Welcome to Devicewire Community Sign in | Join | Help
in Search
Devicewire Home Forum Home Blog Home Photos Contact Us

Devicewire Weblog

Using the Apple iPhone with Microsoft Exchange



Version 2.0 of the iPhone software (available for download for owners of the original iPhone, but effectively the software developed for the release of the 3G iPhone), includes a licensed version of Server ActiveSync: the Microsoft protocol that allows both Windows Mobile-based and non Windows Mobile-based devices to synchronise email, contacts, calendar and tasks folders with a Microsoft Exchange mailbox, via any Internet connection, via “direct push”.
 
Also included in this release of the software is the ability to enforce the use of a password on the iPhone from the Exchange Server via a Mailbox Policy rule (Exchange 2007 only), as well as the ability to remotely ‘wipe’ the contents of an iPhone and restore it to a factory default state. A remote wipe operation can be triggered either via Outlook Web Access, via the Mobile Web Administration Tool (Exchange 2003) or via the Exchange Management Console (Exchange 2007).

 

 

 

NOTE – it can take up to 1 hour for each 8GB of memory to be erased, it is recommended that the device be connected to a power supply during this process. If the device turns itself off due to low power, the process will continue when the device is powered back on again.

 

Users can also access the Exchange Global Address List from the iPhone and have email addresses completed automatically as they are entered when composing a new email message.

 

There are some features that are not supported, however, such as it is not possible to turn on an Out Of Office message from the iPhone, nor is it possible to move items between mail folders.

Task synchronization is also not supported.

 

 

Activating the iPhone

 

Provided that you have an activated SIM correctly inserted in the iPhone, you cannot use the device until you have first connected it to a PC that has iTunes installed. At the time of writing version 7.7 is the current version of iTunes available.

iTunes will then run the user through a wizard which will activate the device for service (the same also applies to the iPod Touch).

 

If the iPhone is being rolled out across a business, this means that the administrator must decide whether to install iTunes on each iPhone user’s PC, or activate all devices themselves on their own PC with iTunes installed.

 

NOTE – iTunes is only required for the activation process. Once activated, iTunes is not required to enable the device to access corporate systems, only to synchronise music, photos and videos.

iTunes is required, however, to install applications and software updates onto the device.

 

The direct push capability of Microsoft Exchange Server is only available via a cellular data connection. Although the iPod Touch can access Exchange via a WiFi connection to the Internet, this is a ‘pull’ connection rather than ‘push’.

 

NOTE – if your organization does not use Mircosoft Exchange, it is still possible to use the iPhone and iPod Touch with POP and IMAP-based email servers. Calendar and Contact entries can also be synchronized with the Address Book and iCal applications on MacOS and with Microsoft Outlook on a Windows PC via iTunes.

 

 

Configuring Devices

 

If you are only deploying a small number of devices, it may be preferable to allow users to configure their own devices. However, should a large number of devices be deployed, there are tools available to help.

The use of configuration profiles allows for a number of settings to be quickly and easily deployed to a large number of devices.

A configuration profile is an XML document that contains settings on Email, WiFi connections, VPN settings, certificates and security policy settings.

Profiles are distributed to devices either via email, as an attachment, or via a web link.

Configuration Profiles are created using the iPhone Configuration Utility, available for free download from the Apple web site:

 

http://www.apple.com/support/downloads/iphoneconfigurationutility10formacosx.html

 

(MacOS only)

 

Or alternatively, a web-based version can be downloaded which can run on either MacOS or Wndows:

 

http://www.apple.com/support/iphone/enterprise/

 

Once installed, the web site is accessed by browsing to http://localhost:3000, log in with ‘admin’ for both username and password.

 

The interface for the utility looks like this:

 

 

 

A full explanation of the Configuration Utility can be downloaded from the Apple web site:

 

http://support.apple.com/manuals/en_US/Enterprise_Deployment_Guide.pdf

 

The General tab allows you enter a name and identifying information for the Profile.

 

The Passcode Settings tab allows the administrator to define an on-device password usage policy:

 

 

The maximum number of failed attempts field allows the administrator to define how many times the device password can be entered incorrectly before the device becomes unusable. By default, after six unsuccessful attempts the device imposes a time delay before a passcode can be entered again. The time delay increases with each failed attempt. After the eleventh failed attempt, the device is locked and must be reauthorised via iTunes.

 

The WiFi tab allows the administrator to define WiFi access points to be used by the device:

 

 

The VPN tab contains information on Virtual Private Network connection settings:

 

 

The Email Settings tab contains information on POP and IMAP-based email account settings:

 

 

The Exchange tab is where the settings relating to Server ActiveSync are entered:

 

 

You will notice the lack of a field to enter Domain information. This should be included in the Username field in the from "domain\username". 

 

The Credentials tab is used to publish certificates to the device. CER, DER, CRT, P12 and PFX certificates types are supported.

 

The Advanced tab allows the administrator to define cellular access point settings:

 

 

Once the profile has been configured within the Utility, it can be Exported, which will create a ".mobileconfig" file (which can then be uploaded to a web site), or emailed as an attachment.

 

 

Configuring the device manually

 

Alternatively, the Exchange Server settings can be entered into the device manually. To add an Exchange account, go to Settings > Mail, Contacts, Calendars and then tap Add Account. On the Add Account screen, select Microsoft Exchange:

 

 

 

Enter the relevant details. Again, there is no field to enter domain information as on other ActiveSync devices, so this information should be entered in the username field in the from "domain\username":

 

 

When all of the fields have been completed, during the first synchronisation with the server, the password policy on the server will be checked, and if the device does not conform to it, the user will be prompted to enter a password.

By default all mail, contact and calendar information will then be synced with the device.

You can select which information you wish to synchronise under Settings > Mail, Contacts and Calendars.

 

NOTE - setting up a Server ActiveSync account on the device will cause all existing information on the device to be overwritten and it will no longer be possible to synchronise mail, contact and calendar information with a desktop PC via iTunes (music, video and photo transfer will not be affected).

 

It IS possible to add additional POP and IMAP email accounts to the device, but only one Exchange mail account.

Published 14 July 2008 11:16 by jamesl

Comments

No Comments
Anonymous comments are disabled

About jamesl

James Liddiard is the Network Manager for Brightpoint GB Ltd. His responsibilities include overseeing the IT and telecoms infrastructure of the company, as well as product testing and reviewing and providing second and third-line technical support for customers. His interests include cycling, cinema and his many Apple computers.

This Blog

Syndication