I am pretty new to exchange/active sync, but in terms of active sync security policies, what exactly are you trying to protect against? What are the risks of not having a strong active sync security policy?

Access from unapproved/unsecured mobile devices. If you are allowing such access in the first place that is.

If I remember correctly you asked a similar question a while back, did you review the article I linked there? It explains how the whole EAS process works: http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/mobile-device-management-part1.html

Hi,

When you allow mobile phones or other mobile devices to synchronize with your Exchange server, you allow sensitive corporate information to be stored on small, portable devices that can be easily lost or stolen.

Before you deploy Exchange ActiveSync, we recommend that you familiarize yourself with the various security settings you can configure to keep your corporate information safe. You can configure an authentication method for Exchange ActiveSync, deploy Exchange ActiveSync mailbox policies, and use remote device wipe to remove personal and corporate data from a lost or stolen mobile phone.

For more information, you can refer to the following articles.

https://technet.microsoft.com/en-gb/library/bb123994(v=exchg.141).aspx

https://technet.microsoft.com/en-gb/library/bb430761(v=exchg.141).aspx

Hope this is helpful to you.

Best regards,