A lot of Exchange Administrators would like to enforce certain settings on all or a few of their mobile users who make use of the Exchange 2007 ActiveSync feature to sync their e-mails, contacts an...
Updated Jul 01, 2019
Version 2.0
Blog Post
I really wish these were not called "Policies", because they aren't. They're a group of common settings that must be manually re-applied to every mailbox you create. In Active Directory, "group policy" is automatically applied to the users it is scoped to. Why wasn't a similar approach used in Exchange?
For example, one of my pet peeves is that ActiveSync is automatically enabled for every new mailbox that gets created, and (as far as I can tell) this behavior cannot be changed. Don't get me wrong, I love ActiveSync, too, but in my organization not everyone should be permitted to use it. If I only have a small handful of users that use ActiveSync, I have to remember, each and every time I create a new user, to go back into the mailbox and disable ActiveSync. This is the kind of thing that a real "Policy" should address.
Moreover, these "policies" themselves need to be MANUALLY re-applied to every new mailbox. So even if it is appropriate for all new mailboxes to have ActiveSync enabled (my "pet peeve" from the paragraph above), I still have to remember to go back to each new mailbox and manually apply the appropriate policy. Wouldn't it make sense to be able to set an appropriate ActiveSync "policy" to apply, by default and automatically, to all new mailboxes? Why can't this be done?
This whole "policy" mess extends beyond ActiveSync -- Managed Folder "policies" suffer from the same problem. And it is really very counter-intuitive to what Microsoft administrators have come to enjoy about true policy-based administration available in other Microsoft products (like Group Policies in Active Directory).
Is there a plan to address these shortcomings? Please don't say PowerShell. PowerShell is great for what it is, but a script is not a substitute for a well-conceived policy application framework.
For example, one of my pet peeves is that ActiveSync is automatically enabled for every new mailbox that gets created, and (as far as I can tell) this behavior cannot be changed. Don't get me wrong, I love ActiveSync, too, but in my organization not everyone should be permitted to use it. If I only have a small handful of users that use ActiveSync, I have to remember, each and every time I create a new user, to go back into the mailbox and disable ActiveSync. This is the kind of thing that a real "Policy" should address.
Moreover, these "policies" themselves need to be MANUALLY re-applied to every new mailbox. So even if it is appropriate for all new mailboxes to have ActiveSync enabled (my "pet peeve" from the paragraph above), I still have to remember to go back to each new mailbox and manually apply the appropriate policy. Wouldn't it make sense to be able to set an appropriate ActiveSync "policy" to apply, by default and automatically, to all new mailboxes? Why can't this be done?
This whole "policy" mess extends beyond ActiveSync -- Managed Folder "policies" suffer from the same problem. And it is really very counter-intuitive to what Microsoft administrators have come to enjoy about true policy-based administration available in other Microsoft products (like Group Policies in Active Directory).
Is there a plan to address these shortcomings? Please don't say PowerShell. PowerShell is great for what it is, but a script is not a substitute for a well-conceived policy application framework.