ActiveSync mailbox policy item fields are inventoried from Microsoft Exchange server and they cannot be changed. All fields are read-only.
Main: General
Attribute name |
Description |
Identity |
This field displays the ActiveSync mailbox policy's identity string. |
Is default policy |
This field displays whether the ActiveSync mailbox policy is a default policy or not. One policy can be designated to be the default policy for all new users. Possible values: Yes/No |
Allow non-provisionable devices |
This setting defines whether older mobile devices that may not support application of all policy settings are allowed to connect to Exchange server using ActiveSync. Possible values: Yes/No |
Device policy refresh interval |
This setting defines the interval how often the mobile device updates the ActiveSync mailbox policy settings from the Exchange server. |
Exchange server |
This field displays the Exchange server where the policy has been inventoried from. |
Distinguished name |
This field displays the distinguished name (DN) of the ActiveSync mailbox policy. |
Guid |
This field displays the GUID of the ActiveSync mailbox policy. |
Main: Password
Attribute name |
Description |
Require password |
This setting defines whether the mobile device requires a password. Possible values: Yes/No |
Require alphanumeric password |
This setting defines whether the mobile device requires an alphanumeric password that contains numeric and non-numeric characters. Possible values: Yes/No |
Minimum number of character sets |
This setting defines the complexity of the alphanumeric password. The number specifies how many different character sets are forced to be used in the password. Character sets: Lowercase letters, Uppercase letters, Symbols, and Numbers. |
Enable password recovery |
This setting defines whether password recovery is enabled or not. When Enable password recovery = Yes, the mobile device generates a recovery password which can be used to unlock the device if a user forgets his/her own password. Possible values: Yes/No |
Device encryption enabled |
This setting defines whether encryption is enforced on the mobile device. Notice that all mobile devices don't support encryption. Possible values: Yes/No |
Require encryption on device |
This setting defines whether encryption is required on the mobile device. Notice that all mobile devices don't support encryption. Possible values: Yes/No |
Require encryption on storage card |
This setting defines whether it is required to encrypt the mobile device's storage card. Notice that all mobile devices don't support encryption. Possible values: Yes/No |
Allow simple password |
This setting defines whether it is allowed to use a simple device password (e.g. "1234") on the mobile device. Possible values: Yes/No |
Number of failed attempts allowed |
This setting defines how many times an incorrect device password can be entered before the mobile device is erased. |
Minimum password length |
This setting defines the minimum length of the device password (number of characters). |
Password expiration (days) |
This setting defines the interval how often the mobile device's password must be changed. |
Enforce password history |
This setting defines the number of past passwords that cannot be reused as a device password. |
Main: Synchronisation settings
Attribute name |
Description |
Include past calendar items |
This setting defines the date range of past calendar items to be synchronized to the mobile device. Possible values: All, Two weeks, One month, Three months, and Six months |
Include past e-mail items |
This setting defines the date range of past email items to be synchronized to the mobile device. Possible values: All, One day, Three days, One week, Two weeks, and One month |
Limit e-mail size to (KB) |
This setting defines, in kilobytes, the maximum message size that is allowed to be downloaded to the mobile device. |
Maximum email HTML body truncation size |
This setting defines, in kilobytes, the size beyond which email messages are truncated when they are synchronized to the mobile device. |
Require manual sync when roaming |
This setting defines whether the mobile device must be synchronized manually while roaming. Manual synchronization can help to avoid large data costs that would be caused by automatic synchronization while roaming. Possible values: Yes/No |
Allow HTML formatted e-mail |
This setting defines whether email messages that are formatted in HTML are allowed to be synchronized to the mobile device. Possible values: Yes/No |
Allow attachments to be downloaded to device |
This setting defines whether it is allowed to download email attachments to the mobile device. Possible values: Yes/No |
Maximum attachment size (KB) |
This setting defines, in kilobytes, the maximum attachment size that is allowed to be downloaded to the mobile device. |
Require signed S/MIME messages |
This setting defines whether the mobile device is required to send signed S/MINE messages. Possible values: Yes/No |
Require encrypted S/MIME messages |
This setting defines whether encryption of S/MIME messages is required or not. Possible values: Yes/No |
Allow S/MIME soft certs |
This setting defines whether S/MIME software certificates are allowed on the mobile device. Possible values: Yes/No |
Require signed S/MIME algorithm |
This setting defines the algorithm that must be used to sign a message on the mobile device. |
Require encryption S/MIME algorithm |
This setting defines the encryption algorithm that must be used to encrypt a message on the mobile device. |
Allow S/MIME encryption algorithm negotiation |
This setting defines whether the mobile device's messaging application is allowed to negotiate the encryption algorithm if a recipient's certificate doesn't support the defined encryption algorithm. |
Main: Device
Attribute name |
Description |
Allow removable storage |
This setting defines whether the mobile device is allowed to access information that is stored on a removable storage (e.g. memory card). Possible values: Yes/No |
Allow camera |
This setting defines whether the mobile device's camera is allowed to be used. Possible values: Yes/No |
Allow Wi-Fi |
This setting defines whether wireless Internet connection is allowed from the mobile device. Possible values: Yes/No |
Allow infrared |
This setting defines whether infrared connections are allowed to and from the mobile device. Possible values: Yes/No |
Allow Internet sharing from device |
This setting defines whether it is allowed to use the mobile device as a modem for a computer. Possible values: Yes/No |
Allow remote desktop from device |
This setting defines whether the mobile device is allowed to initiate a remote desktop connection. Possible values: Yes/No |
Allow desktop synchronization |
This setting defines whether the mobile device is allowed to synchronize with a computer through a cable, Bluetooth, or infrared connection. Possible values: Yes/No |
Allow bluetooth |
This setting defines whether Bluetooth connections are allowed on the device. Possible values: Disable, HandsFree Only, Allow |
Mobile OTA update mode |
This setting defines the mobile OTA update mode. |
Allow mobile OTA update |
This setting defines whether the Exchange ActiveSync mailbox policy is allowed to be sent to the mobile device over a cellular data connection. Possible values: Yes/No |
Allow external device management |
This setting defines whether an external device management program is allowed to manage the mobile device. Possible values: Yes/No |
IRM enabled |
This setting defines whether Information Rights Management features are enabled on the mobile device. The IRM features provide persistent online and offline protection of e-mail messages and attachments. Possible values: Yes/No |
Main:Device applications
Attribute name |
Description |
Allow browser |
This setting defines whether use of Pocket Internet Explorer is allowed on the mobile device. Notice that this setting doesn't control access to other browsers. Possible values: Yes/No |
Allow consumer email |
This setting defines whether the mobile device is allowed to access email accounts other than Microsoft Exchange accounts. Consumer email accounts include accounts that are accessed through POP3 and IMAP4. Notice that this setting doesn't control access to third-party email applications. Possible values: Yes/No |
Allow unsigned applications |
This setting defines whether it is allowed to install unsigned applications to the mobile device. Possible values: Yes/No |
Allow unsigned installation packages |
This setting defines whether running unsigned installation packages is allowed on the mobile device. Possible values: Yes/No |
Allow text messaging |
This setting defines whether text messaging is allowed on the mobile device. Possible values: Yes/No |
Allow POP/IMAP email |
This setting defines whether the use of POP/IMAP emails is allowed on the mobile device. Possible values: Yes/No |
Main:Other
Attribute name |
Description |
Blocked applications |
This setting defines the applications that are prohibited from running on the mobile device. |
Allowed applications |
This setting defines the applications that are allowed to be installed or ran on the mobile device. |
WSS access enabled |
This setting defines whether the access to files stored on Microsoft Windows SharePoint Services sites is enabled on the mobile device. |
UNC access enabled |
This setting defines whether the access to files stored on Universal Naming Convention (UNC) shares (or Windows File Shares) is enabled on the mobile device. |