Printer Friendly Version
Overview
One of the most common tasks when deploying iPhones and iPads into the enterprise is connecting them to the organization's e-mail system. This is simple enough for one or two devices, but what happens when there are 10 or even 100 devices to deploy? In these instances, creating a configuration policy with the iPhone Configuration Utility will save you time and quite possibly a little sanity.
Quite often, the email systems being connected to are Microsoft Exchange based so connectivity through Exchange ActiveSync is the preferred method. Exchange ActiveSync offers a number of advantages over other mail connection methods such as IMAP or POP3/SMTP . One major consideration for enterprises is that Exchange ActiveSync allows remote wiping a configured device. If a user ever loses their device, you can remotely wipe all data on it simply and easily. This includes the devices' AES encryption key, rendering any data that could be recovered unusable.
Today we'll walk through creating an iOS device configuration profile to connect to e-mail through Exchange ActiveSync. To make this easy, I'll use the free iPhone Configuration Utility from Apple.
SolarWinds Network Performance Monitor (NPM) automatically discovers new devices from any vendor and quickly identifies the slowest-performing devices on your network.
Drag and drop network devices onto custom network maps to automatically view connections between devices and real-time performance statistics. Use SolarWinds NPM to configure alerts to notify you when network performance drops below key thresholds and to keep an eye on wired and wireless device performance from a single pane of glass. Download SolarWinds NPM today and be monitoring your network in under an hour!
Download a FREE, Fully-Functional 30-day TrialConfigure the General Payload
If youâre new to the iPhone Configuration Utility, or iPCU for short, now would be a great time to check out my previous article on the General Payload and creating a basic policy. For those comfortable with the iPCU, letâs forge ahead and launch the software. Click Configuration Profiles, and then click New on the toolbar. This creates a new profile and you should see the General Payload selected and its properties displayed.
Enter a Name, Identifier, Organization, Description, and Security option. For this example, Iâll enter âPetri Blog Exchange Demoâ for the Name, an Identifier of âil.co.petri.exchange.demo,â the Organization to âPetri,â a description of âExample Exchange ActiveSync iOS configuration Profile,â and I'll set the Security type to âAlways.â This screenshot shows this General Payload configuration.
Start Configuring the Exchange Payload
Now we can move on to the nitty gritty! Click the Exchange ActiveSync Payload for your profile and then click the Configure button that appears:
The payload will have the account name set to âExchange ActiveSyncâ by default. I recommend changing this to make things easier if you ever end up managing payloads configured to multiple Exchange servers. Iâll enter âPetri Blog Exchangeâ and move on to the Exchange ActiveSync Host field. This field is required and is either the DNS or IP address the device will use to find and connect to your mail server. As you can see, Iâve entered "mail.awesomewildstuff.com.â
Choose Features
The next four options are checkboxes. Will you allow the user to move mail between other mail accounts? If yes, click the checkbox for Allow Move, which is the default. If no, clear the checkbox. Do you want the user to send mail through this account from other apps on their device, such as Safari or iPhoto? If so, click the checkbox for Use Only In Mail. Does your company have an SSL certificate to secure remote connections? If yes, make sure the Use SSL checkbox is checked. Will you require the user to sign and encrypt outgoing email? If so, click the checkbox for Use S/MIME. A word of caution: using this option will require you to add certificates to the device most likely through the Credentials Settings payload.
I will leave the defaults, which have the Allow Move and Use SSL checkboxes selected, but the Use Only In Mail and Use S/MIME checkboxes not selected. You can see this in the previous screenshot.
Don't Set User Information
In most cases, you will leave the next four fields blank. This allows you the flexibility to use the profile youâre creating not just once, but multiple times, configuring many users to connect to your Exchange Server. By leaving Domain, User, Email Address, and Password blank, the user will be prompted for this information when the profile is deployed to their device. This is exactly what I want for this example, so Iâve left all of the fields blank.
Choose How Much Mail to Sync
Iâve chosen to configure the device to sync two weeks of e-mail to the device. Other options available in the Past Days of Mail to Sync dropdown list include Unlimited, One day, Three days, One week, and One month.
Finish up
In the current 3.4 release of the iPCU, the next option is Use SSL again. If you checked Use SSL earlier, check this box too, which is, like before, the default.. Otherwise leave this unchecked. I left Use SSL checked earlier so Iâll do so again.
The final two options relate to certificate based client authentication. If you have a certificate, select it here after youâve entered it using the Credentials Settings payload. The Make Identity Certificate Compatible with iOS 4 option is important only if youâre using a certificate, and if this configuration profile will be used on devices running iOS 4.x instead of 5.x. If this is the case, check this box. Otherwise leave the box unchecked. When the box is checked, the certificate is embedded in the Exchange ActiveSync payload for backward compatibility. iOS 5.x, on the other hand, allows the certificate to remain embedded in the Credentials Settings payload, so the extra overhead of embedding in the Exchange ActiveSync payload is no longer required.
Thatâs it! Deploy the new profile to as many devices as desired. It will only require the user to enter their e-mail address, domain, username, and password to get their push e-mail configured and synchronizing. Remember, once they do this youâll see the device registered to their account in your Exchange management tool. The type of tool varies by version of Exchange, but itâll be there. Now you can perform a remote wipe, check the last sync status, and more, without ever touching the device.
Summary
Simplifying iOS Microsoft Exchange connectivity is a great start for managing iPhones and iPads in the enterprise. In future articles, Iâll continue to dive into how to add additional functionality to your iOS device configuration profiles.
No comments:
Post a Comment