Bring-Your-Own-Device (BYOD) is a great way for companies to enable their workforce with mobile devices cheaply, mostly because the employees pay for their own devices and data plans. The downside is when things go wrong and the blessed devices stop working for one reason or another. Sometimes software is to blame, as in the case of Android 4.4 "Kitkat", which doesn't want to connect to Exchange via ActiveSync. Cue calls to the help desk... Ah, the joys of a BYOD policy!
As you probably realize, many of the mobile device vendors who create tablets and smartphones running the Android operating system license it to connect to Exchange using ActiveSync (EAS). And despite the differing implementations of email clients on the various Android devices, most of the time connections are easy and reliable, which is exactly how you’d like them to be.
The charmingly named KitKat release (aka Android 4.4) is due to appear soon and users will have the opportunity to upgrade over-the-air (OTA). Most people don’t give upgrades too much of a thought and click on the “Accept” or whatever other button will instruct the device to download and apply the new code when offered. It’s the same on other mobile platforms and the ease and facility of OTA updates usually contribute to keeping devices secure and performing by eliminating bugs and security holes.
All is well until you hit a problem, and that’s what seems to be happening for the souls who have applied KitKat to their devices and then find that they can’t connect to Exchange via EAS. The problem was originally reported on November 4 and although Google has marked the bug as “Closed” (fixed in a future release), its characterization as a “small” priority has been challenged by people who download Kitkat and then find that email and calendar synchronization is broken. Any attempt to connect the device via ActiveSync is declined by Exchange due to an authentication failure, possibly due to a change in the way that application credentials are stored. The problem affects all versions of Exchange, including Exchange Online in .
(Thought: would it be a "large" problem if Android couldn't connect to Gmail? Just thinking...)
New problem reports continue to flow into Google, which indicate that the bug fix has not yet been incorporated into the code available to end users. The problem has been encountered on many different Android devices from Nexus 4/5 to Motorola Moto X.
If your company operates a BYOD policy, it’s likely that some users will encounter this problem as KitKat updates are pushed out (for example, here’s the location for the Nexus 4 OTA update). For the moment, it is best to tell users to decline the update and keep devices running Android 4.3 until Google confirms that the problem has really been fixed and the OTA update packages are updated with the new code.
Update December 6: Paul Robichaux reports that the Kitkat problem might be fixed with Android 4.4.1. Then again, it might not. Or other problems might still be present. It's enough to make an administrator tear out what little of their hair remains after all the ActiveSync issues with iOS last year. The most proactive approach you can take is to block new mobile device operating systems with ActiveSync device access rules or use a mobile device management product to keep updates away until they have been validated, checked, clarified, and anything else needed to ensure that they won't compromise your Exchange servers. What a bloody mess!
Follow Tony @12Knocksinna