One of the questions I consistently get asked during conferences is: "Does ActiveSync support RSA SecurID?". This is a two-part answer. The short answer is "Yes, Windows Mobile and Exchange Act...
Updated Jul 01, 2019
Version 2.0
Blog Post
Is your question specific to RSA, or more general to allowing devices to sync with your Exchange server?
For Secure ID implementations, the user will need to get the Secure ID FOB from IT, so there is some "touch" required.
From a general perspective, the decision on how much "touch" IT will want to have in an EAS deployment is based on two main factors:
- Support Costs
- Security requirements
Security Costs - EAS is implemneted through many mobile operating systems, and as a result the more devices allowed to sync to a company's Exchange server the greater the support cost (due to the nuances of each device implementation). There may be other support reasons as well...
Security Requirements - Some companies have strict corporate security policies and only a select number of devices in the market are able to satisfy. A company may require that all devices be capable of a local wipe if the password was entered incorrectly for a specific number of times. Another company may require the user of passwords of a certain length or specific characters used in the password.
It is for these two aforementioned reasons that some companies have choosen to control EAS access by blocking sync for all users (by default) and then individually enabling each user to sync once they have received the company supported device. One thing to note about this type of approach is that once a user is enabled to sync, they can add other devices that may not be "company supported".
For Secure ID implementations, the user will need to get the Secure ID FOB from IT, so there is some "touch" required.
From a general perspective, the decision on how much "touch" IT will want to have in an EAS deployment is based on two main factors:
- Support Costs
- Security requirements
Security Costs - EAS is implemneted through many mobile operating systems, and as a result the more devices allowed to sync to a company's Exchange server the greater the support cost (due to the nuances of each device implementation). There may be other support reasons as well...
Security Requirements - Some companies have strict corporate security policies and only a select number of devices in the market are able to satisfy. A company may require that all devices be capable of a local wipe if the password was entered incorrectly for a specific number of times. Another company may require the user of passwords of a certain length or specific characters used in the password.
It is for these two aforementioned reasons that some companies have choosen to control EAS access by blocking sync for all users (by default) and then individually enabling each user to sync once they have received the company supported device. One thing to note about this type of approach is that once a user is enabled to sync, they can add other devices that may not be "company supported".