Policies in Exchange are designed to enable flexible administration of large numbers of Exchange objects. A policy is a collection of configuration settings that can be applied to one or more Exchange objects of the same class. This blog post gives an overview of Exchange 2007 policies: E-mail Address Policy (EAP), Exchange ActiveSync mailbox policy, Unified Messaging (UM) mailbox policy, and managed folder mailbox policy. Policies available in Exchange 2003 that are removed or changed in Exchange 2007 are also covered.
E-mail Address Policy (EAP)
EAP defines the proxy addresses that are stamped onto recipient objects. In Exchange 2007, every EAP must link to an existing accepted domain object. This is required so that e-mails sent to e-mail addresses defined by the EAP can be routed by Exchange 2007 transport servers. The relationship between EAP and accepted domains in Exchange 2007 and is covered in my recent post Recipient Policies and Accepted Domains.
Manage E-mail Address Policies
In the Exchange Management Console, the E-mail Address Policies tab of the Hub Transport node under the Organization Configuration work center is the place to create and configure e-mail address policies. If multiple policies apply to the same recipients, the policy with the highest priority (the lower the priority number, the higher the priority) takes precedence over any matching policies with a lower priority.
The PowerShell tasks used to manage e-mail address policies are <verb>-EmailAddressPolicy.
How EAP Enforces E-mail Address for Associated Recipients
The E-Mail Addresses property page of a recipient in the console allows management of recipient e-mail addresses. You can select whether to automatically update the e-mail address for this recipient based on e-mail address policies by checking or/unchecking the "Automatically update ..." checkbox at the bottom of this property page.
If a recipient is configured to automatically update the e-mail addresses based on e-mail address policy, all primary e-mail addresses (default reply addresses) of e-mail address types will always be set from the e-mail address policy. If you try to edit the primary address to a different e-mail address, it will always revert to the one specified by the e-mail address policy. Which policies applying to a recipient are up to the filtering rules of the policies.
The PowerShell command line to configure a mailbox to automatically update the e-mail addresses based on EAP is:
Set-Mailbox <mailboxid> -EmailAddressPolicyEnabled:$True
The command line to configure automatic update of e-mail addresses based on EAP for another type of recipient is similar.
Removal of Recipient Update Services (RUS)
In Exchange 2003, RUS is used to update e-mail addresses for recipients. This service processes e-mail address policy in an asynchronous way, which can be unreliable and unpredictable. Exchange 2007 doesn't rely on RUS to update e-mail addresses any more, instead it uses a predictable, synchronous e-mail provisioning process. Once an e-mail address policy is changed, the e-mail addresses for all associated recipients are updated synchronously.
See Evan's Top Exchange 2003 Recipient Problems and how they're fixed in Exchange 2007 and Goodbye RUS posts for a more detailed cover of removal of RUS in Exchange 2007.
Exchange ActiveSync mailbox policy
With Exchange 2007, you'll be able to create multiple Exchange ActiveSync (EAS) mailbox policies to have more control for mobile deployments. Exchange 2003 SP2 first introduced EAS policies; however Exchange 2003 can only create only a single global policy which applies to all users not specifically excluded. Exchange 2007 EAS policies are per-user policies, so you can create as many policies as needed to meet your company's security requirements.
Manage EAS Policies
In the console, the Exchange ActiveSync Mailbox Policies tab of the Client Access node under the Organization Configuration work center is the place to create and configure EAS policies.
The PowerShell tasks for managing EAS policies are <verb>-ActiveSyncMailboxPolicy.
Apply an EAS policy to a Mailbox
Each mailbox can have zero or one ActiveSync mailbox policy applied. Below is the console GUI to associate an ActiveSync mailbox policy to a mailbox.
An example PowerShell command line to assign an EAS policy to a mailbox is:
Set-CASMailbox <mailboxid> -ActiveSyncMailboxPolicy (Get-ActiveSyncMailboxPolicy "Corporate Mobile Policy").Identity
Unified Messaging (UM) mailbox policy
UM is a brand new feature introduced in Exchange 2007. UM mailbox policies are required when you enable users for Unified Messaging, as these policies control the association between UM mailbox and UM dial plan. You can also use UM mailbox policy to apply a common set of policies or security settings (such as PIN policies, dialing restrictions, etc) to a collection of UM-enabled mailboxes.
Manage UM policies
In the console, the UM Mailbox Policies tab of the Unified Messaging node under the Organization Configuration work center is the place to create and configure UM mailbox policies.
The PowerShell tasks for managing UM policies are <verb>-UMMailboxPolicy.
Apply an UM policy To a Mailbox
When you enable a mailbox for UM through the Enable Unified Messaging wizard, a UM policy is required. Below is the console GUI to associate a UM mailbox policy to a mailbox.
The PowerShell command line to assign a UM mailbox to a mailbox is:
Enable-UMMailbox <mailboxid> -UMMailboxPolicy "dp1 Default Policy" -Extensions 12345
Or if the mailbox is already UM-enabled:
Set-UMMailbox <mailboxid> -UMMailboxPolicy "dp1 Default Policy"
Managed folder mailbox policy
Managed folder mailbox policies are used for messaging records management (MRM), a.k.a e-mail lifecycle (ELC), in Exchange 2007. Managed folder mailbox policies collect managed folders into logical groupings. When a managed folder mailbox policy is applied to a mailbox, the managed folders and their settings linked to the mailbox policy are applied to the mailbox in a single step.
A blog post Records Management in Exchange Server 2007 and Outlook 2007 in 5 Easy Steps covered specifically how Exchange 2007 can help with MRM.
Manage Managed Folder Mailbox Policies
In the console, the Managed Folder Mailbox Policies tab of the Mailbox node under the Organization Configuration work center is the place to create and configure managed folder mailbox policies.
The PowerShell tasks for managing managed folder mailbox policies are <verb>-ManagedFolderMailboxPolicy.
The PowerShell command line to assign a managed folder mailbox policy to a mailbox is:
Set-Mailbox <mailboxid> -ManagedFolderMailboxPolicy "Inbox folder policy"
Policies in Exchange 2003 That Are Removed or Changed
This has been removed. Refer to an earlier post Gone but not forgotten for a more detailed explanation.
Mailbox Manager Recipient Policy
This has been removed. The mailbox manager recipient policy is one kind of recipient policies in Exchange 2003, which is gone in Exchange 2007. This concept is replaced by managed default/custom folder, managed content settings and managed folder mailbox policy concepts in Exchange 2007, which is covered in the previous managed folder mailbox policy section of this post.
E-mail Address Recipient Policy
Changed. E-mail address recipient policy in Exchange 2003 has been separated into EAP and Accepted Domain concepts in Exchange 2007 which was covered in the E-mail Address Policy (EAP) section of this post.