Announcing the Exchange ActiveSync Logo Program


You’ve told us that one of your top concerns is the increasing diversity of mobile devices that employees use to access your company resources. While many of these devices use Exchange ActiveSync (EAS) for mobile email, we all know that not all EAS clients are created equal. Exchange ActiveSync policies and features aren’t consistently implemented by licensees, so it can be challenging to find out what’s supported on each device.

Today, we launched the Exchange ActiveSync Logo Program to establish baseline for EAS functionality in mobile email devices . The program is designed for device manufacturers that license the EAS protocol from Microsoft for use in mobile email clients that connect to Exchange. Wireless carriers may also join the program to include the Exchange brand to identify compliant devices for end-users. See Exchange ActiveSync Protocol for a list of current EAS licensees.

This qualification program includes a test plan defined by Microsoft and a third-party lab to qualify implementations by handset makers. Qualifying clients must use EAS v14 or later, and implement the following features and management policies. Information on these and other EAS features can be found in Exchange documentation on TechNet:

  • Direct Push email, contacts & calendar
  • Accept, Decline & Tentatively Accept meetings
  • Rich formatted email (HTML)
  • Reply/Forward state on email
  • GAL Lookup
  • Autodiscover
  • ABQ strings (device type and device model) provided
  • Remote Wipe
  • Password Required
  • Minimum Password Length
  • Timeout without User Input
  • Number of Failed Attempts

All Windows Phone 7 and Windows Phone 6.5 devices are compliant, as are Nokia devices running Mail for Exchange 3.0.50, including the Nokia E7, and Apple devices running iOS 4, including the iPhone 4, iPhone 3GS, iPad and iPad 2. We have a healthy pipeline of mobile device manufacturers ready to join the program and plan to announce additional participants in the coming months.

Over time, the program will evolve to require additional features and management policies. We hope this program is a first step in helping you manage mobile email devices in your enterprise.

For more info on managing your organization’s EAS devices, check out the previous post: Controlling Exchange ActiveSync device access using the Allow/Block/Quarantine list.

Greg Smiley
Senior Product Manager
Exchange Product Management

Comments (26)
  1. Mike Crowley says:

    This is great!  Let's hope Windows Phone 7 can get certified!  ;)

    (Seriously though – This is a welcome program)

  2. Mike Crowley says:

    err – I misread; it *is* certified.  Let’s see then if we can implement a higher tier indicating *all* features have been implemented.

  3. Josh Wortz says:

    Thank you for this! I can't tell you how many users of Android phones have "Exchange Support" but never really worked with Exchange 2010!

  4. I definitely welcome this program! I can't stand how many phone makers claim ActiveSync support and yet they can't seem to follow any consistency.

  5. A Bitter Man says:

    How can iOS devices be compliant with the EAS specification when they have a bug that allows them to hijack meeting originators?

  6. Robert B says:

    So a vendor must choose to submit their device for qualification?  There's nothing to prevent them from saying they do Activesync and choose not to implement the logo is there?.  Is the reverse then true as well… might a vendor be fully logo compliant but not join (or be slow about it) the program?

  7. HotFix says:

    Like Mike said, some of us would like to see a second tier of certification that implements most if not all of the ActiveSync security policy capabilities. So maybe a Exchange ActiveSync+ Logo as well?

    The reason we would like to see this is there are short comings to the Windows Phone 7 and even the iPhone 4 implementations of the ActiveSync policy settings. It's tough to push back against iPhone users now with this logo is out there, but for example our security folks believe we need full device encryption (including storage card) which Windows Phone 7 and iPhone 4 do not support.

  8. Sysadminlab says:

    At last!! But as another comment said – how will this be verified?

  9. Aaron Ellis says:

    I would really like to see encryption at rest and syncing replie and forward status as requirements.  We should be striving for better security and a more rich end user expirance.  these two features were available in windows mobile 6.5.x, everything since then has been lacking in EAS support really.

  10. JRVA says:

    What I'd like to see is what phone OS support CAS redirection in a coexistence scenario.  This is a serious pain point when doing an exchange migration to 2010.  As it stands now, I believe only MS mobile phones can connect to a 2007/2003 mailbox via a 2010 CAS server.    

  11. Colin says:

    And that list must be met for a companies BASE level of functionality to be certified correct?

    Cause…

    Q – Does RIM get this?

    My A – Never

    Cause until BIS = the list above RIM = no cert.

    Otherwise I see this program getting abused and the meaning lost quickly of the certification

  12. Bharat Suneja [MSFT] says:

    @Colin: Research In Motion, the company that provides BlackBerry Internet Service (BIS), is not an Exchange ActiveSync licensee and doesn't use EAS for BIS.

  13. Bharat Suneja [MSFT] says:

    @Hotfix and Mike Crowley: As the post states, the program establish a "baseline for EAS functionality in mobile email devices".  Over time, additional features and management policies will be added as minimum requirements.

  14. Dean says:

    I think the logo should only be given to manufacturers who can implement ALL policy options available via an ActiveSync policy.

    Corporates want an easy way to identify devices that are suitable for a corporate environment; for example, Apple devices and iOS 4+ are not really suitable for secure corporate environments. They only support a sub-set of policy options and can be Jailbroken too easily which then allows the by-passing of said policies.

    It is difficult for IT departments to prove certain devices are not corporate-ready when the Managers and higher-ups want the latest "gadget", if Microsoft do not attach the ActiveSync logo to these devices, it becomes easier for the IT teams to refuse their use.

  15. The Orange Trees says:

    Interesting writing! Are there any predictions that you maybe willing to divulge in order to illustrate your second section a bit more? cheers

  16. Tomislav says:

    Is it possible to make phone search on GAL using Active Sync? If not do you have any plan to implement this functionality?

  17. Andreas Helland says:

    HotFix: iPhone 3GS and iPhone 4 supports full device encryption (obviously not storage card). See:

    developer.apple.com/…/ios

    JRVA: iPhone implements CAS redirection I believe. I have not tested a scenario like yours, but I tested going from 2007 to 2010 where I had different CAS servers. The iPhone connected to the 2007 CAS, received a status 451 (in the FolderSync response) with
    the new fqdn. Switched over without a problem. Android however – no go…

    That being said I think this is a good idea. The problem as it is now regarding security policies is that Exchange Server only does a polite request for devices to implement the policies. When the device reports back that policies are implemented that’s
    not a guarantee that it will have actually implemented this. I have created a test utility for use on the desktop that will happily bypass all policies and report itself as fully compliant.

  18. Yps says:

    Good knows, it´s a mess know with all different clients on Androids like Moxier/SonyEricsson X10 that doesn´t support Exchange 2010.

  19. Håkan Åknert says:

    This is great news

  20. ME says:

    Although Windows Phones are "certified", encryption is lacking for these devices. It has to be embarrasing for MS to say that while Exchange can do encryption policies, their devices cannot support this. Many companies have opted to exclude Windows phones and Droids simply for this reason, opening the market for BES and iPhones.

    Let's get this fixed guys…

  21. HotFix says:

    @Andreas –  I said "we need full device encryption (including storage card) which Windows Phone 7 and iPhone 4 do not support." so I am aware iPhone for supports device encryption, but it's not >full< device encryption if it doesn't include the storage card.

  22. Tom P says:

    Until the certification includes on device encryption I really don't see the point. It seems convenient that Windows Phone 7 devices support all of the policies above but not the on device encrpytion one. We're in a bizarre world where the only current device with native support for encryption is an Apple product,

  23. Andreas Helland says:

    Hotfix: I am not aware of any iPhone models that support storage cards in general. So I don't see what good a policy for storage card encryption would do.

    If Windows Phone 7 supported device encryption I'm sure it would have been on the requirements list :)

    So, as it stands the iPhone is a really nice device when it comes to Exchange compliancy. (On a side note Samsung's Gingerbread ROM for the Galaxy S/SII also supports device encryption and pretty much all policies from Exchange 2010.)

  24. Jaans says:

    Does Windows Phone 7 support Text Messaging from Outlook 2010 / OWA when sync'ing with ActiveSync like Windows Phone 6.5 does?

    Refer: social.technet.microsoft.com/…/d5dc826f-0216-4efa-a82d-44338ef095b9

  25. HotFix says:

    @Andreas – you are missing the point. Security folks want to see a device supports ALL of the flags in a security policy, not just some. The storage card encryption is just an example of one setting in this list of deficiencies for various devices:

    en.wikipedia.org/…/Comparison_of_Exchange_ActiveSync_Clients

    It really doesn't matter if you or I think the iPhone (or any phone) "is a really nice device when it comes to Exchange compliancy", there are the security people some of us have to answer to that wouldn't agree with you. Right or wrong, it's a reality some of us have to deal with.

    Also it's irrelevant to me if the device today has an additional storage card or not, as there is always the next generation that could. Building support for the policy now, especially if it won't hurt anything, should be the direction everyone is heading in so that future models are already in line.

    And I don't know if this would be considered a "storage card", but there is at least one unique external extension to the iPhone's storage capacity:

    http://www.airstash.com/

    In an effort to not bicker with you over details of a single specific detail like which model has an internal storage card, my intent has been focused on the original point that Mike Crowley raised which is that some of us are going to have to deal with security folks who want to know that they can flip every bit and not have devices ignore them. Also those same security folks really like the "block non-provisional devices" setting which has caused issues for some us trying to support devices with partial implementations of ActiveSync. A second tier logo that ensured those settings are accounted for would give all us a serious piece of mind and a bar for everyone to raise to.

  26. Nick Blank says:

    This is an encouraging step forward.  More standards will help to ensure a consistent experience for EAS users while enabling administrators to better control what devices are allowed into the enterprise.

    @HotFix It's ok to be wrong… everyone makes mistakes.

Comments are closed.