Smartphones, Exchange ActiveSync, and ABQ Lists
It's no secret that smartphones are going gangbusters these days. Just about every week some new commercial floods your evening programming with how great some new device will be. Android, iPhone, and now Windows Phone 7 are all out there pitching their best phones and features, or in some cases letting the carriers—Verizon, T-Mobile, AT&T—fight it out for them. The pitch is to the consumer, but the business IT department isn't untouched by the results.
December 2, 2010
It's no secret that smartphones are going gangbusters these days. Just about every week some new commercial floods your evening programming with how great some new device will be. Android, iPhone, and now Windows Phone 7 are all out there pitching their best phones and features, or in some cases letting the carriers—Verizon, T-Mobile, AT&T—fight it out for them. The pitch is to the consumer, but the business IT department isn't untouched by the results.
Which means that all these new devices, with their multiple mobile OSs, are finding their way into corporate environments and connecting to the Microsoft Exchange Server infrastructure—or at least trying to. Fortunately, from a management perspective, most device manufacturers license Exchange ActiveSync (EAS), which gives IT departments important security controls over the devices that connect to their Exchange network. In addition, of course, EAS provides the sync capability for push email, contacts, calendars, and so forth.
A recent press release from Microsoft about the popularity of EAS quoted Adam Glick, senior technical product manager for Exchange Server. “It’s important that we broadly license Exchange ActiveSync to other companies and competitors in the industry,” Glick says, "because it increases customer choice and helps people use Exchange across a wide range of devices." Traditionally, IT departments haven't necessarily been wild about supporting customer (i.e., end user or employee) choice; however, the explosion of mobile devices and the consumerization of IT has forced this necessity on them.
If you're on Exchange Server 2010, as Glick explained in a more IT-centric Exchange Team Blog post, you can have even more explicit control over exactly which devices can connect to your network through a new feature called the Allow/Block/Quarantine (ABQ) list. This feature lets you be as restrictive or permissive as is suitable to your organization. You can set it up so that all devices are allowed to connect unless they're on a specific block list, or you can set up the reverse so that only specifically allowed devices can connect while anything not on the allowed list will be blocked.
The system also lets you make exceptions for individuals, which can be useful for testing new devices or in the case where an individual has a particular business need that requires the use of an otherwise prohibited device. The quarantine part of the ABQ feature gives the IT department the ability to see what new devices are attempting to connect to the network so you can determine whether to allow them. With Exchange 2010 SP1, you can manage ABQ lists through Exchange Control Panel (ECP), but you can also use Exchange Management Shell (EMS) cmdlets if you prefer (or if you're on Exchange 2010 RTM).
Glick's blog post has detailed info on implementing this feature, with several screenshots—you should check it out. He points out, of course, that ABQ lists aren't a replacement for managing mobile devices through EAS policies—this is just another level of protection, another means of adding protection for your environment at the device level. And with the explosion of mobile devices, that's good news all around!
Related Reading:
About the Author
You May Also Like