Configuring Mobile Device Support


Perform the following activities to configure mobile device support for Exchange 2003:

  • Configure synchronization.

  • Configure Exchange ActiveSync to use RSA SecurID.

  • Enable Outlook Mobile Access.

For an overview of mobile devices support features for Exchange Server 2003, see Mobile Services for Exchange.

Configuring Synchronization

When you install Exchange, synchronization access to Exchange is enabled by default for all users in your organization. You can disable synchronization at the organizational level using Exchange System Manager. You can also use the Active Directory Users and Computers snap-in to enable or disable synchronization access for a user or groups of users.

Configuring Exchange ActiveSync to Use RSA SecurID

As an added level of security, you can use Microsoft Windows Mobile devices with Exchange ActiveSync with RSA SecurID two-factor authentication.


No additional device configuration is required to support RSA SecurID. The device presents the appropriate authentication automatically when synchronizing with an Exchange ActiveSync server protected by RSA SecurID.

The steps to use RSA SecurID with Exchange ActiveSync include the following:

  1. Set up the RSA SecurID server components.

  2. Configure IIS to use RSA SecurID.

  3. Set up user accounts.

For detailed steps for configuring RSA SecurID with Exchange ActiveSync, see How to Use RSA SecurID with Exchange ActiveSync.

Configuring Devices to Use Exchange ActiveSync Features

After you have configured your Exchange environment for synchronization, you must also configure the client devices. You must individually configure each mobile device in your organization. Alternatively you can instruct users how to configure their own devices.

Configuring Exchange ActiveSync

The following topics explain how to configure Exchange ActiveSync in your organization.

Adding a Root Certificate to a Windows Mobile-based 5.0 Device

Microsoft Windows Mobile-based 5.0 devices use the Microsoft CryptoAPI (CAPI) certificate store to securely store root certificates. Exchange ActiveSync checks the root certificate store on the mobile device to verify that the certificate on the server it is connecting to was issued by a trusted authority.

Root certificates that are included with a Windows Mobile 5.0 device represent the following certificate authorities:

  • VeriSign

  • GTE CyberTrust

  • Equifax

  • Entrust

  • GlobalSign

  • Thawte

For the procedure to add a root certificate to a Windows Mobile-based 5.0 device, see the Installing a Root Certificate in the Windows Mobile Version 5.0 SDK.

For information about how to add root certificates to the Windows Mobile 2003 Smartphone and to Windows Mobile 2002 Smartphone, see the Microsoft Knowledge Base article 841060, "How to add root certificates to Windows Mobile 2003 Smartphone and to Windows Mobile 2002 Smartphone."