You can specify security options for your users who connect to Exchange Server by using mobile devices. With the Exchange System Manager, you can set the length and the strength of the password, the amount of inactivity time, and the number of failed attempts that can occur before the mobile device is wiped.
For more information about setting security policies, see "Best Practice: Determine and Deploy a Device Password Policy" in Best Practices for Deploying a Mobile Messaging Solution.
The term password that is referenced in this topic refers to the password that a user enters to unlock his or her mobile device. It is not the same as a network user password.
The Wipe device after failed option is off by default.
The following table presents the options you can use to set your security policies.
Minimum password length (characters)
Use this option to specify the required length of the user's password for his or her mobile device. The default setting is 4 characters. You can specify a password length of 4 to 18 characters.
Require both numbers and letters
Use this option if you want to require that users choose a password that contains both numbers and letters. This option is not selected by default.
Inactivity time (minutes)
Use this option to specify whether your users must log on to their mobile devices after a specified number of minutes of inactivity. This option is not selected by default. If selected, the default setting is 5 minutes.
Wipe device after failed (attempts)
Use this option to specify whether you want the device memory wiped after multiple failed logon attempts. This option is not selected by default. If selected, the default setting is 8 attempts.
Refresh settings on the device (hours)
Use this option to specify how often you want to send a provision request to mobile devices. This option is not selected by default. If selected, the default setting is every 24 hours.
Select this option if you want to allow mobile devices that do not fully support the device security settings to be able to synchronize with Exchange. This option is not selected by default.
If the Allow access to devices that do not fully support password settings option is not selected, users that use mobile devices that do not fully support device security settings (for example, devices that do not support provisioning) will receive a 403 error message when they attempt to synchronize their mobile devices with Exchange.
4. To specify the device security options, select Enforce password on device, and then configure the options according to the policies that you have set. The following illustration shows the Device Security Settings dialog box.
5. Click OK.
Specifying Users Who are Exempt from Device Security Settings
You can specify the users whom you want to be exempt from the settings that you have configured in the Device Security Settings dialog box. This exceptions list is useful if you have specific, trusted users of whom you do not need to require device security settings.
To add or to remove users who are exempt from device security settings
1. On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. In the console tree, double-click Global Settings, right-click Mobile Services, and then click Properties.
3. In Mobile Services Properties, click Device Security.
4. In Device Security Settings, click Exceptions.
5. Use the options in the Device Security Exception List dialog box to select the user or the group of users whom you want to be exempt from settings that you have configured in the Device Security Settings dialog box.
6. To specify that a user be exempt from device security settings, click Add. The following illustration shows the Select User dialog box.
7. In Select User, specify a user or group of users, and then click OK. For information about how to specify users, in the Select Users dialog box, click ?in the title bar, and then click the option you want to learn more about.
8. To remove a user from the list of users who are exempt from device security settings, in Users list box, select the user that you want to remove, and then click Remove.