11/11/2008

The following lists the messaging features and capabilities that you can enable or disable by using System Center Mobile Device Manager (MDM) Group Policy settings. You can configure the settings to customize MDM through the MDM extensions to the Group Policy Management Console (GPMC) and Group Policy (GPO) Editor.

For more information on using Group Policy to manage devices in MDM, see Configuring Managed Devices with Group Policy.

For a list of MDM security settings available through Group Policy, see Security Policies in MDM.

Messaging Policies

The following sections show the messaging policies for MDM that are available under User Configuration\Administrative Templates\Windows Mobile Settings.

ActiveSync

Policy Description

Set message format (HTML or Plain Text)

This policy setting allows you to control the format in which email messages are synchronized. This policy is typically used to reduce network bandwidth by forcing messages to be downloaded in Plain Text format.

  • If this policy setting is Enabled, then you can select the message format in which messages are downloaded. The option on the device that allows the user to select the download format is disabled.

  • If this policy setting is Disabledor Not Configured, then the user can select the default format in which messages are downloaded.

Maximum Email age filter allowed

This policy setting allows you to limit the amount of e-mail history that is synchronized with the device. On the device, the user can choose to download all messages within a specified time period, such as one day or two weeks. This policy sets the maximum time period that the user can select. In addition to this policy, for security purposes you may want to have e-mail messages older than a specific number of days automatically removed from the device.

  • If this policy setting is Enabled, then you can specify the maximum time value that the user can select for downloading e-mail messages.

  • If this policy setting is Disabledor Not Configured, then the user is not restricted in the time values that can be selected.

Set maximum size limit for plain text email

This policy setting allows you to control the size of each message synchronized to the device. On the device, the user can select the maximum size limit for messages downloaded during synchronization. This policy sets the maximum value that the user can select.

  • If this policy setting is Enabled, then you can specify the maximum size limit that the user can select for messages downloaded during synchronization. The user can still choose to download the entire contents of a specific message.

  • If this policy setting is Disabledor Not Configured, then the user is not restricted in the size limit values that can be selected.

Set maximum size limit for HTML email

This policy setting allows you to control the size of each message synchronized to the device. On the device, the user can select the maximum size limit for messages downloaded during synchronization. This policy sets the maximum value that the user can select.

  • If this policy setting is Enabled, then you can specify the maximum size limit that the user can select for messages downloaded during synchronization. The user can still choose to download the entire contents of a specific message.

  • If this policy setting is Disabledor Not Configured, then the user is not restricted in the size limit values that can be selected.

Set age limit for calendar items

This policy setting allows you to limit the amount of calendar history that is synchronized with the device. On the device, the user can choose to download all calendar items within a specified time period, such as two weeks or one month. This policy sets the maximum time period that the user can select.

  • If this policy setting is Enabled, then you can specify the maximum time value that the user can select for downloading calendar items.

  • If this policy setting is Disabledor Not Configured, then the user is not restricted in the values that can be selected.

Set maximum attachment size allowed

This policy setting allows you to control the size of attachments that may be downloaded automatically with e-mail messages. You may wish to set this policy to reduce network bandwidth.

  • If this policy setting is Enabled, then you can specify the maximum size of attachments that may be downloaded automatically. In this case, users have to manually download attachments that are larger than the size you specify.

  • If this policy setting is Disabledor Not Configured, then the user is able to choose to automatically download attachments of any size.

Block synchronization when roaming

This policy setting allows you to block the Exchange ActiveSync Direct Push feature while roaming. Enabling this setting reduces mobile device users' roaming costs.

  • If this policy setting is Enabled, Exchange ActiveSync Direct Push is turned off while roaming. The Windows Mobile powered device user interface is grayed out to show that Direct Push is turned off. The user cannot change the setting.

  • If this policy setting is Disabledor Not Configured, Exchange ActiveSync Direct Push is turned on while roaming. The user can make the appropriate selections on the Windows Mobile powered device about how often to synchronize data.

Turn off Desktop PIM Sync

This policy setting allows you to prevent the user from synchronizing e-mail, contact, calendar, and task items with a desktop computer using ActiveSync.

  • If this policy setting is Enabled, then the user cannot synchronize e-mail, contact, calendar, or task items using ActiveSync. Users can still synchronize with Exchange servers over the air, and can continue to synchronize other types of information (such as media and files) with the desktop.

  • If this policy setting is Disabledor Not Configured, then the user is not restricted in using ActiveSync.

Server name

This policy setting allows you to help the user automatically establish an Exchange partnership by specifying the Exchange front-end (FE) server name. You may choose to set this policy if you are not using Exchange 2007 with the Autodiscover feature.

  • If this policy setting is Enabled, then the FE server name you specify is entered as the default server address for the user to use in configuring Exchange on the device.

  • If this policy setting is Disabledor Not Configured, then the user must enter the FE server name on the device manually.

Peak and Off-peak Settings

Policy Description

Peak days

This policy setting allows you to select which days of the week are considered peak days for scheduling Exchange ActiveSync synchronization. Peak is defined as the days and hours when wireless voice and data charges are highest.

  • If this policy setting is Enabled, then you can select each day of the week that you want to specify as a peak day. The user cannot change the peak days.

  • If this policy setting is Disabledor Not Configured, the user can specify the peak days in the Windows Mobile powered device.

Peak start time

This policy setting allows you to specify when the peak service period begins for scheduling Exchange ActiveSync synchronization. Peak is defined as the days and hours when wireless voice and data charges are highest.

  • If this policy setting is Enabled, then you can specify what time of day the peak service period begins. Specify the time in 24-hour format as HHMM. For example, specify 0800 for 8:00 am or 1930 for 7:30 pm. The user cannot change the peak start time that you specify.

  • If this policy setting is Disabledor Not Configured, the user can specify the peak start time in the Windows Mobile powered device.

Peak end time

This policy setting allows you to specify when the peak service period ends for scheduling Exchange ActiveSync synchronization. Peak is defined as the days and hours when wireless voice and data charges are highest.

  • If this policy setting is Enabled, then you can specify what time of day the peak service period ends. Specify the time in 24-hour format as HHMM. For example, specify 0800 for 8:00 am or 1930 for 7:30 pm. The user cannot change the peak end time that you specify.

  • If this policy setting is Disabledor Not Configured, the user can specify the peak end time in the Windows Mobile powered device.

Synchronization frequency during peak times

This policy setting allows you to define the maximum time interval that the user can set for scheduling Exchange ActiveSync synchronization during the peak service period. Peak is defined as the days and hours when wireless voice and data charges are highest. This policy allows you to control data costs.

  • If this policy setting is Enabled, then you can select the maximum time interval. The user can change the Exchange ActiveSync frequency schedule for the peak service period to any value that is less frequent than the policy setting.

  • If this policy setting is Disabledor Not Configured, the user can define any peak Exchange ActiveSync frequency schedule in the Windows Mobile powered device.

Synchronization frequency during off-peak times

This policy setting allows you to define the maximum time interval that the user can set for scheduling Exchange ActiveSync synchronization during the off-peak service period. Peak is defined as the days and hours when wireless voice and data charges are highest. This policy allows you to control data costs.

  • If this policy setting is Enabled, then you can select the maximum time interval. The user can change the Exchange ActiveSync frequency schedule for the off-peak service period to any value that is less frequent than the policy setting.

  • If this policy setting is Disabledor Not Configured, the user can define any off-peak Exchange ActiveSync frequency schedule in the Windows Mobile powered device.

Messaging SMIME policies

Policy Description

Require message signing

This policy setting allows you to specify whether the Inbox application requires that all messages must be signed. This policy is applicable only if you are using Microsoft Exchange 2003 SP2 or Microsoft Exchange 2007 SP1. The user must have a certificate on the mobile device which can be used to digitally sign outgoing e-mail messages.

  • If this policy setting is Enabled, then all messages must be signed.

  • If this policy setting is Disabledor Not Configured, then messages do not have to be signed.

Require message encryption

This policy setting allows you to specify whether the Inbox application requires all messages to be encrypted. This policy is applicable only if you are using Microsoft Exchange 2003 SP2 or Microsoft Exchange 2007 SP1. In order to use S/MIME, it must be enabled for use by OWA or EAS on the Exchange server.

Recipients must have a published public key (typically stored in Active Directory) accessible to the Exchange server in order to receive encrypted e-mail messages. A user who attempts to send an e-mail message to a recipient who does not have a published public key will receive an undeliverable message error.

  • If this policy setting is Enabled, then all messages must be encrypted.

  • If this policy setting is Disabledor Not Configured, then messages do not have to be encrypted.

Set signing algorithm

This policy setting allows you to specify which algorithm is to be used to sign a message.

  • If this policy setting is Enabled, then you can specify whether the default, SHA, or MD5algorithm is used for signing messages.

  • If this policy setting is Disabledor Not Configured, then the default signing algorithm is used.

Encryption algorithm

This policy setting allows you to specify which algorithm is to be used to encrypt a message.

  • If this policy setting is Enabled, then you can specify one of the following encryption algorithms: default, triple DES, DES, RC2 128-bits, RC2 60-bits, or RC2 40-bits.

  • If this policy setting is Disabledor Not Configured, then the default encryption algorithm is used.

Negotiate encryption algorithm

This policy setting allows you to specify whether the Inbox application can negotiate the encryption algorithm in case a recipient's certificate does not support the specified encryption algorithm.

  • If this policy setting is Enabled, then you can choose to specify that the Inbox application cannot negotiate the encryption algorithm, or that it can negotiate to a strong algorithm or to any algorithm.

  • If this policy setting is Disabledor Not Configured, then the Inbox application cannot negotiate the encryption algorithm.

Allow soft certificates

This policy setting allows you to determine whether software certificates can be used to sign outgoing messages. You can use this security policy with a tool that you create to allow people to import certificates.

  • If this policy setting is Enabledor Not Configured, then software certificates can be used to sign messages.

  • If this policy setting is Disabled, then software certificates cannot be used to sign messages.

See Also