Problem solve Get help with specific problems with your technologies, process and projects.

Requirements for connecting mobile devices to Exchange 2003

Take a look at the different requirements for mobile devices such as an iPhone or Blackberry to connect to Exchange Server 2003.

My company runs Exchange Server 2003 and has yet to directly connect mobile devices to our network. I've researched this option but our organization has a mixed bag of devices, including iPhones and Blackberrys.

Can we use a unique identifier to only allow certain devices to connect to our Exchange server? What's the best solution for us to stay secure while not opening too many holes in our firewall?

Connecting iPhone, Palm, Android and Windows Mobile devices only require you to expose the Exchange server to the Internet over port 443. There are no outbound communications that need to be enabled to support the Exchange ActiveSync connection. If you already have Outlook Web Access (OWA) open to external users, ActiveSync should work well without any additional configuration.

In Exchange Server 2003 there aren't as many native configuration options for what is and isn't allowed to connect to the server. You can only really prevent devices that don't support password policies from connecting. However, you can control which users are able to connect with ActiveSync by changing the Exchange properties on each user account.

Exchange Server 2007 and higher have a feature that allows administrators to only allow a specific device to be used by each user. This requires a bit of management on your part however, as each provisioned device would need to be manually inspected, then each mailbox configured to use the device before it can actually be configured for use.

BlackBerry devices are a little different. In a corporate environment it's recommended that a dedicated server be installed to provide mobile services. However, end users can either install software on their desktops that act as a personal BlackBerry server or they can use BlackBerry Internet Services (BIS) that will retrieve email via IMAP, POP or OWA to perform redirection to the device.

To prevent these sorts of redirections you'll want to make it part of the corporate policy, then possibly deny access to and from the Blackberry services using firewall rules. If you choose to support BlackBerry devices and implement a BlackBerry Enterprise Server (BES), there are a number of outbound TCP ports you'll need to establish services to, while no inbound ports are required. The administration aspects enable administrators to dictate the BlackBerry devices used.

Do you have comments on this Ask the Expert Q&A? Let us know.

Dig Deeper on EMM tools | Enterprise mobility management technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.