Activesync policy enable device encryption

Hi,
I have one query about sync policy.
If iPhone/android phone lost after enabling the enable device encryption policy.
is any way to recover data from that iPhone ?
Thanks
Deepak

Sorry. Your question isn't clear.  If you don't want to force encryption on them, then why would you require device encryption?
What are you trying to accomplish? What would be the logic of requiring device encryption, but exempting one group of users from that requirement?

Similar Messages

  • Active sync policy - device encryption

    Hi
    We have a exchange 2007 server with active sync. We have enabled the actrive sync policy device encryption. But when i try to sync with my android HTC desire who dosent have device encryption support it works anyway and i can sync emails etc. Must I
    do someting else to enforce that active sync policy? Allow non-provisonable devices is not checkt.

    “The iPhone 3GS supports device encryption, and is the first version to do so. Previous iPhone models, including the iPhone 3G, do not
    support device encryption. Additionally,
    before iPhone OS 3.1, these devices did not communicate their policy status correctly, resulting in the devices being able to connect to Exchange Server, even if your Exchange ActiveSync policy required device encryption and did not allow non-provisionable
    devices”
    ---------Refer to <Exchange
    ActiveSync and iPhone OS 3.1>
    According to the article above, if the device doesn’t support encryption, it would not apply the policy correctly. Also, the non-allowed
    device can’t be prevented from accessing the mailbox
    “Device encryption enabled: This setting enables encryption on the device.
    Not all devices can enforce encryption. For more information, see the device and mobile operating system documentation”
    ---------Refer to <Understanding
    Exchange ActiveSync Mailbox Policies>
    So, you need to contact the manufacturer of the mobiles, and confirm if the device support device encryption
    Workaround: Add the allowed device ID to all current phone users so that they can only synchronize the mailbox with specific devices. For all other users who don’t have the device
    currently, you can add a fake device ID to prevent the initial synchronization, and add the correct ID when you confirm that the phone supports device encryption (Reference)
    Notes: If you have exchange 2010, you can set quarantine for all the devices that
    try to synchronize as Rich said. Then, approval message can be sent to you. if you confirm that the device support device encryption, a simple click on approval message will allow the synchronization to proceed again
     “Currently, only the storage card can be encrypted on devices running Windows Mobile 6.0. We recommend that you don't
    use this setting and use the RequireStorageCardEncryption parameter instead”
    ---------Refer to <New-ActiveSyncMailboxPolicy>
    James Luo
    TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
    If you have any feedback on our support, please contact
    [email protected]

  • Any way to apply ActiveSync Policies by device?

    Trying to find a conclusive answer to where this is possible or not...
    Essentially, we have some users who wish to access email from Surface Pro tablets using activesync. Our existing policies that we enforce would require them to encrypt both the device, and any attached SD cards. The requirement for encrypted SD cards
    doesn't work with the Surface Pro tablets, thus they would not be able to sync mail under the current policy. Since we have other means of securing the tablets, I'd like to relax that rule only for the surface pro, while keeping it in place for other devices
    such as iPhone and Android. The problem is that since ActiveSync policies are applied at the user level, any user with multiple devices would get the relaxed policy regardless of device.
    I was wondering if there was a creative way to enforce different policy aspects based on the type of device, rather than the user owning the device.

    Not if you are using policies, no.
    You can allow Devices by user however and set-casmailbox
    ActiveSyncAllowedDeviceIDs
    Optional
    Microsoft.Exchange.Data.MultiValuedProperty
    The ActiveSyncAllowedDeviceIDs parameter accepts a list of device IDs that are allowed to synchronize with the mailbox.
    However, devices are not blocked from synchronizing unless this parameter is used together with settings that are defined by the
    set-ActiveSyncOrganizationSettings –DefaultAccessLevel cmdlet.
    Note:
    When you use the set-ActiveSyncOrganizationSettings –DefaultAccessLevel cmdlet, devices can still be blocked if they do not comply with a specific ActiveSync policy, regardless of whether the device is allowed by the list that is provided
    to ActiveSyncAllowedDeviceIDs. 
    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

  • Nokia Lumia 625 device encryption

    Hello,
    From reading the posts on here it is a commonly held belief that WP8 devices have device encryption enabled by default.
    Having discovered my HTC Sensation running Android only permits encryption of the SD card (HTC removed this in more recent versions of Android) when I was selling it I want to get device security.
    Is there anyone that can confirm this or point me in the direction of a link that confirms this?
    Regards,
    A

    Hello,
    Thank you for your reply and link.
    I am interested in whole device encryption from the point of losing my device so with pin code security is enabled my data is safe from unauthorised parties.
    My old Nokia E71 and E72 had this option as does my current Nokia E6 (belle refresh) my and Samsung Galaxy S4 (android 4.3).
    I understand newer iPhones encrypt the device by default.
    Your link was helpful, however I read somewhere (apologies no link) that whilst WP8 has bitlocker / encryption it is not available to consumers as it needs implantation as an enterprise security policy using Exchange mail. Although someone else suggested that use of Office 365 would permit this, sadly they did not elaborate.
    Hence my confusion. Its a shame Nokia / MS can't explicitly state if WP8 encrypts data by default as per iPhones or if encryption / bitlocker is enterprise only.
    Its a deal breaker for me, as I got the Lumia to see how WP8 compares to Android.
    Nokia and or MS need up their game as not only does my Samsung Galaxy S4 have device level and SD card encryption (as explicit menu options), it also has an App called Knox which appears to run apps inside an password protected encrypted sandbox. Overkill for me I think but its food for thought!
    A

  • Windows 8.1 Device Encryption and MBAM

    According to this TechNet article http://technet.microsoft.com/en-us/library/dn306081.aspx Windows 8.1 now has a feature called device encryption that will encrypt the drive
    after windows installation. It says in the above TechNet article that "If you have configured this Group
    Policy setting with the option Save BitLocker recovery information to Active Directory Domain
    Services unchecked, device encryption will be prevented because device encryption requires that the recovery password be backed up to AD DS if the device
    is domain-joined." Is there any way to get MDOP 2014 (mainly MBAM 2.5) to put the recovery key on our MBAM server? We are currently using MBAM 1.0 and are planning to upgrade. If this request is possible then it will accelerate our upgrade plans. 
    Thanks for your help! 

    Hi,
    MBAM stores the recovery key in the MBAM database. You have to configure GPO using the MBAM admx files and install MBAM Client on your target machines.
    /Oliver

  • Are there any plans to fix the misinterpretation of the Exchange ActiveSync policy "Minimum number of character sets"  in IOS6?

    We are testing using IOS6 in our Corporate environment and came across a scenario where IOS6 incorrectly interprets the Exchange 2010 ActiveSync policy "Minimum number of character sets" as the number of special characters required rather than the number of character sets required. Is anyone aware of any plans to correct this in future releases? Here is a thread on Microsoft's forums about the issue:
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/fe05 1d55-24ba-45e4-b054-67861f28422d/

    We have tried Android, Windows Phone7/8 and they all adhere to the "Minimum number of character sets" set in the ActiveSync policy, but IOS does not.
    Require an alphanumeric password   Select this check box to require device passwords to contain both numbers and letters. The default is numbers only.
    Passwords must include this many character sets   To enhance the security of device passwords, you can require passwords to contain characters from multiple character sets. Select a number from 1 to 4. The sets are letters, uppercase letters, numbers, and symbols. For example, if you select 3, passwords must contain characters from three of these sets.
    All other mobile device except IOS 5.x/6.X don't follow this.
    You have to select "Require an alphanumeric password" which is letters and numbers.  But then you can only select 1-4 for the character sets. 
    So we set it at 1, so that would mean you would only need letters and numbers, IOS does not reconize letters, letters uppercase, numbers or symobols as a charator set, it interprets the setting as how symbols you need.
    If you set it at 2, then IOS makes you have "2" symbols in your password.....and so on...
    Make sense?
    It just seems that IOS does not reconize charator sets, it just looks at the number as how many symbols you need in a password.

  • If I download a song, album or playlist from iCloud to an iTunes Match enable device, can I delete the download at a later date if I need to free up memory on the device?

    If I download a song, album or playlist from iCloud to an iTunes Match enable device, can I delete the download at a later date if I need to free up memory on the device?

    Hi,
    Yes.
    JIm

  • Can't Enable Device Management

    I am getting the dreaded  'An error with code -1 occurred' when trying to enable device management on 2 different XSAN deployments.  This is an secondary XSAN metadata controller.  The primary metadata controller starts up Device Management fine.  This is in the logs of the faulty system:
    1:: [17200] [2015/04/26 12:23:02.166] EXCEPTION:  Error <-[SCEPHelper odRootCertificate] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Base/Support/SCEPHelper.m:61): "'((SCEPHELPER_GetODRootCertificate(self.connection, &root, &rootCnt)))' error 1">
        USERINFO: {
            NSLocalizedDescription = "Operation not permitted";
    Any thoughts?  Thanks!
    Michael

    Sure.  Thanks for the reply and apologies on the slow response.  Again, from what I can tell,
    The environment is an XSAN deployment, so servers are on Yosemite 10.10.3, running Server 4.1.  DNS, OD and XSAN are running well on both.  Other services on this machine include Calendar, Messages and File Sharing, but all other services were set up after the failure of Profile Manager.
    Basically I cannot enable device management for Profile Manager.  Didn't work initially, so I tried the steps here: OS X Server: How to reset Profile Manager to its original state - Apple Support.  Didn't work again.  The log output makes me think it has a problem with the server's certificates, but server2 only has a SSL cert signed by server1.
    I must be missing something, so any thoughts greatly appreciated.
    devicemgrd.log output:
    [67233] [2015/04/30 14:49:55.925] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
    0:: [67233] [2015/04/30 14:49:55.928]
        devicemgrd-886.204 (PID:67233, OS:14D136, SERVER:14S1092, ARCH:x86_64) starting
        LA: devicemgrd
        Log verbosity level = 1
        UID = 220, EUID = 220
    1:: [67233] [2015/04/30 14:49:55.936] Incoming request: readSettings
    0:: [67233] [2015/04/30 14:49:56.059] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
    0:: [67233] [2015/04/30 14:49:59.048] Profile Manager service STOPPED
    1:: [67233] [2015/04/30 14:49:59.068] Wrote MDM URL bag to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/MDMServiceConf ig.json
    1:: [67233] [2015/04/30 14:49:59.068] Wrote DEP Anchor Certs to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/DEPAnchorCerts .json
    1:: [67233] [2015/04/30 14:49:59.078] Ready to receive external socket requests.
    1:: [67233] [2015/04/30 14:49:59.170] Incoming request: readAppDistributionSettings
    1:: [67233] [2015/04/30 14:49:59.173] Incoming request: readSimplifiedDeviceEnrollmentSettings
    [67337] [2015/04/30 14:50:35.699] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
    0:: [67337] [2015/04/30 14:50:35.712]
        devicemgrd-886.204 (PID:67337, OS:14D136, SERVER:14S1092, ARCH:x86_64) starting
        LA: devicemgrd
        Log verbosity level = 1
        UID = 220, EUID = 220
    0:: [67337] [2015/04/30 14:50:35.735] +[PGConnection reloadPreferences]: DBDebug = NO, DBLogNotices = NO, DBLogSQL = NO, DBMonitor = NO
    0:: [67337] [2015/04/30 14:50:37.930] Profile Manager service STOPPED
    1:: [67337] [2015/04/30 14:50:37.938] User 'nobody' not found, creating...
    0:: [67337] [2015/04/30 14:50:38.431] Loaded strings from '/Applications/Server.app/Contents/ServerRoot/usr/share/servermgrd/bundles/serv ermgr_devicemgr.bundle/Contents/Resources/en.lproj/default.strings'.
    1:: [67337] [2015/04/30 14:50:38.440] Incoming request: readSettings
    0:: [67337] [2015/04/30 14:50:38.655] -[NSString(devicemgr_Additions) dateFromOpenSSLString]: 'Apr 26 20:57:28 2017 GMT'
    1:: [67337] [2015/04/30 14:50:38.675] Wrote trust profile to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/Trust_Profile_ for_mdc02.mobileconfig
    1:: [67337] [2015/04/30 14:50:38.686] Wrote MDM URL bag to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/MDMServiceConf ig.json
    1:: [67337] [2015/04/30 14:50:38.688] Wrote DEP Anchor Certs to /Library/Server/ProfileManager/Config/ServiceData/Data/FileStore/DEPAnchorCerts .json
    0:: [67337] [2015/04/30 14:50:38.718] Parsing enterprise app icons
    1:: [67337] [2015/04/30 14:50:38.718] Parsing enterprise apps with missing icons...
    1:: [67337] [2015/04/30 14:50:38.720] Ready to receive external socket requests.
    0:: [67337] [2015/04/30 14:50:39.519] Created default profile 'Settings for Everyone'
    1:: [67337] [2015/04/30 14:50:39.523] Incoming request: readAppDistributionSettings
    1:: [67337] [2015/04/30 14:50:39.526] Incoming request: readSimplifiedDeviceEnrollmentSettings
    1:: [67337] [2015/04/30 14:50:45.889] Incoming request: writeSettings
    1:: [67337] [2015/04/30 14:50:45.911] EXCEPTION:  Error <-[SCEPHelper getIdentityDataForPersistentRef:encryptedWithPassword:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Base/Support/SCEPHelper.m:217): "'((SCEPHELPER_GetIdentityFromRef(self.connection, mCertRef, mCertRefCnt, mPassword, mPasswordCnt, &mPKCS12Data, &mPKCS12DataCnt)))' error 1">
        USERINFO: {
            NSLocalizedDescription = "Operation not permitted";
    1:: [67337] [2015/04/30 14:50:54.400] Completed parsing enterprise apps with missing icons!
    1:: [67337] [2015/04/30 14:51:21.438] Incoming request: activateOD
    1:: [67337] [2015/04/30 14:51:21.438] EXCEPTION:  Error <-[SCEPHelper odRootCertificate] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-886.204/Compiled/Fr amework-Base/Support/SCEPHelper.m:61): "'((SCEPHELPER_GetODRootCertificate(self.connection, &root, &rootCnt)))' error 1">
        USERINFO: {
            NSLocalizedDescription = "Operation not permitted";

  • Are there any plans to fix the misinterpretation of the Exchange ActiveSync policy "Minimum number of character sets"  in IOS5?

    We are testing using IOS5 in our Corporate environment and came across a scenario where IOS5 incorrectly interprets the Exchange 2010 ActiveSync policy "Minimum number of character sets" as the number of special characters required rather than the number of character sets required. Is anyone aware of any plans to correct this in future releases? Here is a thread on Microsoft's forums about the issue:
    http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/fe05 1d55-24ba-45e4-b054-67861f28422d/

    Thanks for the responses. I did submit this issue as a bug report earlier this morning also but thought I'd post here in the event any Apple insiders saw this and cared to comment. 
    This really is a significant problem in that our testing shows that the way IOS5 interprets this ActiveSync policy in Exchange 2010 does not allow you to enforce a password using just letters and numbers. This is because  the only valid values for this policy are 1-4. The way IOS5 interprets this requires 1-4 special characters in the password, not 1-4 character sets.

  • I want to connect to a bluetooth enabled device but don't know how

    I don't know how to connect to my bluetooth enabled device.  Please help.

    Hi,
    Your machine does NOT have Bluetooth therefore you can't connect to Bluetooth devices.
       http://support.hp.com/us-en/document/c02882598
    If you wish, a cheap option is to buy a dongle called USB-Bluetooth such as:
         http://www.officeworks.com.au/shop/officeworks/targus-bluetooth-4-0-usb-adapter-taacb75au
    (Much cheaper elsewhere)
    Regards.
    BH
    **Click the KUDOS thumb up on the left to say 'Thanks'**
    Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

  • WS Policy problem for encryption

    Hello,
    1- I'm using osb 10g3 and I have problems to configure ws policy for encryption.
    I have configured weblogic realm security to provide my keystore and also certificat path provider to register my trusted key
    and PKI credential mapper .but I have always the same soap fault :
    java.security.cert.CertPathBuilderException: [Security:090686]The CertificateRegistry could not build a certificate path for the subject key identifier
    My certif X509V3 public key
    . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
    Someone can help me to configure this step ?
    (i'm using soapui and for testing my proxy and the policy used is encrypt.xml policy
    Edited by: user11144716 on Jul 28, 2009 6:19 AM

    Can you post more details, like the annotations you used or the policy?

  • Cannot start VM - IDE Emulator Failed to Power on with Error 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.'

    HI all.
    New install of 2008R2 on HP DL-380 G6.  I have created (several) VM's none of which will start.  If I remove the IDE Hard Disk and add a DVD of the OS ISO, it will boot and start the install (although with no HDD). 
    It seems like the IDE controller is working ok - it is what the DVD drive is using, but it cannot mount a VHD.  The error indicates a driver is not working (although the DVD on IDE works fine) so something to do with VHD?  I can attach the VHD
    in disk management, so it does not seem corrupt - again I have tried with both dynamic and fixed VHDs.
    Full error is:
    'Test1' failed to start. (Virtual machine ID 4320D2D6-DF7E-40D2-BD0F-9562CBB9F052)
    'Test1' Microsoft Emulated IDE Controller (Instance ID {83F8638B-8DCA-4152-9EDA-2CA8B33039B4}): Failed to Power on with Error 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.' (0x80070422).
    (Virtual machine ID 4320D2D6-DF7E-40D2-BD0F-9562CBB9F052)
    'Test1': Failed to open attachment 'C:\Users\Public\Documents\Hyper-V\Virtual hard disks\New Virtual Hard Disk.vhd'. Error: 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.' (0x80070422).
    (Virtual machine ID 4320D2D6-DF7E-40D2-BD0F-9562CBB9F052)
    Any Ideas?

    Hi ,
    Did  you try to disable the services , if they are exsit :
    HP Smart Array SAS/SATAEvent notification
    HP Insight storage agents
    Then restart your server .
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • The iPhone G3 is not a WML enabled device

    I tried to get my boarding pass by "Mobile check-in" for a flight with AirCanada as I used to do with my Treo and I got a message that the iPhone is not a WML enabled device. Is there a way to modify the settings to allow the iPhone to allow mobile check-in?

    Is there a question here somewhere? What part of that message is unclear to you?

  • What is the difference between Hardware Encryption & On-Board Encryption & Device Encryption

    Hi
    Can anyone explain me, What is the difference between Hardware Encryption & On-Board Encryption & Device Encryption.
    Thanks

    http://images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf

  • HT2589 No matter how many times I've reset my iphone4 and reentered my account information I can't assess my music in iTunes Match or purchase or update any apps or music. How can I fix this. On enabled devices iTunes on my computer shows my iPhone with ?

    I can't access iTunes Match or make any Music or app purchases or updates after updating to iOS 6. No matter how many times I've reset my iphone4 and reentered my account information I can't assess my music in iTunes Match or purchase or update any apps or music. How can I fix this. On enabled devices iTunes on my computer shows my iPhone with ? marks.

    This may help.
    Fix for “No Content” on iPhone & iPod after iOS 4.2.1 update
    The try the standar fixes:
    - Reset. Nothing will be lost.
    Reset iPod touch:  Press and hold the On/Off Sleep/Wake button and the Home
    button at the same time for at least ten seconds, until the Apple logo appears.
    - Restore the iPod from backup via iTues
    - Restore the iPod factoery defaults/new iPod.

Maybe you are looking for

  • URGENT ! Forms (jar file vs directory and classes)

    Hi, Our java developper has made an applet that we have to integrate with Forms. I said that I need a jar file that I will put in the forms90/java directory. The java developper want's to deploy instead of a jar file the whole directory and sub direc

  • Applet in Tomcat-Urgent

    hai to everybody, i am using tomcat-4.1.27 and j2sdk-1.4.0_01 and i have been trying to load simple applet in HTML page by running tomcat server but it is displaying at the status bar as class not found, but it is showing the message Loading applet i

  • Ipod freezes PC

    When i connect my ipod to the pc it freezes(the explorer). I can't even access my stored data. When i disconnect the ipod, the explorer comes back. The ipod itself seems to be working good. I would appreciate some help, thanks.

  • Lightroom 2.6 update-All palettes on left side of screen gone!

    I was just wondering if anyone else had this same problem with the new lightroom 2.6 update. I installed the 2.6 update and everything works as it should except for this issue....When you go into the develop module all of the palettes(navigator/catal

  • How do you change the background color from black to another color on i movie

    How do you change the background color from black to another color on i movie