iPhone 3.1 enforces Encryption Policy for Microsoft Exchange

by Volker Weber

If you upgrade your iPhone or iPod touch to 3.1 you may be cutting yourself off from Exchange. If your admin has set the Exchange ActiveSync Mailbox Policy "Device encryption enabled", only an iPhone 3GS will meet this policy.

From 2.0 to 3.0, iPhone and iPod touch have ignored this policy. Microsoft warns: "Not all devices can enforce encryption. For more information, see the device and mobile operating system documentation." Apple recommends that you either use iPhone 3GS or disable encryption. Consequences: newer Apple hardware is more useful than older ones. ;-)

Since I don't have access to Domino 8.5.1: does Traveler in 8.5.1 support this policy?


Does this effect Traveler? - no. But it is because the Traveler server does not yet enforce the security policies. You can have user's install configuration profiles (xxx.mobileconfig) and this is the way some customers are putting password and other security policies on the device. In fact this is what Traveler is doing for you when you use the iPhone to browse to the Traveler home page on your Traveler server with the device and select the "generate" button to create account settings.

Apparently, Traveler has not implemented these Exchange security policies in their version of Exchance ActiveSync. Configuration profiles are an Apple mechanism which are iPhone-specific.


i tried to ask 1&1 about their support for this issue and i had to explain word for word what the problem is/may be. they promised to get back to me as soon as they know.

Samuel Orsenne, 2009-09-16

Samuel, there is no issue. :-) 3.1 now works as it should have all the time.

Volker Weber, 2009-09-16

I just clicked on the "Vorlesen"-link in the article at

to test the text-to-speech output function (haven't seen this feature there before).
The output is really great for the German text - and very funny for the English at the end :-)

Karsten Lehmann, 2009-09-16

Traveler 8.5 does already support signed and encrypted mails:


Gabor Ivanyi, 2009-09-16

It does. But only with the native Traveler client on Windows Mobile, not over Exchange ActiveSync. It's also somewhat unrelated. What we are talking here is to protect the storage for all messages, encrypted or not, on the device itself.

Traveler 8.5 is basically unmanaged. 8.5.1 adds some features like "remote wipe" or "mandatory password". What I am asking for is "enforce encryption".

Volker Weber, 2009-09-16

Traveler Gerätemanagement bereits ab 8.5.0 verfügbar!

Claus Bäumler, 2009-09-16

got an answer from 1und1:
bedauerlicherweise müssen wir Ihnen mitteilen, dass die derzeitige
iPhone Firmware 3.1. nicht von unseren Profimailer/Exchange unterstützt

Die im iPhone 3.1 erforderliche Encryption Policy müsste deaktivierbar
sein, was uns zum Zeitpunkt noch gänzlich unbekannt ist, ob das möglich
ist. Sollte dem nicht so sein ist dieses Gerät auf unsere 1&1 Exchange
Server nicht einsetzbar.
even more happy with my 3.01

Samuel Orsenne, 2009-09-17

Old vowe.net archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe