iPhone 3.1 enforces Encryption Policy for Microsoft Exchange

by Volker Weber

If you upgrade your iPhone or iPod touch to 3.1 you may be cutting yourself off from Exchange. If your admin has set the Exchange ActiveSync Mailbox Policy "Device encryption enabled", only an iPhone 3GS will meet this policy.

From 2.0 to 3.0, iPhone and iPod touch have ignored this policy. Microsoft warns: "Not all devices can enforce encryption. For more information, see the device and mobile operating system documentation." Apple recommends that you either use iPhone 3GS or disable encryption. Consequences: newer Apple hardware is more useful than older ones. ;-)

Since I don't have access to Domino 8.5.1: does Traveler in 8.5.1 support this policy?

Update:

Does this effect Traveler? - no. But it is because the Traveler server does not yet enforce the security policies. You can have user's install configuration profiles (xxx.mobileconfig) and this is the way some customers are putting password and other security policies on the device. In fact this is what Traveler is doing for you when you use the iPhone to browse to the Traveler home page on your Traveler server with the device and select the "generate" button to create account settings.

Apparently, Traveler has not implemented these Exchange security policies in their version of Exchance ActiveSync. Configuration profiles are an Apple mechanism which are iPhone-specific.

Comments

i tried to ask 1&1 about their support for this issue and i had to explain word for word what the problem is/may be. they promised to get back to me as soon as they know.

Samuel Orsenne, 2009-09-16

Samuel, there is no issue. :-) 3.1 now works as it should have all the time.

Volker Weber, 2009-09-16

I just clicked on the "Vorlesen"-link in the article at
http://www.heise.de/newsticker/iPhone-3-1-setzt-Encryption-Policy-fuer-Microsoft-Exchange-durch--/meldung/145387

to test the text-to-speech output function (haven't seen this feature there before).
The output is really great for the German text - and very funny for the English at the end :-)

Karsten Lehmann, 2009-09-16

Traveler 8.5 does already support signed and encrypted mails:

http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.lnt85.doc/Encrypted_email_support.html

Gabor Ivanyi, 2009-09-16

It does. But only with the native Traveler client on Windows Mobile, not over Exchange ActiveSync. It's also somewhat unrelated. What we are talking here is to protect the storage for all messages, encrypted or not, on the device itself.

Traveler 8.5 is basically unmanaged. 8.5.1 adds some features like "remote wipe" or "mandatory password". What I am asking for is "enforce encryption".

Volker Weber, 2009-09-16

Traveler Gerätemanagement bereits ab 8.5.0 verfügbar!

Claus Bäumler, 2009-09-16

got an answer from 1und1:
bedauerlicherweise müssen wir Ihnen mitteilen, dass die derzeitige
iPhone Firmware 3.1. nicht von unseren Profimailer/Exchange unterstützt
wird.

Die im iPhone 3.1 erforderliche Encryption Policy müsste deaktivierbar
sein, was uns zum Zeitpunkt noch gänzlich unbekannt ist, ob das möglich
ist. Sollte dem nicht so sein ist dieses Gerät auf unsere 1&1 Exchange
Server nicht einsetzbar.
even more happy with my 3.01

Samuel Orsenne, 2009-09-17

Recent comments

Volker Weber on Marshall Monitor II A.N.C. :: Erste Eindrücke at 08:13
Maikel Maes on Marshall Monitor II A.N.C. :: Erste Eindrücke at 07:58
Jochen Kattoll on The Neighbor’s Window :: Oscar Winning Short Film at 22:21
Harald Gärttner on Microsoft Office app on Android and iOS at 15:09
Volker Weber on App-Store-Interna: Apple geht gegen Buchveröffentlichung vor at 14:55
Oliver Stör on App-Store-Interna: Apple geht gegen Buchveröffentlichung vor at 13:42
Volker Weber on Microsoft Office app on Android and iOS at 13:02
Harald Gärttner on Microsoft Office app on Android and iOS at 12:56
Volker Weber on Marshall Monitor II A.N.C. :: Erste Eindrücke at 08:07
Thomas Cloer on Marshall Monitor II A.N.C. :: Erste Eindrücke at 07:57
Matthias Lorz on The Neighbor’s Window :: Oscar Winning Short Film at 12:47
Volker Weber on The Neighbor’s Window :: Oscar Winning Short Film at 11:54
Fabio Peruzzi on The Neighbor’s Window :: Oscar Winning Short Film at 11:48
Fabio Peruzzi on The Neighbor’s Window :: Oscar Winning Short Film at 11:45
Horia Stanescu on The Neighbor’s Window :: Oscar Winning Short Film at 07:04
Martin Funk on The Neighbor’s Window :: Oscar Winning Short Film at 00:00
Sven Bühler on I am not ready for a foldable phone at 22:03
Andreas Imnitzer on The Neighbor’s Window :: Oscar Winning Short Film at 21:48
Roland Dressler on I am not ready for a foldable phone at 15:02
Daniel Seiler on I am not ready for a foldable phone at 13:51
Roland Dressler on I am not ready for a foldable phone at 12:55
Hubert Stettner on I am not ready for a foldable phone at 10:51
Matthias Welling on Tools and Weapons #nowreading at 09:05
Ingo Harpel on You may secretly be a Bing user at 20:01
Amy Blumenfield on Tools and Weapons #nowreading at 19:44

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 05:55

visitors.gif

Paypal vowe