Managing Windows Phones for Hosted Exchange

 

 

Connectivity and synchronization may require separately purchased equipment and/or wireless products (for example, Wi-Fi card, network software, server hardware, and/or redirector software). Service plans are required for Internet, Wi-Fi and phone access. Features and performance may vary by service provider and are subject to network limitations. See device manufacturer, service provider and/or corporate IT department for details.

Available programs, features and functionality vary by device and Windows Mobile operating system version. PowerPoint Mobile available with Windows Mobile 5.0.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2009 Microsoft Corporation. All rights reserved.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Microsoft, ActiveSync, Internet Explorer, Outlook, SharePoint, Visual Studio, Windows, Windows Mobile, Windows PowerShell, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Table of Contents

Introduction to Windows Mobile Policy Management in the Hosted Exchange Environment .. 1

Management Summary ………………………………………………………………………………………… 1

Overview ……………………………………………………………………………………………………………. 2

Objectives ………………………………………………………………………………………………………….. 2

Target Audience ………………………………………………………………………………………………….. 2

Using Exchange Server to Manage ActiveSync Policies ……………………………………………….. 3

Exchange Server 2007 ActiveSync Policies …………………………………………………………….. 3

Provisioning the Policies at Exchange Server 2007 ………………………………………………….. 5

Windows Phone Provisioning …………………………………………………………………………………… 14

Phone Provisioning Options ………………………………………………………………………………… 14

CAB/CPF File ……………………………………………………………………………………………….. 14

Exchange ActiveSync …………………………………………………………………………………….. 15

Cold Boot Initialization ……………………………………………………………………………………. 15

Web-based Using HTTP over IP ……………………………………………………………………… 15

SMS Initiated ………………………………………………………………………………………………… 15

USB/Bluetooth ………………………………………………………………………………………………. 15

OMA/DM ………………………………………………………………………………………………………. 15

Configuration Service Providers …………………………………………………………………………… 15

Provisioning Exchange ActiveSync Settings ………………………………………………………….. 17

Auto Discover Feature ……………………………………………………………………………………. 17

XML Provisioning File …………………………………………………………………………………….. 23

Windows Phone Provisioning Web Site …………………………………………………………………….. 24

Overview ………………………………………………………………………………………………………….. 24

Setting Up the Provisioning Web Site …………………………………………………………………… 24

Using the Provisioning Web Site ………………………………………………………………………….. 25

Scenarios ……………………………………………………………………………………………………………… 27

Provisioning a Single User ………………………………………………………………………………….. 27

Provisioning Multiple Users in Bulk ………………………………………………………………………. 27

Appendices …………………………………………………………………………………………………………… 28

Appendix A: How to Create CAB Files for Configuration Settings………………………………….. 29

Appendix B: How to Create Signing Certificates …………………………………………………………. 30

Appendix C: How to Distribute Signing Certificates …………………………………………………….. 32

Appendix D: How to Digitally Sign CAB Files and Contents………………………………………….. 33

Appendix E: Sync CSP for Provisioning EAS……………………………………………………………… 34

Appendix F: How to Enroll for Sending Out Text SMS Messages ………………………………….. 35

Appendix G: Windows Mobile Security Model…………………………………………………………….. 36

Appendix H: Frequently Asked Questions …………………………………………………………………. 39 1

Introduction to Windows Mobile Policy Management in the Hosted Exchange Environment

Management Summary

The current version of the Microsoft® Windows® phone has numerous IT security policies that may be applied and enforced. The policies can be easily managed in the hosted Microsoft Exchange environment.

An additional security requirement is that the initial provisioning of Windows phones in the field must allow the phone to connect seamlessly to the hosted Exchange server. Windows phones have several options for customization of various settings. For example, settings are required for connection to an Exchange server in order to synchronize e-mail messages to the device. The settings may be set locally at the device or remotely Over the Air (OTA).

There is a business need for providing information and tools to facilitate the following objectives:

 Enabling the Hosted Messaging and Collaboration (HMC) or the hosted Exchange environment to manage IT security policies.

 Enabling users to provision Windows phones to connect to Exchange.

 

This white paper provides the information on the process and tools to meet the preceding objectives.

A sample Web site is created as a tool to provision the device for Microsoft Exchange ActiveSync® settings Over the Air (OTA). Sample code is provided for a fully functional Web site. Instructions are provided for installing and operating the Web site. 2

Overview

This document is divided into the following sections:

 Introduction—General overview of Managing Windows Phones for Hosted Exchange.

 Using Exchange server to manage ActiveSync policies—Understanding options for managing IT security policies on Windows phones.

 Windows phones provisioning—Options for phone provisioning.

 Windows phone provisioning Web site—Fully functional examples.

 Scenarios—Explanation of multiple scenarios.

 Appendices—Details for completing tasks, and some additional information.

 

Objectives

 To understand how Windows phone IT policy is managed with Exchange Server.

 To understand available device provisioning options with an emphasis on Exchange Active Sync (EAS) provisioning Over the Air (OTA).

 To learn how to install and use the sample Web site for provisioning EAS settings.

 To obtain the knowledge necessary for basic Windows phone management tasks.

 

Target Audience

This document is designed primarily for Information Technology (IT) professionals who are responsible for planning, deploying, and implementing Hosted Messaging and Collaboration solutions. This white paper may also be useful to Planners, Architects, and independent software vendors. 3

Using Exchange Server to Manage ActiveSync Policies

This section provides an overview of ActiveSync-based policies that can be configured from the hosted Exchange server.

Exchange Server 2007 ActiveSync Policies

Exchange Server 2007 SP1 ActiveSync Policies are divided according to the Client Access Licenses (CAL).

The two CALs are:

 Standard CAL

 Enterprise CAL