The Android Revolution has happend at work...

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Well it's happened. More and more of our Users are getting Android Devices on the company plan. As the exchange administrator I'm thinking it's probably time to write up some policies around the use of the company devices. We arent' strict by any means, if you need to make a personal call make a personal call. Want to download a game or something ok fine. We are just a small manufacturing company that uses the devices to keep everyone in contact.

Anyways Just curious to the exchange administrators out there how are you dealing with the use of Android devices on your network? I know a while back that security policies and device encryption was a challenge, and some other things proved to be challenging.

If anybody has an real world examples and input I would love to hear them.
 
Joined
Jan 25, 2007
Messages
983
We use Google Apps, so we love them. To enforce policies from the domain though the users had to install Device Policy, not sure how that applies to an Exchange house.

If you have savvy users - tell them to stay away from non-standard markets, unless you want to have to deal with malware infected phones.
 

Hallis

Supreme [H]ardness
Joined
Oct 26, 2001
Messages
4,558
Are these people all on local WiFi with their phones? I'd be tempted to make them use their cell carrier for all traffic. things have a way of finding their way onto phones, and then onto unsuspecting networks.

do you have an OWA setup or just a local exchange server?
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
These people are using their phones on their respective networks. We do have OWA enabled to have people check their mail. I would like to think we have a good setup in house with AV, Firewalls and safety measures.

I'm not sure I'm worried about the markets or anything like that since the users don't even know what the market is. I personally wish we would have gotten them blackberries.
 

MrGoat

[H]ard|Gawd
Joined
Mar 21, 2007
Messages
1,574
I personally wish we would have gotten them blackberries.

Just say no to BES. Back in the day it got the job done when there were no other good ways to handle it, these days its just an extra headache you don't need.

So far as security and whatnot goes force passwords by policy and remote wipe anyone who gives you greif about it...:D When folks break their phones factory reset from the recovery rom and call it a day, the good news is that anything important to the company is typicaly stored in exchange.
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
Bes Express does a great job for us. I have no complaints and it gives us some flexibility for users who want to use a blackberry
 

cyr0n_k0r

Supreme [H]ardness
Joined
Mar 30, 2001
Messages
5,360
I know the iphone has a native exchange connector. It displays when setting up a new email account, and is among the other options like pop3 and imap.

We are also considering what to do with iphones and andriods/other smart phones. I haven't tested things fully because all our users have blackberries right now anyway, but I was hoping we could just enable imap4 on our exchange server and call it good. Then our users are free to go out and get whatever phone they want and I can get rid of our BES express server.
 

Hallis

Supreme [H]ardness
Joined
Oct 26, 2001
Messages
4,558
I know the iphone has a native exchange connector. It displays when setting up a new email account, and is among the other options like pop3 and imap.

We are also considering what to do with iphones and andriods/other smart phones. I haven't tested things fully because all our users have blackberries right now anyway, but I was hoping we could just enable imap4 on our exchange server and call it good. Then our users are free to go out and get whatever phone they want and I can get rid of our BES express server.

The iphone should be able to connect up to an OWA and get the email just as if it were a POP3 account. I've set up a few on different OWA's and it's fairly slick.
 

C7J0yc3

[H]ard|Gawd
Joined
Dec 27, 2009
Messages
1,353
First off for iPhone / Android / WebOS / Windows = Active Sync.

Secondly BES Express > every other BB technology. We played with NotifySync for a while and liked it on the blackberry, but BES Express is where it is at for small companies.

For work since we are all IT guys we really don't have any policies except a device password setup on the phone itself and we have remote wipe capabilities on the server for all the various phones we have. What we suggest for customers is to allow everything, require a password, and disable services on phones as you see necessary (say you have an employee that you don't want installing apps on their phone because they keep breaking it through jailbreak or something of the like, disable their ability to install apps). Also write a policy about jailbreaking phones not allowing it due to security risks. If people ask you what risks, point them to me and I will feed them a list of articles showing how to completely own jailbroken / rooted phones.
 

cyr0n_k0r

Supreme [H]ardness
Joined
Mar 30, 2001
Messages
5,360
our users own their phones. We cannot dictate to them what they can or cant do with their device. The only policy we have right now is that they must have a smartphone with a data plan to be able to check their company email anytime.

It just so happens that everyone bought blackberries because it was "encouraged". The only thing we use bes express for is to activate the phones... thats it. We do not enforce any IT policies on the phones what so ever. And we are increasingly being asked why they cant just go out and buy an iphone or android phone and it is getting harder for us to give them any legitimate reason why they shouldn't.
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
I few of our users own their own devices too. I'm not so much looking to encrypt the hell out of their devices, but maybe more dictate that if their devices get stolen or lost that I need to be one of the first few people to know about it. That way I can get the device wiped of company data that not just anybody should have.

Thoughts on that?
 

Hallis

Supreme [H]ardness
Joined
Oct 26, 2001
Messages
4,558
If all they need access to is email then let them buy iPhones says I. Like i said they can access OWA pretty seemlessly. Not sure about Android phones though. Although i'd be suprised if they couldn't as well.

As for the OP. lots of options. as long as these people are only tied into OWA I dont see a real issue. No need to Micro Manage them since they're on their own carriers. No real need to make any chances to what you've got. If they want something other then they're getting. Then they'll get a Blackberry.
 

C7J0yc3

[H]ard|Gawd
Joined
Dec 27, 2009
Messages
1,353
To all with concerns about personal devices, the way to handle that is to remind the employee that if you join the phone to the company exchange server, you are now housing company proprietary / confidential data on your phone, and it needs to be secured the same way that their company issue laptop is.

The easiest way to secure the device without really impacting the user it to use exchange to enforce a 4 digit password. That way if the phone does get lost someone can't just get right in. The user also needs to inform IT so that they can do a remote wipe.

From what we have found, most end users ditched having an actual exchange account and just logged into webmail because they didn't like the idea that IT was able to make changes to their personal device without them objecting. My response to those people is tough shizzle, if your iPhone was purchased for you by the company and was a company asset it wouldn't be any different, you just want to be able to take it with you when you leave so you bought your own, doesn't mean you don't have to comply to IT policy.
 
Top