Finding the perfect solution amid imperfect options
Choosing a mobile platform for business purposes is more difficult today than ever before. Only 3 years ago, things were much simpler—enterprises used Windows Mobile or BlackBerry. Today, many platforms are competing in this market segment, and the decision of which to use is much more difficult to make. As B. K. Winstead explains in his article "Smartphones in the Enterprise: Opening Pandora's Box," each platform has its strengths and weaknesses, and vendors are mostly trying to balance between consumers and business users by providing the same type of devices for both. In "Smartphones in the Enterprise," Winstead provides a big-picture view of the smartphone market; in this article, I narrow the story to one specific service: Microsoft Exchange Server integration.
Because so many enterprises use Exchange Server as a collaboration platform, the level of integration between a mobile platform and Exchange Server can be an important factor in adopting it. In addition, because Microsoft provides its ActiveSync protocol to any vendor that wants to implement it, this protocol has become standard. Almost every mobile platform now supports ActiveSync, making the choice even wider. However, many factors affect the decision of which mobile platform will best integrate with Exchange in your environment.
In general, what we expect from a mobile platform is the ability to synchronize our email messages, contacts, and calendar from our Exchange mailbox to a mobile device, as well as Direct Push support. Some more demanding users will probably also expect to have tasks and maybe even notes synchronized on their mobile device. And although mobile devices are mostly focused on consuming rather than producing content, you can typically expect the ability to create or update a meeting request from your mobile device, edit a contact in your Exchange address book, create a new task or note, and perform email management tasks such as accessing other folders in the mailbox, managing out-of-office features, and more. Another nice feature to have would be Microsoft Information Rights Management (IRM) support so that you could open encrypted email messages and send digitally signed emails. Some platforms support synchronization of text messages (SMS) to the Exchange mailbox, but most platforms use their own solution to accomplish this task.
From a systems administrator’s point of view, the most important aspects of integrating a mobile platform with Exchange are device control, provisioning, and management. Various solutions for mobile platform management exist (e.g., Microsoft System Center Mobile Device Manager), but for the purposes of this article, I focus only on management policies that are available for Exchange. In Exchange Server 2010 and Exchange Server 2007, several policies are available for application on mobile devices through the ActiveSync protocol. These policies provide an acceptable level of mobile device control.
Exchange ActiveSync (EAS) lets you force password requirements to a mobile device, configure the amount of data that will sync from your Inbox and calendar, and allow or prohibit synchronization while roaming. In addition, you can control some basic application usage on the device (e.g., browser and email clients), as well as some hardware capabilities such as Bluetooth, wireless, camera, and storage card access. You can also configure allowed or blocked applications that can (or can’t) run on the device. In general, these settings provide the most important features for managing mobile devices. All these settings are mandatory, which means that if they’re applied, users can’t change them from the client side.
These policies are created on the Client Access server role’s organization level in Exchange 2010 and Exchange 2007. They’re applied on a per-user basis, which means you can create different policies for different users. However, the policies can be applied only up to the level that the mobile device supports. Policy settings that the mobile platform doesn’t support on the client side are simply ignored.
Before you decide on a mobile platform to implement in an existing Exchange Server environment, it’s helpful to know what you can expect from each platform regarding Exchange integration. In the following sections, I discuss Exchange integration with Windows Mobile 6.5, Windows Phone 7, Apple iOS 4.3, and Google’s Android 2.2.
Platforms of Choice
Although numerous mobile platforms exist, I decided to focus on just four: Windows Mobile 6.5, Windows Phone 7, iOS 4.3, and Android 2.2. Before I get too far into the discussion, let me explain why I chose these platforms: I wanted to test Exchange integration with mobile platforms that have the ActiveSync client natively implemented in the OS rather than provided as a third-party application.
You might wonder why I included Windows Mobile 6.5 when everyone is neglecting this platform today. The answer is simple—if we’re just looking at Exchange integration, Windows Mobile 6.5 still has much to offer. Windows Mobile 6.5 actually supports all the features and integration capabilities that I discussed in the previous section, whereas no other platform fully supports all these elements. The disadvantage of this platform is that Microsoft has stopped developing it, so we probably won’t see any new applications for it. Although Microsoft promised that the company will continue to provide support for Windows Mobile 6.5, no one knows what kind of support, or to what extent. If you already have Windows Mobile 6.5 deployed in your enterprise, you can keep using it for the foreseeable future—but if you’re thinking about deploying mobile devices from scratch, you should probably avoid this platform.
You’re probably also wondering why I didn’t include BlackBerry, which is a very popular mobile device, especially for business-oriented users. The main reason for this omission is because the BlackBerry platform doesn’t provide native Exchange support. To sync your BlackBerry with Exchange, you must buy BlackBerry Enterprise Server (BES) for Microsoft Exchange at an additional cost. Although some workarounds exist to enable ActiveSync on BlackBerry without BES—that is, through third-party client applications—I decided to drop the platform from my discussion because it doesn’t provide a unified experience.
Windows Mobile 6.5.x Professional. When it comes to ActiveSync implementation, Windows Mobile 6.5.x Pro is the most complete platform you can find. This platform provides full integration capabilities. You can apply all available Exchange Server policies (from Exchange 2010 to Exchange Server 2003) to Windows Mobile 6.5 Pro. In addition to synchronizing your calendar, email, and contacts, Windows Mobile 6.5 lets you sync tasks and notes (via Microsoft Windows Mobile Device Center, which also gives you the ability to sync files, photos, and videos between your device and computer). If you’re using Exchange 2010, you can also sync text messages to your Exchange Inbox. In fact, Outlook and Outlook Web App (OWA) can use ActiveSync to send text messages (SMS) to your mobile device, which then uses the mobile network to forward the messages to recipients. In the other direction, each message that comes to your mobile device is forwarded to your mailbox on Exchange. On Exchange Server 2010 SP1, you can even use specific folders for this purpose.
Windows Mobile 6.5’s email management is quite advanced. You can easily configure certificate usage, and you can specify whether you will sign or encrypt email messages that you send from your device. You can also open digitally signed and encrypted email messages, with the option to check certificate validity. The platform also lets you use device certificates for authentication.
Window Mobile 6.5 supports mobile Outlook’s conversation view in Exchange 2010. In addition, the platform supports over-the-air updating of Outlook Mobile client software.
The biggest disadvantage of Windows Mobile 6.5 is more than obvious: The platform is a dead end. Another disadvantage is the fact that the platform isn’t very finger-friendly and instead requires a stylus, although that problem can be mostly solved by implementing a vendor-produced interface such as HTC Sense. Very demanding users will also complain about the platform’s inability to support multiple Exchange accounts.
From an administrator perspective, Windows Mobile 6.5 is a dream platform. In addition to providing full support for Exchange policies, the platform can be managed and provisioned by using System Center Mobile Device Manager 2008, it can be authenticated by using client certificates, and it can even be enrolled in a domain.
Windows Phone 7. Interestingly, the ActiveSync capability isn’t one of the features that’s highlighted in Windows Phone 7 marketing. You can find a lot of information about every single feature of Windows Phone 7—except Exchange integration and ActiveSync implementation. After testing the Windows Phone 7 platform, I understand why. The truth is that Windows Phone 7 lacks many of the ActiveSync features that Windows Mobile 6.5 includes.
Windows Phone 7 does have a lot of great features. For example, you can configure multiple Exchange accounts (which are now called Outlook accounts, to align with Office Mobile terminology). The platform’s email client is very fast, user-friendly, and extremely easy to use. The calendar is likewise easy to use, with the capability to check users’ availability and to show events from multiple calendars. An important enhancement related to contacts is that they fully integrate with other address books, such as Facebook and Windows Live address books; this integration provides an improved user experience. Windows Phone 7 can also import pictures from Active Directory (AD), which can be convenient.
Missing features in Windows Phone 7 include the ability to sync tasks, notes, or text messages from Exchange—which is unbelievable, and I really hope these features are included in future updates. (One third-party app, called APPA Mundi Tasks, lets you sync tasks on Windows Phone 7.) Although you can configure multiple Outlook accounts, the platform lacks a unified email Inbox, and the conversation view isn’t supported. Windows Phone 7 doesn’t provide IRM support for email messages. You can still flag email messages, which is convenient, but this is about the most advanced thing you can do with your email. Finally, you can’t search messages that aren’t cached on the device but that are located on Exchange Server.
I tried applying Exchange policies to Windows Phone 7 but found that only the most basic policies can be applied (e.g., enforcing the device’s password, Internet sharing, desktop synchronization, remote wipe–related options). If your Exchange server has other policies configured—for example, device encryption enforcement—Windows Phone 7 will generate an error message during synchronization (error code 86000C2B). In addition, you can’t use System Center Mobile Device Manager to manage Windows Phone 7. If you want to support Windows Phone 7 devices but also enforce policies on Windows Mobile 6.5 devices that the Windows Phone 7 platform doesn’t support, you must select the option Allow non-provisionable devices in Exchange Server’s EAS policy.
Microsoft clearly targeted Window Phone 7 at users who don’t consider email usability to be one of their mobile device’s most important features. Although no critical Exchange features are missing, Windows Phone 7 lacks quite a few advanced features. Business users will probably miss synchronization of tasks and notes, as well as the unified Inbox feature and the conversation view. We can only hope that the growing mobile market will soon provide some relevant third-party apps.
From an administrator’s perspective, Windows Phone 7 is a very closed platform. Currently, no tools are available for application management or device provisioning. The question remains, Does a platform exist that not only has a future but also serves users who expect all of Windows Mobile 6.5’s Exchange-related features?
iOS 4.3. Since the first iPhone release 4 years ago, which had no Exchange support at all, Apple has made great progress in this field. Apple’s current platform, iOS 4.3, is available on 3GS and iPhone 4 devices and includes an unexpectedly large number of ActiveSync features. Ironically, when iOS 4 was released, it was the only platform available that supported more than one Exchange account (until Windows Phone 7’s release). iOS 4.3 natively supports the conversation view and provides a unified Inbox capability, which is extremely useful for users who have more than one email account configured on their phone.
iOS 4.3 has another extremely useful feature: It can synchronize the Suggested Contacts folder. This folder contains all the email addresses that you typed or replied to in desktop Outlook but didn’t save to your address book. Each time you start typing an email address in Outlook or OWA, you’re presented with a list of addresses that you used earlier. On previous versions of Exchange (and Outlook), these addresses are located on the local machine, in a .nk2 file. On Exchange 2010, this data is migrated to the user mailbox in the Suggested Contacts folder. iOS 4.3 is capable of syncing that folder to your phone—and in fact is currently the only platform that can do so. Also, iOS 4.3 lets you search beyond what’s cached on the device; you can perform a message search on Exchange Server, which means that you can search your whole mailbox from an iOS device.
iOS 4.3 lets you easily search the Microsoft Exchange Global Address Book. In addition, you can use the calendar application to create invitations, as well as accept or decline them (or say "maybe"). Advanced features such as contact availability aren’t included.
On the downside, iOS 4.3 doesn’t sync tasks natively (although the App Store offers several apps that provide this capability). You can sync notes, but only from Outlook, using iTunes installed on Windows. IRM isn’t supported for email messages, and you can’t flag email messages or access out-of-office features from your phone.
Applying Exchange policies in iOS 4.3 works better than I expected. iOS 4.3 fully supports password policies, as well as basic policies for content synchronization and synchronization during roaming. You can also use Exchange policies to disable the camera, Wi-Fi, and the Safari browser on the iPhone. Of course, you can’t control applications installed from the App Store, nor can you provision devices with iOS (at least not with Microsoft tools). iOS 4.3 also supports certificate authentication.
Android 2.2. Android has become a very attractive choice for all kinds of customers, with the most extensive growth in the past year. However, Exchange support has never been extensive in the platform. The current version, Android 2.2 (code-named Froyo), has several Exchange enhancements compared with the previous version—but still not enough to compete with iOS or Windows Mobile 6.5. And the upcoming version, Android 2.3, doesn’t seem to provide any new Exchange features either.
Android 2.2 supports the conversation view, as well as email flagging. Navigating the Exchange Global Address Book is relatively easy. The email client is fairly simple and easy to use, but it’s not very Exchange friendly. You can manage out-of-office features from Android—which is surprising, but it’s a useful capability. Android’s calendar is good, but sending a meeting invitation occurs from the email application, not from the calendar during item creation—which is an odd solution.
Perhaps the most irritating Exchange-related oversight on Android is the lack of support for reply and forward tags on email items. If you reply to a message (or forward it) from your mobile device, the message is marked as replied on the mobile device but not in Outlook or OWA—and vice-versa.
Another drawback is the inability to push items in any other folder than the Inbox. You can configure Direct Push, but it works only for the Inbox. If you want to check whether a message has arrived in another folder, you must open the folder and manually initiate synchronization. In addition, you can’t search messages that are on Exchange Server but not cached on the mobile device.
Android 2.2 doesn’t support multiple Exchange accounts. Tasks and notes aren’t synchronized to mobile devices. Finally, the platform doesn’t support IRM.
When it comes to Exchange policies, Android has very little to offer. You can force password policies and perform a remote wipe—but that’s about it. Google has a lot of work to do to enhance Android’s Exchange capabilities, but it remains to be seen whether the company is willing to do it. A major disadvantage is the inconsistency between mobile device vendors. Some devices have more problems with using the built-in client for Exchange synchronization than others. A possible solution is to use third-party apps for EAS.
Configuring Exchange Synchronization
To truly evaluate a platform’s usability, you need to actually use it. Thus, I tested each of the mobile platforms on an appropriate mobile device: iOS 4.3 on an iPhone 4, Windows Phone 7 on an LG Optimus 7, Windows Mobile 6.5 on an HTC HD2, and Android 2.2 on an HTC Desire.
iOS 4.3. Setting up an Exchange account on iOS 4.3 is a pretty simple task. Select Settings, Mail, Contacts, Calendars, Add Account. You’ll be presented with several account options to configure, including Microsoft Exchange, MobileMe, Google Mail, Yahoo, and AOL. Select Microsoft Exchange, then enter the required data to set up your mailbox (i.e., email address, username, and password). iOS 4.3 uses the Autodiscover feature and will try to find your Exchange server automatically. After your credentials are verified, you might need to enter a server name (which should be your Client Access server public name). On the next screen, you can select which items to synchronize (mail, contacts, calendar). By default, iOS synchronizes the past 3 days of email, from the Inbox folder only. However, you can easily add more folders and specify a wider time range, simply by revising the account properties after configuration. You can run into problems with Exchange account setup if your Client Access server is equipped with a nontrusted certificate. In that case, iOS will ask whether or not you trust that server. You can use the same procedure to add more Exchange accounts (or other types of accounts), which will be synchronized into one unified Inbox.
Windows Phone 7. Windows Phone 7 is definitely the easiest platform on which to set up an Exchange account. If your Exchange server is configured correctly and has a widely trusted certificate installed, client setup is really a piece of cake. If, however, you use a certificate issued by your own internal Certification Authority (CA), you must add the root CA certificate to the list of the trusted CAs on your device. One method of accomplishing this task is to send the CA certificate to a public email address (such as Hotmail or Gmail) and synchronize this mailbox with your device (which you can accomplish without an SSL certificate, then retrieve the certificate from email).
Another option is to connect Windows Phone 7 on your corporate network’s Wi-Fi, connect to your CA’s web enrollment page, and download the certificate from there. Then, go to Settings, select email & accounts, and choose Outlook (the Exchange mailbox is called Outlook in Windows Phone 7). You’ll be prompted for your email address and password; all other data is retrieved through Autodiscover. After the account is configured, you can specify how much data will sync to your device and you’ll be able to use Direct Push.
Windows Mobile 6.5. To completely set up ActiveSync on Windows Mobile 6.5, you have to spend more time than on iOS 4.3 or Windows Phone 7. This isn’t because the setup is more complex, but because more options are available.
To set up an Exchange account, go to Settings and click the ActiveSync icon. After the application opens, select Menu, then select the Add Server Source option. Enter your email address on the first screen. You can also select the option to detect Exchange Server settings automatically, which is recommended. Next, provide your username, password, and domain; select the option to save this information for future use. After you complete these steps, the ActiveSync client will use the Autodiscover feature to try to discover your Exchange Server settings. You can skip this step if it takes too much time, and provide the Exchange Server name manually instead. If you choose to do so, or if Exchange Server wasn’t detected automatically, you can also specify whether to use an SSL connection. Finally, you must specify what to sync. In Windows Mobile 6.5.x on Exchange 2010, you have the following options: contacts, calendar, email, tasks, and text messages. Some options, such as email, have additional settings where you can select the amount of data to be synchronized (in days), message format, item size limit, and email encryption. You can also configure certificates for digital signing.
If you decide to synchronize text messages, be aware that this feature doesn’t work on all Windows Mobile 6.5 devices. In fact, it works only on devices on which no third-party messaging client is installed. For example, most HTC devices have an HTC Messaging client as part of the HTC Sense interface and can’t sync text messages to or from Exchange Server. Only the default Microsoft client for text messages is capable of synchronizing messages over an ActiveSync connection.
Android 2.2. Setting up Exchange on Android is easy. Select Menu, Settings, Accounts & sync. Then, select Add account and choose Exchange ActiveSync. Enter your email address and password. After you enter your credentials, your mobile device will try to verify the certificate on your server. If the certificate isn’t trusted (in my environment, the GeoTrust public certificate wasn’t trusted by Android), you should select Continue, or select View if you want to see the certificate details. The client will then try to use Autodiscover to configure the Exchange account. If Autodiscover fails, you’ll have to enter the Exchange Server name manually. Otherwise, you’ll be presented with options for synchronizing content (email, contacts, calendar). When you’re done, select Finish Setup. You can also configure options for Direct Push, the amount of content to be synchronized, and the format of content to be synced (email, HTML, or plain text). Android 2.2 also lets you configure synchronization during roaming, as well as conflict resolution (i.e., if an item is modified on both the device and the server).
The Best Really Is Yet To Come
If Exchange integration and ease of management are your primary considerations in choosing a mobile platform, you have a tough decision ahead of you. Using Windows Mobile 6.5 might not be the best choice in the long run, so your real decision is between Windows Phone 7, iOS 4.3, and Android. (Note that I don’t discuss Nokia’s Symbian platform as an option, because it has no unified native application for Exchange Server synchronization, although most versions of Symbian are on pretty much the same integration level as Android.)
It’s more than obvious that what the market needs is a real successor to Windows Mobile 6.5—but whether Microsoft will provide that option anytime soon remains to be seen. For a summary of which EAS features are supported by Windows Mobile 6.5, Windows Phone 7, iOS 4.3, and Android 2.2, see Microsoft’s Exchange ActiveSync Client Comparison Table.