Policy Manager

Administrative

Name

Specify a name for your custom policy here.

Description

Use this area to describe your custom policy. This description appears on the Apply Policy dialog when selecting a policy to apply to a domain, account, or client.

Preview Policy Document

Click this button to preview the XML policy document for this policy.

Require password

Check this box if you wish to require a password on the device. It is disabled by default.

Allow device to save 'Recovery Password' to server

Enable this option if you wish to allow clients to use ActiveSync's Recovery Password option, which allows a device to save a temporary recovery password to the server to unlock the device if the password is forgotten. The administrator can find this recover password under the client's Details. Most devices do not support this feature.

Password Type

Simple PIN

How this option is implemented is largely dependent on the device, but selecting Simple PIN as the password type generally means that no restrictions or complexity requirements are placed on the device password, other than the Minimum password length option below. This allows simple passwords such as: "111," "aaa," "1234," "ABCD" and the like.

Complex/Alpha-Numeric

Use this policy option if you wish to require more complex and secure device passwords than the Simple PIN option. Use the Complexity level option below to define exactly how complex the password must be. This is the default selection when a password is required by the policy.

Password Strength

Minimum length

Use this option to set the minimum number of characters that the device password must contain, from 1-16. This option is set to "1" by default.

Complexity level

Use this option to set the complexity level requirement for Complex/Alpha-numeric device passwords. The level is the number of different types of characters that the password must contain: uppercase letters, lowercase letters, numbers, and non-alphanumeric characters (such as punctuation or special characters). You can require from 1-4 character types. For example, if this option were set to "2", then the password must contain at least two of the four character types: uppercase and numbers, uppercase and lowercase, numbers and symbols, and so on. This option is set to "1" by default.

Password Options

Days until password expires (0=never)

This is the number of days allowed before the device's password must be changed. This option is disabled by default (set to "0").

Number of recent passwords remembered/disallowed by device (0=none)

Use this option if you wish to prevent the device from reusing a specified number of old passwords. For example, if this option is set to "2" and you change your device password, you will not be able to change it to either of the last two passwords that were used. The option is disabled by default (set to "0").

Minutes of inactivity before device locks (0=never)

This is the number of minutes that a device can go without any user input before it will lock itself. This password option is disabled by default (set to "0").

Wipe device or enter 'Timed Lockout Mode' after repeated failed password attempts

When this option is enabled and the user fails the designated number of password attempts, the device will either lock itself for a certain amount of time or perform a wipe of all data, depending on the device. This option is disabled by default.

Failed password attempts before device wipes or enters 'Timed Lockout Mode'

When the "Wipe device.." option above is enabled and a user fails this many password attempts, the device will be wiped or the 'Timed Lockout Mode' will be triggered, depending on the device.

Mail Settings

Allow HTML email

By default HTML-formatted email can be synced/sent to ActiveSync clients. Uncheck this box if you wish to send only plain text.

Allow attachments

Allows the device to download file attachments. This option is enabled by default.

Max attachment size in bytes (0=no limit)

This is the maximum size of attachment that can be automatically downloaded to the device. There is no size limit set for this option by default (set to "0").

Maximum characters of text body to transfer (-1=no limit)

This is the maximum number of characters in the body of plain text-formatted emails that will be sent to the client. If the message body contains more characters than are allowed, the body will be truncated to the specified limit. By default there is no limit set (option set to "-1"). If you set the option to "0" then only the message header is sent.

Maximum characters of HTML body to transfer (-1=no limit

This is the maximum number of characters in the body of HTML-formatted emails that will be sent to the client. If the message body contains more characters than are allowed, the body will be truncated to the specified limit. By default there is no limit set (option set to "-1"). If you set the option to "0" then only the message header is sent.

Maximum timeframe of mail to synchronize

This is the amount of past email, by date range from today, that can be synchronized by the device. By default this is set to "All," meaning that all email can be synchronized no matter how old it is.

Calendar

Maximum historical timeframe of calendar to sync

This is how far back from today that past calendar entries can be synchronized by the device. By default this is set to "All," meaning that all past entries can be synchronized no matter how old they are.

This tab is hidden unless you activate Enable editing of advanced policy options, located on the ActiveSync for MDaemon screen.

Connections Allowed

Bluetooth

Use this option to designate whether or not Bluetooth connections are allowed on the device. You can choose Yes to allow Bluetooth connections, No to prevent them, or Handsfree to restrict Bluetooth to Handsfree only. This option is set to Yes by default.

WIFI

Allows WIFI connections. Enabled by default.

Infrared (IrDA)

Allows Infrared (IrDA) connections. Enabled by default.

Internet sharing (portable hotspot)

This option allows the device to use Internet sharing (portable hotspot). It is enabled by default.

Storage

Require device encryption

Click this option if you wish to require encryption on the device. Not all devices will enforce encryption. This is disabled by default.

Allow storage card

Allows a storage card to be used in the device. This is enabled by default.

Require storage card encryption

Use this option if you wish to require encryption on a storage card. This is disabled by default.

Desktop sync

Allows Desktop ActiveSync on the device. Enabled by default.

Applications

Web browser enabled

Allows the use of a browser on the device. This option is not supported on some devices, and it may not apply to 3rd party browsers. It is enabled by default.

Camera enabled

Allows the use of a camera on the device. This option is enabled by default.

Consumer email enabled

Device allows the user to configure a personal email account. When disabled, the types of email accounts or services that are prohibited is entirely dependent on the particular ActiveSync client. This option is enabled by default.

POP/IMAP email enabled

Allows access to POP or IMAP email. Enabled by default.

Remote Desktop enabled

Allows the client to use Remote Desktop. Enabled by default.

Unsigned applications allowed

This option allows unsigned applications to be used on the device. This is enabled by default.

Unsigned installers allowed

This option allows unsigned installers to be run on the device. This is enabled by default.

Text messaging enabled

This option allows text messaging on the device. Text messaging is enabled by default.

Roaming

Require manual sync while roaming

Use this policy option if you wish to require the device to synchronize manually while roaming. Allowing automatic synchronization while roaming could increase data costs for the device, depending on its carrier and data plan. This option is disabled by default.