Manage iPhones with Exchange
When iPhones first started trickling into my office, I was a little apprehensive. At the time they only supported IMAP and POP3 for e-mail, which can be tricky to support in an Exchange environment. Two generations later, the iPhone has become a robust enterprise-grade mobile device.
Slowly but surely, my users have been migrating from their BlackBerrys to iPhones. I’m happy to help them make the transition. iPhones are simply easier to integrate with Microsoft Exchange.
Supporting BlackBerrys in an Exchange environment involves one of two scenarios. The simple-but-kludgey method involves configuring them to pull e-mail from the Outlook Web Access (OWA) server. This requires no admin assistance, but e-mail delivery is delayed and the connection can break in a server outage.
The alternative is to use a Blackberry Enterprise Server (BES). This requires an enterprise data plan for each device which can cost an additional $10-$15 dollars per month. It also involves additional fees for both server and client licenses. The advantage of using a BES is that it provides a huge amount of granularity in controlling the policies of RIM mobile devices.
This is great for large organizations with strict policies and large budgets, but frustrating for smaller businesses that just want to enable their employees’ connectivity.
For businesses running Exchange, integrating the iPhone is much simpler. ActiveSync on the iPhone is natively supported on both Exchange Server 2003 and 2007. If you are already running an OWA server configured to use SSL with port 443 open on your firewall, you have already done the hard part.
On the iPhone side, you simply go into the mail account settings and create a new Exchange mail account. You then specify the user’s e-mail address and password. The iPhone will then use AutoDiscover to try to guess the correct e-mail server settings. If it fails, you can specify the server and domain manually.
Once it’s set up, e-mail delivery is nearly instantaneous, and you can enjoy e-mail, contact, and calendar synchronization between the iPhone and the Exchange server. You can also originate and accept meeting requests.
An alternative way to configure the iPhone is to take advantage of the Apple iPhone Configuration Utility, downloadable for Windows or OS X.
This utility enables people to create custom configuration files for the iPhone. You can configure settings for Exchange, POP3/IMAP e-mail, VPN, and Wi-Fi. It also facilitates the configuration of password requirements and restrictions on applications and camera use.
When the configuration file is ready, it can either be e-mailed to your users (assuming they already have their iPhones configured with an e-mail account) or it can published it to a Web-server where it can be downloaded using Safari.
When combining the iPhone with Microsoft Exchange, you can control password policies using the Exchange System Manager. With Exchange 2007, there are additional policy settings including camera disablement.
A major concern with mobile devices is how the information on them could be misused if they are lost or stolen. A feature called Remote Wipe addresses this by restoring the iPhone to its factory default state. A remote wipe can be initiated with the Exchange Server Active Sync Web Administration tool, or if used with an Exchange 2007 server, remote wipe can also be initiated by the user using Outlook Web Access or by the administrator using the Exchange System Manager.
While Apple’s deployment and management tools might not be as mature as the competition’s, it’s clear that it takes the role of the iPhone in the enterprise seriously, and has taken pains to make sure that they integrate seamlessly and easily.
[Michael Scalisi is an IT manager based in Alameda, Calif.]