Results 1 to 19 of 19
Like Tree1Likes
  • 1 Post By Ali Babba
  1. rkgriffin's Avatar
    Member

    Posts
    41 Posts
    Global Posts
    46 Global Posts
       #1  
    Anyone connecting their WP8 to a corporate Exchange environment? Looks like there is one major issue I have found. My company enforces "Require encryption on device" and "Require encryption on storage card". The device encryption works great though it requires that you are logged into a Microsoft Live account which we all are anyway.

    The problem is with the storage card option. WP8 seems to not support this option at all. This testing was done on a Nokia 920 which doesn't even have a storage card option. Has anyone tested with a Nokia 820 or HTC?

    BTW, this same issue is also affecting the Microsoft Surface which does have a storage card option. This is a huge issue since my company might not be able to allow any Windows phones to connect to ActiveSync. I am sure a lot of other companies use this exact same policy and could really damage WP8 ability to be used by large companies.
  2. Edwin4NOH8's Avatar
    Member

    Posts
    21 Posts
    #2  
    I have an 8X by HTC and I am running into a problem with EAS Policies as well. I am on an Exchange 2010 server/Active Sync 14.

    I have only found info on what policies WP7 supports. Can't find anything for WP8 yet. I believe WP8 supports "device encryption" which WP7 could not. I'm leaning towards the policy "require encryption on storage card". I've also read that it could be the number of number of emails it allows to be set on the device. There was a user who reported once they changed it to "unlimited" their WP8 was able to apply EAS policies.

    I'll be able to look into these more when I'm back at work on Monday. Until then...enjoy your Thanksgiving!
  3. iamtim's Avatar
    Member

    Posts
    1,188 Posts
    Global Posts
    1,360 Global Posts
    #3  
    I'm not having any problems syncing with my Exchange 2010 server, although we don't use the encryption policies. Just a passcode requirement and that works fine.
  4. Ali Babba's Avatar
    Member

    Posts
    150 Posts
    #4  
    SMH over this one.. MS should have tested this. Wow..
    CapnPauly likes this.
  5. daviddsims's Avatar
    Member

    Posts
    22 Posts
    Global Posts
    23 Global Posts
    #5  
    I am returning my 920 because I have ran into the same issue. How could they miss this?
  6. socialcarpet's Avatar
    Banned

    Posts
    1,893 Posts
    Global Posts
    1,966 Global Posts
    #6  
    I connect to my corporate exchange server for Outlook mail and I've had no problems at all. I don't know about the encryption requirements though. But I am friendly with the IT guys at work so I can ask them for details.
  7. fardream's Avatar
    Member

    Posts
    352 Posts
    #7  
    Quote Originally Posted by rkgriffin View Post
    Anyone connecting their WP8 to a corporate Exchange environment? Looks like there is one major issue I have found. My company enforces "Require encryption on device" and "Require encryption on storage card". The device encryption works great though it requires that you are logged into a Microsoft Live account which we all are anyway.

    The problem is with the storage card option. WP8 seems to not support this option at all. This testing was done on a Nokia 920 which doesn't even have a storage card option. Has anyone tested with a Nokia 820 or HTC?

    BTW, this same issue is also affecting the Microsoft Surface which does have a storage card option. This is a huge issue since my company might not be able to allow any Windows phones to connect to ActiveSync. I am sure a lot of other companies use this exact same policy and could really damage WP8 ability to be used by large companies.
    it's designed that way, so unless your company turns that storage card option off, you are out of luck, like me.... It sucks so bad because Lumia 920 doesn't have a card slot, and that server is a ms product...
  8. manicottiK's Avatar
    Member

    Posts
    405 Posts
    #8  
    The SD card in WP8 is read-only. It can't be encrypted because it can't be written to. Likewise, since it can't be written to, it can't be a means of moving unencrypted corporate content off of the device. See Writing to SD card in WP8 for confirmation from Microsoft.

    I realize that this probably doesn't help you, but it might convince your IT security guys.
  9. iamtim's Avatar
    Member

    Posts
    1,188 Posts
    Global Posts
    1,360 Global Posts
    #9  
    ...fi that's the case, how does my 820 write pictures to the SD card? Why are there options in the "phone storage" settings to put pictures, music, and videos on the SD card?
  10. fardream's Avatar
    Member

    Posts
    352 Posts
    #10  
    Quote Originally Posted by manicottiK View Post
    The SD card in WP8 is read-only. It can't be encrypted because it can't be written to. Likewise, since it can't be written to, it can't be a means of moving unencrypted corporate content off of the device. See Writing to SD card in WP8 for confirmation from Microsoft.

    I realize that this probably doesn't help you, but it might convince your IT security guys.
    Wp8 can write to SD card, but msft doesn't provide that functionality to developers.....
  11. Edwin4NOH8's Avatar
    Member

    Posts
    21 Posts
    #11  
    Quote Originally Posted by socialcarpet View Post
    I connect to my corporate exchange server for Outlook mail and I've had no problems at all. I don't know about the encryption requirements though. But I am friendly with the IT guys at work so I can ask them for details.
    You have a phone with an SD card like the 820 OR your requirements may only be to have a PIN on the phone.

    Quote Originally Posted by manicottiK View Post
    The SD card in WP8 is read-only. It can't be encrypted because it can't be written to. Likewise, since it can't be written to, it can't be a means of moving unencrypted corporate content off of the device. See Writing to SD card in WP8 for confirmation from Microsoft.

    I realize that this probably doesn't help you, but it might convince your IT security guys.
    The 8X and 920 do not have SD cards. It can't be encrypted because it doesn't exist. The issue is that the response from WP8 on these phones without SD cards might be FALSE instead of TRUE to allow the EAS policy to be applied correctly.

    Quote Originally Posted by iamtim View Post
    I'm not having any problems syncing with my Exchange 2010 server, although we don't use the encryption policies. Just a passcode requirement and that works fine.
    You also have an 820 so you could apply the policy to encrypt your SD card if that was one of the requirements. But I can't say for sure since you say your only requirement is a PIN. There might be another policy (ies) that aren't being applied correctly in environments where additional policies are required.
  12. Edwin4NOH8's Avatar
    Member

    Posts
    21 Posts
    #12  
    I checked our EAS Policy and I can't think of anything in there that would prevent my 8X from being able to apply those policies.

    Password Policies:
    Enable Password recoveryAllow simple password
    Minimum password length: 4
    Password expiration: 60
    Enforce password history: 12

    Sync Settings:
    Include past calendar items: AllInclude past e-mail items: All
    Allow synchronization when roaming
    Allow HTML formatted email
    Allow attachments to be downloaded to the device

    The only way I was able to get it to sync was to Allow non-provisionable devices. Will keep checking various things and report back.
  13. Alan Meeus's Avatar
    Member

    Posts
    1 Posts
    #13  
    Thanked by:
  14. Edwin4NOH8's Avatar
    Member

    Posts
    21 Posts
    #14  
    By process of elimination I determined that my issue was that "Allow Direct Push when roaming" needed to be checked. This is not enabled on our default policy.

    Back to OP: I was NOT able to sync my email on my 8X if I had "Require encryption on storage card" enabled. I could if I only set "Require encryption on device" Neither of these are required in our environment so it's not part of either of our EAS policies.

    Thanks for providing that PDF Alan. I couldn't find something when I looked earlier this month.
    Last edited by Edwin4NOH8; 11-30-2012 at 11:32 AM. Reason: Corrected my findings for OP
  15. empirsm's Avatar
    Member

    Posts
    1 Posts
    #15  
    @Edwin4NOH8: Did I understand you correctly that you are saying that you have a WP8-Phone without a SD card slot and you are able to sync with your corporate EAS? And the conditions for that are turning off "Require encryption on storage card" and turning on "Allow Direct Push when roaming" in the policies? So there's hope for my lumia 920.

    Br,
    empirsm
  16. Edwin4NOH8's Avatar
    Member

    Posts
    21 Posts
    #16  
    Quote Originally Posted by empirsm View Post
    @Edwin4NOH8: Did I understand you correctly that you are saying that you have a WP8-Phone without a SD card slot and you are able to sync with your corporate EAS? And the conditions for that are turning off "Require encryption on storage card" and turning on "Allow Direct Push when roaming" in the policies? So there's hope for my lumia 920.

    Br,
    empirsm
    That's correct. It was the Direct Push Roaming being disabled that prevented me from syncing. I also tested SD card encryption as that's the OP's culprit and that made synching fail for me as well. The 8X does not have an SD card andt WP8 is unable to apply that policy correctly.
  17. myrandex's Avatar
    Member

    Posts
    31 Posts
    #17  
    I know this is a longtime dead thread, but I did want to post an update for people that stumble onto it.

    My company requires Device Encryption and Storage Card Encryption. Using GDR2 and GDR3, my Nokia Lumia 920 will work fine. The phone becomes encrypted and because there is no storage card it responds appropriately.

    For devices that support storage cards, like my Lumia 1520, that will still fail. Running the latest GDR3 update the phone will fail to encrypt the card so this brand new Lumia 1520 is worthless and unusable for me.

    Fingers crossed for WP8.1 fixing this.

    Jason

    Sent from my Nokia Lumia 920 using Tapatalk
  18. manicottiK's Avatar
    Member

    Posts
    405 Posts
    #18  
    Quote Originally Posted by myrandex View Post
    For devices that support storage cards, like my Lumia 1520, that will still fail. Running the latest GDR3 update the phone will fail to encrypt the card so this brand new Lumia 1520 is worthless and unusable for me.

    Fingers crossed for WP8.1 fixing this.
    It may be worth talking to your company to explain that your device treats the SD card as a read-only device with respect to the data it extracts from their Exchange server. That is, unlike an Android device, Windows Phone 8 lacks the ability to move email to the unencrypted SD card and thus doesn't need to encrypt it to protect the firm. They may be willing to create a policy for you and other with such devices.

    It is expected that WP8.1 will make greater use of the SD card. It isn't yet public knowledge if that includes letting messages be saved to the card. If it does, you should tell your firm that the need for a special WP8 EAS policy group will disappear later in the year.

    My firm (a university) is establishing at least three policy groups with differing levels of encryption to accommodate different devices. We'll pages out the two lower levels at the end of 2014 so that owners of older Android, iOS, and WP devices that can't encrypt have fair warning that they'll need to upgrade to maintain access to email.
  19. myrandex's Avatar
    Member

    Posts
    31 Posts
    #19  
    Yea I tried and they won't budge on the issue. And unfortunately the 8.1 developer preview doesn't appear to fix this problem.

Posting Permissions

B