemented in newer versions of Exchange? I think my company uses 2007 still. Might be why I haven't seen this.
i managed to get my gmail, hotmail an windjammercable mail setup though exchange on my thunderbolt, but i kept getting sync errors where it would try to sync all three emails like every 5 seconds when the phone was operating in peak time. My battery went from like 100 to like 75 in less than 20 minutes So i had to just delete all the email setting i changed an go back to what i had before.
Now, if install your mail akp will this stop the sync errors?
Shiftyshadee said:
Is this something that was implemented in newer versions of Exchange? I think my company uses 2007 still. Might be why I haven't seen this.
Click to expand...
Click to collapse
It's been around since at least the 2003 version but it's all optional settings, your admin may just not have them enabled. Mine doesn't.
Jacquestrapp said:
It's been around since at least the 2003 version but it's all optional settings, your admin may just not have them enabled. Mine doesn't.
Click to expand...
Click to collapse
Gotcha. Thanks for clearing that up for me
This absolutely works on all DAS BAMF roms but should work on any ROM including stock. You only need this if you have exchange policies pushed to your phone by your company. If you don't know what this is you prob don't need it.
I do not know if it will fix the afore mentioned sync errors but I would doubt it.
Here's a new question. When I had CM7 on my Incredible, Exchange wanted to setup device admin rights. Now on my Tbolt with Sense I don't get asked. Any idea why?
madroix said:
This absolutely works on all DAS BAMF roms but should work on any ROM including stock. You only need this if you have exchange policies pushed to your phone by your company. If you don't know what this is you prob don't need it.
I do not know if it will fix the afore mentioned sync errors but I would doubt it.
Click to expand...
Click to collapse
I have installed this on DAS BAMF remix v1.4 and it does work so far. I was able to remove the PIN lock and use a pattern lock, which was not permitted before. Also, I didn't get the exchange security policy notice when I added my exchange account. Syncing appears to be working properly as well so far.
The mod is quite honestly ridiculous. Whats the point of trying to have security setup and protect possible sensitive information, when you don't want an Admin to enforce security rights.
This 100% defeats the purpose that was set in place by Exchange for good reason's. I sure hope everyone understands the SERIOUS consequences of what could happen by flashing this and possibly leak sensitive data into the wrong hands.
^^ it's a very good point. One of the problems with AS and lock screens is that with the default client and iPhones you have to pin to unlock even the phone. Nothing to do with email, just the darn phone. So everyone hates it. I use Touchdown which only requires a pin if you go to check email. But it's $20. Anyway, be careful with hacks that bypass security in a workplace. It could be cause for termination.
I love my phone, I've loved ALL my devices... Yes, I use it for work with MS Exchange email (MS Consultant), and yes the pin/password policies are annoying.
But I'm not about to risk my job over some "hassle" of 3 seconds to enter a pin. Aren't our email Administrators able to see we bypassed this or no?
oc3rulz said:
The mod is quite honestly ridiculous. Whats the point of trying to have security setup and protect possible sensitive information, when you don't want an Admin to enforce security rights.
This 100% defeats the purpose that was set in place by Exchange for good reason's. I sure hope everyone understands the SERIOUS consequences of what could happen by flashing this and possibly leak sensitive data into the wrong hands.
Click to expand...
Click to collapse
To be honest, if someone wanted my data or emails a stupid 4 digit pin is not going to stop them. There are many ways in getting a persons email off of there phone without even unlocking it. This seems like it is for those small companies who's admins are security freaks and its really not needed. Granted, I am sure apple would not be happy if an employee used this app or an android phone lol
Sent from my ADR6400L using XDA Premium App
It is important to keep sensitive data secure. I think a properly set up pattern lock is as good as a 4 digit PIN. I use lookout to be able to remotely wipe if needed.
THANK YOU SO MUCH! Hats off to the dev.
Do I have to remove gmail accounts too, or just the active sync exchange accounts?
Sent from my ADR6400L using XDA App
chriskader said:
To be honest, if someone wanted my data or emails a stupid 4 digit pin is not going to stop them. There are many ways in getting a persons email off of there phone without even unlocking it. This seems like it is for those small companies who's admins are security freaks and its really not needed. Granted, I am sure apple would not be happy if an employee used this app or an android phone lol
Sent from my ADR6400L using XDA Premium App
Click to expand...
Click to collapse
Let them get in hacking your password/pin, you won't be held responsible. However if you have the phone pin/password disabled and they realize this you will be terminated. They will be able to see that you are bypassing security measures, and you could have lawsuit on your hands as well.
Please dont think that I am bashing the dev, I'm simply trying to let people know that they very well could and most likely lose their job and have possible legal action taken against them for using this. Cellphones are such a volatile thing anyhow, but giving them an easier way in is not a good idea, especially not while breaking company policy.
oc3rulz said:
Let them get in hacking your password/pin, you won't be held responsible. However if you have the phone pin/password disabled and they realize this you will be terminated. They will be able to see that you are bypassing security measures, and you could have lawsuit on your hands as well.
Please dont think that I am bashing the dev, I'm simply trying to let people know that they very well could and most likely lose their job and have possible legal action taken against them for using this. Cellphones are such a volatile thing anyhow, but giving them an easier way in is not a good idea, especially not while breaking company policy.
Click to expand...
Click to collapse
Like I said, they don't even Ned to unlock your phone e to read the emails on of. Google it.
Sent from my ADR6400L using XDA Premium App

Exchange email security.

I tried to set up an account to my Exchange email at work using the default email app on my TF101. When I set up an account it requires that I enable all of these security settings on the tab like having a PIN and encrypting data. I don't want to do all of that. I realize that this is something set up by my Exchange administrator but I am not sure they even did it knowingly and anyway I don't want to have to deal with it to check email.
Does anyone know how to bypass this? Searches of these forums and the web show that there are some modded email apks for other platforms that let you bypass the security settings. I have not seen any such mods for ICS on the TF101.
Thanks in advance for your help.
Hello,
I do not believe the stock email is able to handle the security settings from an exchange server. You need to look at other programs like Moxier Mail or TouchDown.
+1 for touch down. Works great but it is $20
Enhanced email is another option. I got it from free app of the day by Amazon. At first, it did not work on android 3.0+, but it works fine now. It gives you the option to ignore security policies.
Alternatively, if you decompile the email.apk, I believe you can force a variable so that the email app always tells the exchange server you have sufficient security enabled (I'm not exactly sure where must be changed).
tonyz3 said:
+1 for touch down. Works great but it is $20
Click to expand...
Click to collapse
I couldn't agree more. Do the trial first to see if you like it. I don't recommend bypassing the security. You can unknowingly pass a virus through your corporate exchange. Hopefully, one day, they will resolve this issue in the Android exchange client.
tonyz3 said:
+1 for touch down. Works great but it is $20
Click to expand...
Click to collapse
+1... Touchdown. Forget any other Exchange apps.
+1 for Enhanced Email - optionally bypasses the admin security settings - works fine on Honeycomb and ICS too.
Exchange Admin
Hello,
When setting up exchange servers in the past, the default exchange policy is to have those features enabled. Even if those are DISABLED, the tablet will still ask to create the partnership. I believe this is so it can be wiped remotely. It seems ICS just tells you it is going to do all of those things as a generic warning. I have noticed this is only on ICS though. If you click ok, it shouldn't ask you to create a PIN or anything if it isn't actually required. We currently only have exchange 2010 in production in a test environment, so I have yet to look for the setting to disable this feature entirely. Hope this helps you understand how it works at least a little.

Exchange server screenlock problem (not the standard)

Hi all,
I have a problem with my new Nexus 6P and the exchange server in combination with my screenlock.
Whenever i set up the exchange mail account, i have to set up a pin or password to unlock my phone. When i want to change back the pin / password to a pattern, i cant and it says: "disabled by administrator encryption policy or credential storage"
Normally the reply on this post would be, your company has set up these minimum requirements for security purposes and you cant put up the mail/agenda unless you accept the terms of the company.
The weird thing is, my company doesn't`t require any security measures at all. If you want to swipe to unlock, you can (well, other people can ).
Does anyone have a solution for this problem?
If you need more background / tell info, let me know!
Thanks in advance,
Arjan
anyone?
Exchange must be requiring that or it wouldn't force it on you.
You could always use a 3rd party exchange mail client if it bothers you about it restricting your lock options. I use touchdown (contains exchange in one sandbox) my phone is still mine if the admins wipe the phone it just wipes touchdown.
Don't have to use touchdown but it's just an example.
Normally you would say that exchange forces the security, but i went by the IT-department and they have shown me that all restrictions are off.
A third party app is a possibility, but i'd rather use the app i have to combine multiple email-accounts and agenda's.
I still haven't found a solution for the problem. I really don't get why my phone restricts my screenlock options, when the IT-department has deleted all restrictions.

Categories

Resources