Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu
Topic Last Modified: 2011-11-23
Exchange ActiveSync mailbox policies control how users use and synchronize their mobile devices in your organization. When you change an Exchange ActiveSync device policy, it affects all users whose mailbox is associated with that policy. The policy you set as the default automatically affects all users in the organization except those you have explicitly assigned different device policies to.
Note Not all mobile devices support all the Exchange ActiveSync policy settings. If a policy setting isn't supported on a particular device, the device may not apply the setting. You can control whether devices that don't support specific policies are allowed to connect in the General settings for the policy. For more information, see Exchange ActiveSync Mobile Phones and Compatible Features.
Select Manage My Organization > Phone & Voice > ActiveSync Device Policy.
Under Exchange ActiveSync Device Policy, select a policy, and then click Details.
Edit the settings that you want to apply to users of this policy.
General These settings control which devices you want to grant permissions to synchronize, and how often the policy is refreshed on devices that support policies.
• Name Enter a name that uniquely identifies this policy.
• This is my default policy Select this check box if you want to make this the default policy for your organization. The default policy affects all users who aren't explicitly assigned another policy.
• Allow devices that don't fully support these policies to synchronize Select this check box to allow users to synchronize devices that don't support policy enforcement or don't support some of the settings you've specified in this policy. If you don't select this check box, these devices will receive a 403 Access Denied error message when they try to synchronize with Microsoft Exchange.
• Refresh this policy on mobile devices If you want policies to be refreshed on devices regularly, select this check box and enter how often you want ActiveSync to refresh policies on devices. Policies aren't refreshed unless this box is checked, and if you don't specify a time interval, policies are refreshed every 24 hours.
Device Security These settings control security features for the mobile devices synchronizing with user mailboxes on this policy.
• Require encryption on device Select this check box to require devices to use encryption.
• Require encryption on storage cards Select this check box to require devices to encrypt removable storage cards to protect the data on the cards.
• Require a password when mobile devices are not in use Select this check box to require devices to be locked with a password. The other password options aren't available unless you select this check box.
• Allow simple passwords Select this check box to allow devices to use simple password sequences, such as 1234 or 1111. Enabling this option makes it easier for users to remember their passwords but decreases device security by allowing passwords that are easy to guess.
• Require an alphanumeric password Select this check box to require device passwords to contain both numbers and letters. The default is numbers only.
• Passwords must include this many character sets To enhance the security of device passwords, you can require passwords to contain characters from multiple character sets. Select a number from 1 to 4. The sets are letters, uppercase letters, numbers, and symbols. For example, if you select 3, passwords must contain characters from three of these sets.
• Minimum password length Select this check box and enter the minimum number of characters that mobile device passwords must use.
• Number of sign-in failures before device is wiped Select this check box to wipe the memory of a mobile device if a user tries to sign in and fails the specified number of times. This option isn't enforced unless this box is checked and you have entered a number from 4 to 16.
• Require sign-in after the device has been inactive Select this check box to lock devices after they are idle for the number of minutes you specify, requiring users to sign in again. This option isn't enforced unless this box is checked. You can specify the number of minutes from 1 to 60.
• Enable password recovery Select this check box to specify whether users can recover their device password from the server. If you select this check box, the user can go to Manage Myself > Phones > Mobile Phones and then select Show Recovery Password. If you clear this check box, the Show Recovery Password option isn't available.
• Enforce password lifetime Select this check box and enter the number of days a password is valid before users are required to change their device passwords.
• Password recycle count Enter how many different passwords users must use on their device before repeating a password. You can enter a number from 0 to 50. Enter 0 to allow users to repeat passwords immediately.
Sync Settings These settings control what users can synchronize to their devices and if they can synchronize when roaming.
• Include past calendar items Select how far back in time past calendar items are synchronized. To help to control data costs, specify a shorter interval.
• Include past e-mail items Select how far back in time past e-mail messages are synchronized. To help to control data costs, specify a shorter interval.
• Limit e-mail size Enter a limit for the size of e-mail messages, in kilobytes (KB). E-mails that are larger than the size you specify will be delivered, but they're truncated to the maximum size.
• Require manual synchronization when roaming Select this check box to require users to manually start synchronization from their mobile devices while they are roaming. Clear this check box to allow mobile devices to synchronize on a schedule or using Direct Push when they are roaming and data rates are traditionally higher.
• Allow HTML-formatted e-mail Select this check box to allow HTML-formatted e-mail messages to be downloaded to devices. If you clear this box, messages are converted to plain text before synchronizing to the device.
• Allow attachments to be downloaded to device Select this check box to allow attachments to be downloaded to devices. If you clear this box, messages show the attachment name, but users can't download the attachment to their device.
• Maximum attachment size If you want to allow attachments but limit the size that can be downloaded, select this check box and enter the maximum attachment size, in kilobytes (KB).
Device These settings control what features users are allowed to use on their mobile devices.
Note You must have a Microsoft Exchange Enterprise Client Access License for each mailbox covered by this policy to change Device settings.
• Allow text messaging Select this check box to allow users to use text messaging on their devices.
• Allow removable storage Select this check box to allow users to use the storage cards on their devices.
• Allow camera Select this check box to allow users to use the cameras on their devices.
• Allow Wi-Fi Select this check box to allow users to use Wi-Fi connections on their devices.
• Allow infrared Select this check box to allow users to establish an infrared connection with other devices or computers.
• Allow Internet sharing from device Select this check box to allow users to let another device share the Internet connection of their mobile devices. Internet sharing is frequently used when the device functions as a modem for a laptop or desktop computer.
• Bluetooth Select whether users can use Bluetooth on their devices. You can choose to allow, disable, or enable Bluetooth for hands-free operation only.
Click Save to save your changes.
If this isn't your default policy, assign it to users by editing the ActiveSync settings on their mailboxes. Here's how: Change the ActiveSync Settings on a User Mailbox.