Technology Tips and News
Recently I've been testing a change to our Exchange ActiveSync Policy , "Require encryption on device". This works fine for Windows 8 phones, all iOS devices and some Android. However, W8 tablets with BitLocker on have an issue getting Activesync email.
Is BitLocker considered to be insufficient Encryption for an Exchange Activesync policy which enforces: "Require encryption on device".
Hi dude -d,
"Require encryption on device Select this check box to require encryption on the mobile phone. This increases security by encrypting all information on the mobile phone."
Here is a link for reference of this policy
View or Configure Exchange ActiveSync Mailbox Policy Properties
https://technet.microsoft.com/en-us/library/bb123994(v=exchg.141).aspx
Considering this policy is to increase the security by encrypting the device ,there maybe some conflicts here if the the device has been protected by the Bitlocker .This is just my own assumption.
To understand this policy more deeply ,it is recommended to ask for help from our Exchange Forum .They are more familiar with this policy and they may have more resources to help understand this issue .
Exchange Forum
https://social.technet.microsoft.com/Forums/exchange/en-US/home?category=exchangeserver
Best regards
Hi, Yes, I've read the links, and also posted on the Exchange forum - no response.
I'm not 100% what you mean by a conflict. This policy does not do the "encrypting the device", this policy only requires that any devices trying to connect are encrypted. In the case of Apple iOS devices, and Windows 8 phones, this is not a problem - setting a passcode encrypts them. This also is not a issue for most modern android devices - they are prompted to encrypt the device.
However, with Windows 8 tablets, what can be done? BitLocker is the MS Encryption that it comes with, but it does not appear to be suitable for EAS?
Hi dude -d,
As the policy explained :
"Require encryption on device Select this check box to require encryption on the mobile phone. This increases security by encrypting all information on the mobile phone."
This is a policy to encrypt all information.
Encrypting all information is not just to set a password to protect the information .All the information is encrypted with an algorithm(Such as AES 256 with Diffuser,AES 128-bit).Setting a password to protect the device as we did for the android devices is
a different situation ,the information in the devices is not encrypted .
When the policy is applied to the device protected by the Bitlocker , however the information has been encrypted ,so I guess there is a conflict here.It is just my own opinion.
Is there anythig to update from the Exchange side ?Maybe the Exchange Forum has more resources to explain the issue .
Best regards
BitLocker is absolutely supported with Exchange ActiveSync Policies, see Use Exchange ActiveSync Policies for Device Management on the TechNet Library. See the Addressing Policy Compliance section for details on issues that might cause the issue you are experiencing.
Brandon
Windows Outreach Team- IT Pro
Windows for IT Pros on TechNet
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier