New Enterprise Features for Windows Mobile 6 and Exchange Server 2007
6/2/2010
This section provides information about new functionality in Windows Mobile 6 and Microsoft Exchange Server 2007. Features not directly related to mobile messaging deployment are not covered, but links to this content are provided.
New Features: Windows Mobile 6
Windows Mobile 6 represents the next major release of Windows Mobile devices after Windows Mobile Version 5.0. New functionality in the Windows Mobile 6 software includes:
- Expanded native device management and security features
- Enhanced certificate enrollment and management
- Exchange Search for e-mail
- Microsoft SharePoint® and Windows file share document access
- HTML support in e-mail
Expanded Native Mobile Device Management and Security
Windows Mobile 6 devices allow for stronger interoperability with Exchange Server 2007. Windows Mobile 6 software architecture helps deliver increased device management and security capabilities, and tighter integration with Exchange Server 2007 and other productivity tools so businesses can more efficiently deploy, manage, and secure Windows Mobile solutions.
Extended flexible policy management with Exchange Server 2007, along with increased device control and security features, enhance integrated mobile business performance. These new features and device capabilities help make it easier to build security-enhanced line of business (LOB) applications. Windows Mobile 6 is designed to provide the highest standard for LOB application development and deployment.
Enhanced Certificate Enrollment and Management
Windows Mobile 6 includes a device-side enroller that is in ROM on all Windows Mobile powered devices. In addition, an ActiveSync 4.5 desktop-side enroller enables the user to configure and initiate enrollment using a desktop user interface. Functionality includes creating certificate enrollment settings from Active Directory information, and the ability to use the desktop domain logon for device certificate enrollment. Desktop Certificate Enroll enables the user to enroll a certificate to his or her device using desktop smart card authentication to the domain, without requiring a smart card reader or smart card software on the device. Enhanced security features available in Windows Mobile 6 support application-initiated enrollment, support deployments that require non-password authentication of the enrollment (smart card), and provide a way to renew expiring certificates.
These features:
- Provide certificate-based authentication that can replace standard user name and password authentication.
- Enable flexible platform certificate enrollment that is configurable on the device.
- Allow applications to call into the certificate enrollment process programmatically to initiate enrollment.
- Support certificate renewal.
- Provide the ability to install additional certificates on the device without having to create a .CAB file.
Exchange Search for E-mail
Exchange Search for e-mail enables Windows Mobile 6 powered device users to search their Microsoft Exchange mailboxes for items that match specified criteria. The search results are downloaded and displayed in a search results folder. Having the ability to search e-mail in the user’s Exchange store is a powerful feature that helps users access critical information stored in their Exchange mailbox while away from a desktop. Users can get the information they need while on the go.
The following new features are supported:
- Searching for information in e-mail messages not stored on the mobile device.
- Search results appear in a standard messaging folder view.
- The user can specify fields and folders to search, as well as date ranges.
- The user can retrieve body content and attachments from search results.
- Results remain in the search folder until the next search, or until the user manually clears them.
- The user can see the maximum number of search results available.
SharePoint and Windows File Share Document Access
SharePoint document access gives authenticated mobile users the ability to select links embedded in HTML e-mail to open documents stored on SharePoint servers. The same applies for Universal Naming Convention (UNC) shared documents. This can be used as an alternative to attaching files to e-mail messages, which is costly in terms of bandwidth and storage. This approach helps ensure that the recipient gets the most recent version of a document.
Mobile users are generally unable to access documents from outside an enterprise firewall, but this problem is solved by using Microsoft Exchange Server 2007 as a proxy or redirector for the document. This approach allows HTML e-mail to contain links to SharePoint documents just like standard attachments.
Note
Windows Mobile 6 provides read-only access to items stored in both SharePoint and UNC shares.
HTML Support in E-mail
HTML e-mail support is an enhancement to Microsoft Outlook Mobile® that allows end users to receive, view, compose, and send e-mail in HTML format. The following messaging transports are supported: ActiveSync, POP, IMAP, and Exchange Server 2007. HTML functionality includes bullets, tables, hyperlinks, formatted text, and inline images.
New HTML capabilities for Windows Mobile 6 software include:
- E-mails synchronized with Exchange Server 2007 can display the original HTML formatting.
- HTML Smart Reply, Inline Smart Forward, Compose, and Fetch Mail are supported.
- Forwarded e-mail is not shown inline, as it is in desktop Outlook.
- E-mail preserves inline hyperlinks to Web content.
- Policy and user options: Control HTML payload per account via Configuration Service Provider and user options.
Note
There are more new Windows Mobile 6 features not discussed in this section, including device lock, enhanced PIN strength, and storage card encryption. To learn more about new Windows Mobile 6 features and functionality, see the Windows Mobile 6 Product Reference Guide.
New Features: Exchange Server 2007
Microsoft Exchange Server 2007 has several new features that allow for increased performance and simplified management of your Windows Mobile 6 messaging solution. Nearly all administrative tasks are performed from the Exchange Management Console, eliminating the need to use additional tools to manage devices. The new Exchange Server feature set includes:
- New Exchange Server 2007 ActiveSync functionality
- Exchange ActiveSync mailbox policies
- Distributed server roles
- Exchange Management Console
- Microsoft Exchange Server 2007 Management Pack for Microsoft Operations Manager (MOM) 2005
New Exchange Server 2007 ActiveSync Functionality
Exchange ActiveSync is enabled by default on the Exchange Server 2007 with the Client Access server role installed. Exchange ActiveSync has been enhanced in Exchange Server 2007. New ActiveSync features include:
- Support for HTML messages
- Support for follow-up flags
- Support for fast message retrieval (Fetch Mail)
- Meeting attendee information
- Enhanced Exchange Search
- Windows SharePoint Services and UNC document access
- PIN reset
- Enhanced device security features through password policies
- Support for Out of Office configuration
Exchange ActiveSync Mailbox Policies
Exchange ActiveSync mailbox policies allow an administrator to apply a common set of policy and security settings to a group of users. Several additional policies have been introduced in Exchange Server 2007 to provide greater management control over your mobile messaging environment.
The following mobile policy options can be implemented using the Exchange Management Console:
Security Option | Description |
---|---|
Require alphanumeric password |
Use this option if you want to require users to choose a password that contains both numbers and letters. This option is not selected by default. |
Enable password recovery |
Administrator may obtain a recovery password by using the Exchange Management Console. |
Require encryption on device |
Requires encryption on the device for SD cards. |
Allow simple password |
Enables or disables the ability to use a simple password such as 1234. |
Minimum password length |
Specifies the minimum password length. |
Time without user input before password must be re-entered |
Specifies whether users must log on to their mobile devices after a specified number of minutes of inactivity. This option is not selected by default. If selected, the default setting is 5 minutes. |
Password expiration |
Enables the administrator to configure a length of time after which a device password must be changed. |
Attachments enabled |
Enables attachments to be downloaded to the mobile device. |
Allow non-provisional devices |
Allows older devices to connect to Exchange Server 2007 through ActiveSync. |
For a more detailed overview of Exchange Server 2007 mailbox policies, see Understanding ActiveSync Mailbox Policies at https://go.microsoft.com/fwlink/?LinkID=87062.
Distributed Server Roles
Two options are available for an Exchange Server 2007 deployment, typical and custom. In a typical installation, multiple service components (server roles) are added to a single server platform.
A server role is a unit that logically groups the required features and components needed to perform a specific function in the messaging environment. The requirement of a server role is that it is a server that could be run as an atomic unit of scalability.
Server roles, the primary unit of deployment, enable administrators to easily choose which features are installed on an Exchange server. Logically grouping features in server roles offers the following advantages:
- Reduces attack surface on an Exchange server. An administrator has the ability to add additional backend servers without disrupting Client Access Server operation or exposing these servers outside of the corporate LAN.
- Offers simple installation, and the ability to fully customize a server to support your business goals and needs.
- Potentially increases server performance by dispersing the overall workload (CPU and memory utilization) to additional server platforms.
The following Exchange Server 2007 server roles are essential in a mobile messaging deployment:
- Client Access Server - This role supports Microsoft Exchange ActiveSync client applications, the Post Office Protocol version 3 (POP3), and Internet Message Access Protocol version 4rev1 (IMAP4) protocols. It is the primary server component of your mobile messaging system. The Client Access Server behaves as a front-end server to the Mailbox Server (back-end) in a distributed role topology.
- Mailbox Server - This is a back-end server that can host mailboxes and public folders.
Note
Additional server roles that are not mentioned or only briefly mentioned in this document include Edge Transport, Hub Transport, and Unified Messaging. The Client Access Server role is responsible for ActiveSync communication with a Windows Mobile powered device, and is the essential component of a mobile messaging deployment. See Network Architecture Scenarios.
For more information on Microsoft Exchange 2007 server roles, see Server Role Roadmap under Microsoft Exchange Server 2007, at https://go.microsoft.com/fwlink/?LinkID=87058.
Exchange Management Console - Overview
In Exchange Server 2007, the Exchange Management Console replaces the Exchange System Manager from Exchange Server 2003. The Exchange Management Console allows you to manage all servers, recipients, and organizational components in your IT infrastructure.
An Action pane now lists the actions available to administrators, based on the items selected in the console tree or result pane. From a mobile messaging perspective, the Action pane is where a new mailbox policy may be created or a data wipe initiated for a mobile device.
Note
The Exchange ActiveSync Mobile Administration Web Tool is no longer available in Exchange Server 2007. It enabled administrators to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices in an Exchange Server 2003 environment. This functionality has been added to the Exchange Management Console, consolidating all management tasks in a single user interface.
Microsoft Exchange Server 2007 Management Pack for Microsoft Operations Manager (MOM) 2005
The Exchange Server 2007 Management Pack includes rules and scripts to monitor and report on performance, availability, and reliability of all Exchange 2007 server roles, including Mailbox, Client Access, Hub Transport, Edge Transport, and Unified Messaging. The Exchange Server 2007 Management Pack for MOM 2005 topics explain how to monitor and maintain messaging resources. You can view these specific monitoring topics online at Monitoring Exchange 2007 with Microsoft Operations Manager 2005 SP1.
System requirements for using the Microsoft Exchange Server 2007 Management Pack are MOM 2005 and Microsoft Exchange Server 2007.