Globalize Networks blog

The explosive popularity of mobile email devices like smartphones and iPads can lead to security problems if not managed properly. In the corporate world, we want at the very least to be able to enforce passwords on devices and remotely wipe mobile devices if they are lost or stolen.

There is also the emerging scenario of devices left in semi-secure environments. Imagine an iPad configured with a corporate email account and left around the house to be toyed with by the children and their mischievous friends.

Here is a quick overview of some of the Mobile Device Management options available on the most common platforms:

1. Blackberry Enterprise Server has had “IT Policies” for some time. It fact, they really set the standard in this area, Mobile Device Management is old news to BB admins. This should come as no surprise given RIM’s deep commitment to the enterprise.
2. Microsoft Exchange 2003 is getting old to compete well in this area. However, SP2 allows password enforcement, and the “Microsoft Exchange Server ActiveSync Web Administration Tool” provided by Microsoft, although very basic, can do remote wiping of ActiveSync devices.
3. Exchange 2007 and 2010 introduce “Exchange ActiveSync mailbox policies” which have a myriad of great management options. Of course you can wipe the devices using the Exchange Management Shell and enforce passwords and password complexity, but some of my favorites include enforcing storage card encryption and
   setting inactivity time before the phone locks. You can even do things like disable the camera if you are feeling like a real control freak. Of course, not all phones will be able to enforce all of these options.
4. Google has been playing catch-up to enable these enterprise MDM features in Android and they now support a few of the essential options. They are also starting to roll out these features (including device location discovery) for Google Apps users via the “Google Apps device policy.” It looks like they can even password enforce and remote wipe any phone with Google Sync installed.
5. iPhones have been pulled into the enterprise for some time now, so Apple’s enterprise features are more mature than Android’s. They even include a “find my ” feature with Mobile Me which allows remote wipe and ad hoc passcode enforcement. Everyone I talk to about Mobile Me has been disappointed though, so I can’t recommend it in good faith.
   

Here are the main problem I see with rolling Google Apps out to Outlook users who are used to Exchange:

1. Access to shared calendars won’t work the same
   1. I guess you could use something like OggSync to sync public and selected private calendars, but that is kludgey compared to Exchange free/busy functionality.
   2. Using the Google Apps web interface is probably almost as good, but there is usually a lot of resistance to this thin client approach.
   3. I played around with Outlook 2003 and iCal/WebDav for free-busy info, but it was a pain to set up.  I should revisit this and see if there is a better way to do it now.
2. No Global Address Book
   1. I’m not sure how to address this.
3. No Public Folders
   1. Does anyone really use these effectively anyway? Most of the uses I’ve seen could have been done a number of different ways.

Well one client recently didn’t see a problem with going down this route.  I would definitely put my money on Google over ZImbra, OpenGroupWare, etc.

After much abuse from my associates, I have finally caved in.  I’m all for using http://Postini.com to filter out spam.  It’s cheap and it works well.  It keeps the spam off the network, and I like how it just sends a quarantine report to the end-users each day.

Of course, now we have to turn off that pesky Outlook junk mail filter:

http://office.microsoft.com/en-us/ork2003/HA011402621033.aspx

To enforce Outlook Junk E-mail Filter user interface options for users

1. In Group Policy, load the Outlook 2003 template (Outlk11.adm).
2. Under User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools | Options\Preferences, click Junk Mail.
3. Double-click Junk E-mail protection level.
4. Click the Enabled radio button to enable configuring the policy.
5. In the Select level drop-down list, select a protection level to enforce.
6. Click OK.
7. Set other policies, such as specifying to permanently delete junk e-mail messages.

(Found this http://www.myitforum.com/forums/m_148505/mpage_1/key_/tm.htm#148505 via google on “disable junk mail outlook” – thanks to kdsrazor)