All,I am not sure if this is the right forum, but thought I would start here anyway.We have an implemention setup where we are allowing WM devices to remotely sync mail using direct push from our exchange 2K3 servers. We have a requirement to restrict a user to one phone, as to provide an additional layer of security on top of the username and password.Is there any way to do this natively in Exchange 2K3? Or, are there some other options we can implement to help enforce that the user who's connecting in is who they truly claim to be, aside from just knowing the usenrame/password?Ideally, we need two factor authentication, but Exchange 2K3 doesn't support that.What we were originally told by our Microsoft SE when we implemented this was that the WM device had to be cradled first and that a certificate exchange occurred between the WM device and the Exchange server. It turns out, this is not at all the case.Anyone have any suggestions, other than upgrade to Exchange 2K7 (our budget doesn't currently give us this option)?Thanks,Sam

Hi, You can use 2 factor authentication when connecting activesync to an Exchange 2003 server. One example of this is RSA securid - there areprobably others. Leif

Cool, are there any white papers that describe how to set this up? I tried searching but came up empty.

Hi, See the following article: How to Use RSA SecurID with Exchange ActiveSync http://technet.microsoft.com/en-us/library/aa996745(EXCHG.65).aspx Hope this helps. Elvis