Change an ActiveSync Device Policy


Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2011-11-23

Exchange ActiveSync mailbox policies control how users use and synchronize their mobile devices in your organization. When you change an Exchange ActiveSync device policy, it affects all users whose mailbox is associated with that policy. The policy you set as the default automatically affects all users in the organization except those you have explicitly assigned different device policies to.

Note   Not all mobile devices support all the Exchange ActiveSync policy settings. If a policy setting isn't supported on a particular device, the device may not apply the setting. You can control whether devices that don't support specific policies are allowed to connect in the General settings for the policy. For more information, see Exchange ActiveSync Mobile Phones and Compatible Features.

How do I edit an ActiveSync device policy?

  1. Select Manage My Organization > Phone & Voice > ActiveSync Device Policy.

  2. Under Exchange ActiveSync Device Policy, select a policy, and then click Details.

  3. Edit the settings that you want to apply to users of this policy.

    • General   These settings control which devices you want to grant permissions to synchronize, and how often the policy is refreshed on devices that support policies.

      Name   Enter a name that uniquely identifies this policy.

      This is my default policy   Select this check box if you want to make this the default policy for your organization. The default policy affects all users who aren't explicitly assigned another policy.

      Allow devices that don't fully support these policies to synchronize   Select this check box to allow users to synchronize devices that don't support policy enforcement or don't support some of the settings you've specified in this policy. If you don't select this check box, these devices will receive a 403 Access Denied error message when they try to synchronize with Microsoft Exchange.

      Refresh this policy on mobile devices   If you want policies to be refreshed on devices regularly, select this check box and enter how often you want ActiveSync to refresh policies on devices. Policies aren't refreshed unless this box is checked, and if you don't specify a time interval, policies are refreshed every 24 hours.

    • Device Security   These settings control security features for the mobile devices synchronizing with user mailboxes on this policy.

      Require encryption on device   Select this check box to require devices to use encryption.

      Require encryption on storage cards   Select this check box to require devices to encrypt removable storage cards to protect the data on the cards.

      Require a password when mobile devices are not in use   Select this check box to require devices to be locked with a password. The other password options aren't available unless you select this check box.

      Allow simple passwords   Select this check box to allow devices to use simple password sequences, such as 1234 or 1111. Enabling this option makes it easier for users to remember their passwords but decreases device security by allowing passwords that are easy to guess.

      Require an alphanumeric password   Select this check box to require device passwords to contain both numbers and letters. The default is numbers only.

      Passwords must include this many character sets   To enhance the security of device passwords, you can require passwords to contain characters from multiple character sets. Select a number from 1 to 4. The sets are letters, uppercase letters, numbers, and symbols. For example, if you select 3, passwords must contain characters from three of these sets.

      Minimum password length   Select this check box and enter the minimum number of characters that mobile device passwords must use.

      Number of sign-in failures before device is wiped   Select this check box to wipe the memory of a mobile device if a user tries to sign in and fails the specified number of times. This option isn't enforced unless this box is checked and you have entered a number from 4 to 16.

      Require sign-in after the device has been inactive   Select this check box to lock devices after they are idle for the number of minutes you specify, requiring users to sign in again. This option isn't enforced unless this box is checked. You can specify the number of minutes from 1 to 60.

      Enable password recovery   Select this check box to specify whether users can recover their device password from the server. If you select this check box, the user can go to Manage Myself > Phones > Mobile Phones and then select Show Recovery Password. If you clear this check box, the Show Recovery Password option isn't available.

      Enforce password lifetime   Select this check box and enter the number of days a password is valid before users are required to change their device passwords.

      Password recycle count   Enter how many different passwords users must use on their device before repeating a password. You can enter a number from 0 to 50. Enter 0 to allow users to repeat passwords immediately.

    • Sync Settings   These settings control what users can synchronize to their devices and if they can synchronize when roaming.

      Include past calendar items   Select how far back in time past calendar items are synchronized. To help to control data costs, specify a shorter interval.

      Include past e-mail items   Select how far back in time past e-mail messages are synchronized. To help to control data costs, specify a shorter interval.

      Limit e-mail size   Enter a limit for the size of e-mail messages, in kilobytes (KB). E-mails that are larger than the size you specify will be delivered, but they're truncated to the maximum size.

      Require manual synchronization when roaming   Select this check box to require users to manually start synchronization from their mobile devices while they are roaming. Clear this check box to allow mobile devices to synchronize on a schedule or using Direct Push when they are roaming and data rates are traditionally higher.

      Allow HTML-formatted e-mail   Select this check box to allow HTML-formatted e-mail messages to be downloaded to devices. If you clear this box, messages are converted to plain text before synchronizing to the device.

      Allow attachments to be downloaded to device   Select this check box to allow attachments to be downloaded to devices. If you clear this box, messages show the attachment name, but users can't download the attachment to their device.

      Maximum attachment size   If you want to allow attachments but limit the size that can be downloaded, select this check box and enter the maximum attachment size, in kilobytes (KB).

    • Device   These settings control what features users are allowed to use on their mobile devices.

      Note   You must have a Microsoft Exchange Enterprise Client Access License for each mailbox covered by this policy to change Device settings.

      Allow text messaging   Select this check box to allow users to use text messaging on their devices.

      Allow removable storage   Select this check box to allow users to use the storage cards on their devices.

      Allow camera   Select this check box to allow users to use the cameras on their devices.

      Allow Wi-Fi   Select this check box to allow users to use Wi-Fi connections on their devices.

      Allow infrared   Select this check box to allow users to establish an infrared connection with other devices or computers.

      Allow Internet sharing from device   Select this check box to allow users to let another device share the Internet connection of their mobile devices. Internet sharing is frequently used when the device functions as a modem for a laptop or desktop computer.

      Bluetooth   Select whether users can use Bluetooth on their devices. You can choose to allow, disable, or enable Bluetooth for hands-free operation only.

  4. Click Save to save your changes.

  5. If this isn't your default policy, assign it to users by editing the ActiveSync settings on their mailboxes. Here's how: Change the ActiveSync Settings on a User Mailbox.

Related help topics
No resources were found.