The Fundamentals of Mobile Access to Exchange 2007
Applies to: Exchange Server 2007 SP1, Exchange Server 2007
By Patricia DiGiacomo Eddy
A responsible Microsoft Exchange Server 2007 deployment begins with a fact-finding mission. Before you deploy, you should learn all that you can about the features of Exchange 2007, especially how those features will affect your users. Although there are many categories of Exchange 2007 features that you should investigate, one that could affect most of your users is mobile access to Exchange 2007.
There are several components to Exchange 2007 mobile access: Exchange ActiveSync, Outlook Anywhere, Office Outlook Web Access, POP3 and IMAP4, and Unified Messaging (UM). In the next few pages, we'll take a detailed look at the fundamentals of mobile access to Exchange 2007.
Exchange 2007 offers anywhere access to mailbox data. Anywhere access means that your users can access their e-mail messages, calendar, contact, and task data anywhere they happen to be. Generally, users can access their Exchange mailbox data whether they are in an airport or at the zoo.
To take full advantage of mobile access to Microsoft Exchange, your users will require the right equipment. This equipment includes mobile devices, portable computers, and desktop computers. It also includes plain old telephones. Yes, that's right. Your users can access data in their Exchange mailbox by using any touchtone telephone. Through Outlook Voice Access and Unified Messaging, they can dial an access number and have Unified Messaging read their e-mail messages, contact data, and calendar data to them over the telephone.
Another feature is Exchange ActiveSync and Direct Push. Direct Push was introduced in Exchange Server 2003 Service Pack 2 (SP2). By default, Direct Push is enabled in Exchange 2007. Mobile devices that support Direct Push issue a long-standing HTTPS request to the Exchange server. The Exchange server monitors activity on the user's mailbox and sends a response to the user's device if there are any changes, such as new or changed e-mail messages, calendar, or contact items. If changes occur within the lifespan of the HTTPS request, the Exchange server issues a response to the device that states that changes have occurred. The server tells the device to initiate synchronization with the Exchange server. The device then issues a synchronization request to the server. When synchronization is complete, a new HTTPS request is generated to start the process over again. This guarantees that e-mail, calendar, contact, and task items are delivered quickly to the mobile device and that the device is always synchronized with the Exchange server.
Figure 1 illustrates Direct Push.
Figure 1 Exchange ActiveSync Direct Push synchronization
For Direct Push to work, your users must have a device that can use Direct Push. These devices include the following:
Cellular telephones that have Windows Mobile 5.0 and the Messaging & Security Feature Pack (MSFP) and later versions of Windows Mobile software.
Cellular telephones or mobile devices that are produced by Exchange ActiveSync licensees and are designed specifically to be Direct Push compatible.
New Features in Exchange ActiveSync
Exchange ActiveSync has been enhanced in Exchange Server 2007. The following are some of the new and enhanced features:
Support for HTML messages
Support for follow-up flags
Enhanced Exchange Search
Windows SharePoint Services and Universal Naming Convention (UNC) document access
Enhanced device security through password policies
Support for Out of Office configuration
Support for tasks synchronization
Support for enabling and disabling use of the camera
The ability to disable installation of third-party applications
Automatic configuration through the Autodiscover service
The ability to disable Wi-Fi on the mobile phone
Many of these features require that you use Windows Mobile 6.0 or a later version.
Enhancements in Exchange ActiveSync Security
There are several new features in Exchange ActiveSync that you can use to enhance the security of mobile device communications. These features include the following:
Remote device wipe If a device is lost, stolen, or otherwise compromised, you can issue a remote device wipe command from the Exchange Server computer or from any Web browser by using Office Outlook Web Access. This command erases all synchronization data from the mobile phone. You can also request that a confirmation e-mail be sent to both the user and the administrator when the remote device wipe has completed.
**Device password policies ** Exchange ActiveSync lets you configure several options for device passwords. These options include the following:
**Minimum password length (characters) ** This option specifies the length of the password for the device. The default length is four characters, but can include as many as 18.
Require alphanumeric password This option determines password strength. You can require that a character or symbol is used in the password in addition to numbers.
Inactivity time (seconds) This option determines how long the device must be inactive before the user is prompted for a password to unlock the device.
Wipe device after failed (attempts) This option lets you specify whether you want the device memory wiped after the user enters an incorrect password multiple times.
For more information about Exchange ActiveSync, see the following topics in the Exchange 2007 Help:
Outlook Anywhere for Exchange 2007 lets you use Outlook 2007 and Outlook 2003 clients to connect to your Exchange server over the Internet by using the RPC over HTTP Windows networking component. This eliminates the need for a virtual private network (VPN) connection to your organization's network and still provides full Outlook functionality. Outlook Anywhere was known as RPC over HTTP in Exchange 2003. Exchange 2007 has improved and built on this functionality and simplified deployment and management. Deployment of RPC over HTTP used to require significant server configuration. In Exchange 2007, you use the Enable Outlook Anywhere wizard on an Exchange 2007 computer that has the Client Access server role installed. All users who have mailboxes on Exchange 2007 are automatically enabled for Outlook Anywhere access.
For more information about Outlook Anywhere, see the following topic in the Exchange 2007 Help:
Outlook Web Access
Outlook Web Access provides access to your Exchange mailbox from any Web browser. There are two versions of Outlook Web Access in Exchange 2007: Premium and Light. Outlook Web Access Premium provides access to all Exchange 2007 mailbox data. Users can also view and manage mobile devices, set Out of Office options, group, sort, and flag messages, browse the global address list (GAL), and search their Microsoft Exchange mailbox. Outlook Web Access Light provides access to e-mail, calendar, and contacts. It does not support tasks or notes. Your users can sort messages, but they cannot group messages, change their message view, or flag messages for follow up.
To use Outlook Web Access Premium, users must be using Internet Explorer 6 or a later version. Outlook Web Access Premium is not supported on browsers other than Internet Explorer. Outlook Web Access Light is supported on recent versions of Netscape Navigator, Opera, Safari, and Mozilla Firefox.
Outlook Web Access Features
Outlook Web Access in Exchange 2007 has several new and enhanced features. Some of these features include the following:
Flexible Message Views Users can select how the message list is displayed, the position of the Reading Pane, and configure multiple grouping and sorting options.
Improved Notifications Reminders and new mail notifications appear within the Outlook Web Access window and can be accessed by using a drop-down menu in the toolbar.
Scheduling Assistant Users can use the Scheduling Assistant to help schedule meetings with coworkers. The Scheduling Assistant provides suggested times. It color codes days and times, rating them as Good, Fair, or Poor, depending on how many attendees and resources are available.
File Share Access Users can access documents and document libraries on Windows SharePoint Services and Windows file shares (also known as UNC) though Outlook Web Access.
Voice Mail Options If the Unified Messaging server role is installed in your organization, your users can use Outlook Web Access to manage their voice mail options. They can configure their telephone access options, reset their voice mail password, or change the folder that Outlook reads when they access e-mail messages over the telephone.
For more information about Outlook Web Access, see the following topics in the Exchange 2007 Help:
POP3 and IMAP4 Access
Two lesser known protocols in Exchange 2007 are Post Office Protocol version 3 and Internet Messaging Access Protocol version 4rev1, also known as POP3 and IMAP4. POP3 and IMAP4 are protocols best suited for home and personal use, but they continue to have a limited application in the business world. POP3 was designed to support offline mail processing. With POP3, e-mail messages are removed from the server and stored in the local POP3 client. This transfers the responsibility of data management to the end-user. IMAP4 offers offline and online access, but like POP3, does not offer advanced collaboration features such as scheduling, task, or contact management.
To use POP3 and IMAP4 protocols to access Exchange 2007, you must start the POP3 and IMAP4 services by using the Services snap-in to Microsoft Management Console (MMC). After the services have been started, POP3 and IMAP4 clients can connect to Exchange 2007.
For more information about POP3 and IMAP4, see Overview of POP3 and IMAP4 in the Exchange Server 2007 technical documentation library.
The last feature we will examine is Unified Messaging. Unified Messaging (UM) is new to the Microsoft Exchange product line, and it introduces new concepts that may not be familiar to an Exchange Administrator.
Unified Messaging combines voice messaging, fax, and e-mail messaging into one store, which can be accessed from a telephone and a computer. Exchange 2007 Unified Messaging integrates Exchange Server with telephony networks and brings the Unified Messaging features to the core of Microsoft Exchange. Figure 2 illustrates the relationship between an organization's telephony network components and the Exchange 2007 Unified Messaging system.
Figure 2 The relationship between telephony components and Exchange Server 2007 Unified Messaging
If you have not yet deployed Exchange 2007, you and your users are probably managing your voice mail and fax messages separately from your e-mail. Voice mail and e-mail exist as separate inboxes hosted on separate servers that are accessed through separate systems. Fax messages are probably not received into a user's inbox, but are received by stand-alone fax machines or a centralized fax server. Unified Messaging offers one central store for these messages and access to all content through both the computer and the telephone.
Unified Messaging in Exchange 2007 gives users features such as:
Call Answering Call answering includes answering an incoming call on behalf of a user, playing their personal greeting, recording a message, and submitting it for delivery to their Inbox as an e-mail message.
Fax Receiving The fax receiving feature lets users receive fax messages in their Inbox.
Subscriber Access An organization's users or subscribers who are dialing in to the Unified Messaging system can access their mailbox by using Outlook Voice Access. Subscribers can access the Unified Messaging system by using the telephone keypad or voice inputs. By using a telephone, a subscriber or user can:
Access voice mail over a telephone.
Listen, forward, or reply to e-mail messages over a telephone.
Listen to calendar information over a telephone.
Access or dial contacts stored in the GAL or a personal contact list over a telephone.
Accept or cancel meeting requests over a telephone.
Set a voice mail Out-of-Office message.
Set user security preferences and personal options.
Auto Attendant An auto attendant is a set of voice prompts that gives external users access to the Exchange 2007 Unified Messaging system. An auto attendant lets a caller use either the telephone keypad or speech inputs to navigate the menu, place a call to a user, or locate a user and then place a call to that user. An auto attendant gives the administrator the ability to:
Create a customizable set of menus for external users.
Define informational greetings, business hours greetings, and non-business hours greetings.
Define holiday schedules.
Describe how to search the organization's directory.
Describe how to connect to a user's extension so external callers can call a user by specifying their extension.
Describe how to search the organization's directory so external callers can search the organization's directory and call a specific user.
Enable external users to call the operator.
Exchange 2007 does not support installing and running the Unified Messaging server role in a virtualized environment.
For more information about Unified Messaging, see the following topics in the Exchange 2007 Help:
Despite all the exciting new mobility features that are included with Exchange 2007, there are two primary features that were available in earlier versions of Exchange that are no longer available. Before you deploy Exchange 2007, you should determine whether the lack of these two features will have a significant effect on your users.
Outlook Mobile Access
In Microsoft Exchange 2000 Server and Exchange Server 2003, users who had WAP-enabled cellular telephones could access their messages by using Outlook Mobile Access. Outlook Mobile Access provided a view of messages that resembled Outlook Web Access, but did not require that Pocket Internet Explorer be used on a mobile device. This feature has been removed from Exchange 2007. If your information workers depend on Outlook Mobile Access when they are away from their desks, you must determine whether Exchange ActiveSync and Outlook Web Access will meet their needs. In particular, you should research the cost of purchasing devices that are enabled for Exchange ActiveSync and that have unlimited data plans. Exchange ActiveSync uses Direct Push to synchronize messages between the mobile device and the Exchange 2007 server. The HTTPS connection between the Exchange server and the mobile device requires repeated data transfers, so we recommend an unlimited data plan. In addition to purchasing devices and data plans, you should also consider whether your users will require additional training to learn how to use their new devices.
S/MIME Encryption Support
With Exchange Server 2003, Exchange ActiveSync users could read S/MIME-encrypted e-mail messages on their mobile devices. Exchange 2007 does not support reading S/MIME-encrypted e-mail messages on a mobile device. To read an e-mail message encrypted by using S/MIME, your users must read the message by using Outlook 2003 or Outlook 2007.
Where Do You Go From Here?
Now that you have learned a bit about the fundamentals of mobile access, you will be better prepared to deploy Exchange 2007. For more information about the topics discussed in this article, see the following:
Microsoft Exchange Server 2007 Help Web site
Patricia DiGiacomo Eddy - Senior Technical Writer, Microsoft Exchange Server