Archive for February, 2012

Does Windows Phone 7.5 now offer the best Exchange experience?

When Windows Phone released in 2010 it was widely panned by the business community for lacking the feature sets businesses had come to expect with Exchange and Windows Mobile 6.5.  Indeed, with every release of Exchange, the next release of Windows Mobile would almost always support the full functionality of Exchange. 

To exacerbate the situation iPhone licensed certain Exchange ActiveSync (EAS) policies from Microsoft which put them ahead of the initial Windows Phone release in regards to EAS.

With the release of Windows Phone 7.5 (Mango), support for several EAS policies came as well.  I believe it is important to now contrast these improvements between the latest versions of operating systems on the three major platforms.  I will go through the current list of support provided by Wikipedia and have discussion points of the specific Windows Phone discrepancies as current of Feb 1 2012.  For this exercise we are going to only discuss Windows Phone 7.5 as there is simply no reason why you would not be upgraded to Mango at this point.

Microsoft Apple Google
Product Windows Phone[4] iPhone/iPod (iOS)[5] Android
Version 7.5 5 4
Mango Ice Cream
Exchange ActiveSync 2.5 – Exchange Server 2003 SP2
Direct Push Yes Yes Yes
Email sync Yes Yes Yes
Calendar sync Yes Yes Yes
Contacts sync Yes Yes Yes
Tasks Sync Yes Yes No
Remote wipe Yes Yes Yes
Sync multiple folders Yes Yes Yes
GAL lookup Yes Yes2 Yes
SSL encrypted transmission Yes Yes Yes

With what we would regard as basic EAS support, or 2.5, pretty much across the board all phones support full features.  Chuckles do go out to the fact that Android 4.0 still cannot sync tasks from Exchange.  GAL lookup on iOS only returns basic information for the user instead of the full contact info on Windows Phone.  It is safe to say that Windows Phone offers the best EAS 2.5 support.

Exchange ActiveSync 12.0 – Exchange Server 2007
User started remote wipe (server side) Yes Yes Yes
Link Access No No No
HTML email Yes Yes Yes
Server Search Yes Yes Yes
Set Out of Facility/Office (OOF) Yes No No
Follow-up flags Yes No Yes15
Meeting attendee information Yes Yes No
PIN reset No No No
AutoDiscover Yes Yes Yes
Bandwidth reduction Yes Yes Yes
Allow attachment download (client side) No Yes Yes
Maximum attachment size No No Yes
Enable password recovery No No No
Allow simple password Yes Yes Yes
Password expiration (days) Yes Yes Yes
Enforce password history Yes Yes Yes
Encrypt storage card No N/A No


With Exchange 2007, the EAS version jumps to 12, to match the version of Exchange itself.  Feature wise none of the operating systems support Link Access or reset PIN.  Link Access allows Exchange to proxy through links to SharePoint and UNC files without need to use a VPN.  I do have to take exception with the information provided by Wikipedia as I have personally witnessed and performed access to a file via Exchange email.  None of the OSs support the ability for Exchange to reset the lock screen PIN.  With 7.5, Windows Phone offers a leg up on the competition by having the ability to set Out of Office replies directly on the phone as well as set and sync follow up flags in mail (which iOS cannot do)  Windows Phone can also view meeting attendees which Android does not do.

In regards to EAS 12 policies Windows Phone does not support the policy “Allow Attachment Download”, this policy allows the phone user to choose whether to download the entire message with attachments or not.  Since the Windows Phone user has the ability to do this manually in each message, support of this functionality is unnecessary, although other OSs will respond “True” to a query from the server.  Lilewise, neither Windows Phone or iOS will respond to a Maximum Attachment Size query from the server.

Windows Phone does not support the policy to encrypt storage cards.  This is an issue that has been mentioned before by enterprise security pundits.  It should be known that only one Windows Phone to date has supported a user removable storage card, the Samsung Focus which uses the SD Card Association encryption scheme to encrypt and pair itself with the card.  Removing this card from the phone resets the phone and renders the card data useless.  Because of this, support for removable storage encryption is unnecessary.

To summarize, Windows Phone offers the best EAS 12 features support, but does not support the most EAS 12 policies from a strict compliancy perspective.  However, it equally supports the most –pertinent- EAS 12 policies compared to other mobile OS.

Exchange ActiveSync 12.1 – Exchange Server 2007 SP1
Cancel remote wipe (server side) N/A N/A N/A
Remote wipe confirmation N/A N/A N/A
Default mobile policy (server side) N/A N/A N/A
Bandwidth reductions (compressed/removed headers) Yes Yes No
S/MIME13 No Yes No
Disable desktop ActiveSync Yes18 N/A N/A
Disable removable storage Yes18 N/A No
Disable camera No Yes Yes
Disable SMS text messaging No No No
Disable Wi-Fi No No No
Disable Bluetooth No No No
Disable IrDA Yes18 N/A No
Allow internet sharing from device Yes18 No No
Allow desktop sharing from device Yes18 No No
Disable POP3/IMAP4 email No No No
Allow consumer email No No No
Allow browser No Yes No
Allow unsigned applications No N/A N/A
Allow unsigned CABs No N/A N/A
Application allow list No N/A N/A
Application block list No N/A N/A
Require signed S/MIME messages No No No
Require encrypted S/MIME messages No No No
Require signed S/MIME algorithm No No No
Require encrypted S/MIME algorithm No No No
Allow S/MIME encrypted algorithm negotiation No No No
Allow S/MIME SoftCerts No No No
Allow device encryption No Yes16 Yes
Require device encryption No Yes16 Yes
Minimum number of complex characters Yes Yes Yes
Configure message formats (HTML or plain text) No No No
Include past email items (Days) Yes Yes No
Email body truncation size (KB) No No No
HTML email body truncation size (KB) No No No
Include past calendar items (Days) No No No
Require manual sync while roaming No Yes Yes

Service Pack 1 for Exchange 2007 brought us EAS 12.1. From a feature perspective not much was gained.  However, policy wise, many additions were made.  EAS 12.1 was designed with managing with quite some granularity, Windows Mobile 6.x devices.  As a result, many of the policies we see in this release are not supported by any modern OS.  Feature wise, Windows Phone supports Bandwidth Compression, as does iOS.  Windows Phone does not supprt S/MIME.  The reasons for this are many, but I invite you to look up the background on S/MIME and its difficulties of implementation

For the policies, Windows Phone will reply in the affirmative when queried by the server to disable certain features.  However, features such as IrDA, CAB files, etc are not even applicable to Windows Phone, so support for these deprecated features are to maintain backwards compatibility as much as anything.  Windows Phone does not support the disabling of the camera or browser.  Also at 7.5, Windows Phone does not support on device encryption.  This is an issue for many corporations who need to secure devices physically out of their control.  Microsoft has indicated at Windows Phone 8, Bit Locker encryption will be provided to encrypt the phone and presumably meet this criteria.

To summarize EAS 12.1 support, Windows Phone supports the features equally, but currently is deficient in policy support. We hope for this to improve in Windows Phone 8.

Exchange ActiveSync 14.0 – Exchange Server 2010
Conversation View Yes No12 No
Move always No No No
Reply state Yes No Yes
UM card (client side only) No No No
Free/Busy lookup No No No
Nickname cache Yes No No
SMS sync No No No
Downloadable client No No No
Notes sync No No No
Allow mobile OTA update N/A N/A N/A
Mobile OTA update mode N/A N/A N/A

EAS 14 ships with Exchange 2010.  Windows Phone supports the broadest set of the new features.  With Windows Phone we get the Conversation View, similar to GMail.  Windows Phone also supports Nickname Cache which is a sync of commonly used emails (So type Bob and it knows that as, and this is synced between all clients such as Outlook and Outlook web access.  Windows Phone and Android will also reflect the reply state of the message, so you are not left wondering if you have replied to the email.  The only new policies introduced are regarding over the air update functionalities for Windows Mobile devices.  Support for this is not applicable.

In short, the new features brought by Exchange 2010 are best supported on Windows Phone.

Exchange ActiveSync 14.1 – Exchange Server 2010 SP1
Conversation segments Yes No No
GAL Photos Yes No No
IRM support Yes No No
Block/Allow/Quarantine List (device info) Yes No10 Yes
Allow attachment download (server side) N/A N/A N/A
Allow IRM over EAS Yes No No

Most recently, Exchange Service Pack 1 introduced some new and useful features for EAS 14.1  ONLY Windows Phone supports these new and useful features.  With SP1 we get full support for Information Rights Management (IRM) which is a more straight forward and practical way of securing corporate information via email.  Windows Phone will also now pull contact photos from GAL if utilized in the enterprise.  It can now pull segments of email conversations as well.  Of the policies, only Windows Phone supports IRM over EAS.

There is no question, if you want to extend the latest features of Exchange SP1, Windows Phone is your only solution.

So, does Windows Phone offer the best Exchange experience these days?  Feature wise, without a doubt.  If you want to enable the most EAS features across platforms, Windows Phone is the way to go.  It is important to note that none of the modern mobile operating systems support EAS features like Windows Mobile, but then again, some of those features (like CAB black/white lists) are obsolete.

From a policy perspective, Windows Phone is still lacking in three areas, device encryption, camera disablement, and browser disablement.  If companies are not currently or planning to implement these policies then I can say Windows Phone still holds the advantage here.  Also, if you want to take advantage of new enterprise friendly technologies like IRM, Windows Phone is the only way to go.