Use the Exchange Server connector in System Center 2012 Configuration Manager when you want to manage mobile devices that connect to Exchange Server (on-premise or online) by using the Exchange ActiveSync protocol, and you cannot enroll them by using Configuration Manager. When you manage mobile devices by using the Exchange Server connector, this does not install the Configuration Manager client on the mobile devices, which means that some management functions are limited. For example, you cannot install software on them or use configuration items to configure them. For more information about the different management capabilities that you can use with Configuration Manager for mobile devices, see Determine How to Manage Mobile Devices in Configuration Manager.
Important |
---|
Before you install the Exchange Server connector, confirm that the version of Exchange that you are using is supported by Configuration Manager. For more information, see Supported Configurations for Configuration Manager. |
When you use the Exchange Server connector, the mobile devices can be managed by the settings that you configure in Configuration Manager instead of being managed by the default Exchange ActiveSync mailbox policies. Define the settings that you want to use in the following group settings: General, Password, Email Management, Security, and Application. For example, in the Password group setting, you can configure that mobile devices require a password, the minimum password length, password complexity, and whether password recovery is allowed.
When you configure at least one setting in the group, Configuration Manager manages all settings in the group for mobile devices. If you do not configure any setting in a group, Exchange Server continues to manage the mobile device for those settings. Any Exchange ActiveSync mailbox policies that are configured on the Exchange Server and assigned to users will still be applied.
You can also configure the Exchange Server connector to manage the Exchange Server access rules and allow or block, or quarantine mobile device. You can remotely wipe a mobile device by using the Configuration Manager console and users can remotely wipe their mobile devices by using the Application Catalog.
A user’s mobile device appears in the Application Catalog automatically when it is managed by the Exchange Server connector and the Exchange Server is on-premise. When you configure the Exchange Server connector for Exchange Online, you must manually configure user device affinity for the user’s mobile device to appear in the Application Catalog. For more information about how to manually configure user device affinity, see How to Manage User Device Affinity in Configuration Manager in the Deploying Software and Operating Systems in System Center 2012 Configuration Manager guide.
Tip |
---|
If you manage a mobile device by using the Exchange Server connector and the mobile device is transferred to another user, delete the mobile device from the Configuration Manager console before the new owner of the mobile device configures their Exchange account on this transferred mobile device. |
Required Security Permissions
Installing and Configuring an Exchange Server Connector
Use the following procedure to install and configure an Exchange Server connector to manage mobile devices. Configuration Manager supports one connector only in an Exchange organization. After you complete these steps, you can monitor the mobile devices that are found and managed by the connector when you view the collections that display mobile devices, and by using the reports for mobile devices.
Note |
---|
Configuration Manager generates names for the mobile devices that it finds by using the format UserName_DeviceType. If a user has more than one mobile device that has the same device type, Configuration Manager displays the same name for these mobile devices in the console and in reports. |
To install and configure an Exchange Server connector
-
Decide which account will connect to the Exchange Client Access server to manage the mobile devices. The account can be the computer account of the site server or a Windows user account. Then configure this account to run the following Exchange Server cmdlets:
- Clear-ActiveSyncDevice
- Get-ActiveSyncDevice
- Get-ActiveSyncDeviceAccessRule
- Get-ActiveSyncDeviceStatistics
- Get-ActiveSyncMailboxPolicy
- Get-ActiveSyncOrganizationSettings
- Get-ExchangeServer
- Get-Recipient
- Set-ADServerSettings
- Set-ActiveSyncDeviceAccessRule
- Set-ActiveSyncMailboxPolicy
- Set-CASMailbox
- New-ActiveSyncDeviceAccessRule
- New-ActiveSyncMailboxPolicy
- Remove-ActiveSyncDevice
Note The following Exchange Server management roles include these cmdlets: Recipient Management; View-Only Organization Management; and Server Management. For more information about management role groups in Exchange Server 2010, see Understanding Management Role Groups. - Clear-ActiveSyncDevice
-
In the Configuration Manager console, click Administration.
-
In the Administration workspace, expand Hierarchy Configuration, and then click Exchange Server Connectors.
-
On the Home tab, in the Create group, click Add Exchange Server.
-
Complete the Add Exchange Server wizard. For the Exchange Server Connector Account, specify the account that you configured in step 1.
Tip If you also enroll mobile devices with Configuration Manager, enable the option External mobile device management to ensure that these mobile devices continue to receive email from Exchange after they are enrolled by Configuration Manager.