[Exchange] ActiveSync Encryption for Mobile Devices


The Information Security Office and the Exchange support team have collaborated to create and test ActiveSync mailbox rule changes that will go into effect on May 5, for ITS departmental staff members. This change will require that any smartphone/tablet trying to check University email via Exchange have the following three security settings in place:

  • A passcode of at least four digits or password (All Users, If you forget your PIN or Password, You will be required to do a Factory Reset on your device to regain access.)
  • Auto-lock set to 10 minutes or less
  • Encryption

Recommendation:

Android Users, Please backup your device information before running the encryption, there is a possibility when trying to encrypt the device that it could fail and a Factory Reset may need to be done to restore the device.  When this occurs this means there is a potential to lose data for Call Logs, Contacts, Instant Messaging, photos and other data for applications.

Please use the matrix below to find your Device’s Operating System (OS) to determine if native encryption is available. If it is not available, you can use Outlook Web App, or you can choose to use a third party mail application like Touchdown (30 day free trial) Nine (10 day free trial), or Mail Wise (Free).

 OS Version OS Name  Native Encryption Available?  Time to Encrypt? Battery Life Required?  Pin/Password  Notes
 iOS 3.1 or greater  iOS  Yes  5 mins  NA  Pin  Encrypted automatically when passcode & auto-lock are set
 Android 5.x  Lollipop  Yes Up to an hour 80%, Recommend to plugin charger  PIN or Password  Upgrade or New Phones Factory Encrypted
 Android 4.4.x  KitKat  Yes Up to an hour 80%, Recommend to plugin charger  PIN or Password
 Android 4.1 – 4.2  Jelly Bean  Yes One hour or more  100%, Recommend to plugin charger  PIN or Password
 Android 4.0  Ice Cream Sandwich  Yes One hour or more  100%, Recommend to plugin charger  PIN or Password
 Android 3.0  Honeycomb  No, Use third part application Varies based on device Recommend to plugin charger  PIN  or use Outlook Web App to access email
 Android 2.3  Gingerbread  No, Use third party application Varies based on device Recommend to plugin charger  PIN  or use Outlook Web App to access email
 Android 2.2  Froyo No, Use third part application Varies based on device Recommend to plugin charger  PIN  or use Outlook Web App to access email
 Android 2.0  Eclair No, Use third part application Varies based on device Recommend to plugin charger  PIN  or use Outlook Web App to access email
 Android 1.6  Donut No, Use third part application Varies based on device Recommend to plugin charger  PIN  or use Outlook Web App to access email
 Windows Phone 8 or 8.1 update 1  Yes  One hour or more 80%, Recommended to plugin charger  PIN  Encrypted automatically when passcode & auto-lock are set
Windows 8.1 users:The Microsoft native mail application does not support Microsoft ActiveSync. To access your email on this device please use Outlook email that comes with Office or Outlook Web Access.

 In order to Set a Pin or Password, Set Auto-lock time, and turn on Native Encryption for your device please follow the instructions for your OS.

iOS

NOTE: Encryption is automatically turned on when passcode is set.

  1. Tap Settings.
  2. Tap General.
  3. Tap Auto-lock (choices are 1-5 minutes).
  4. Tap Settings.
  5. Tap Touch ID & Passcode (enter a 4 digit passcode).

Android 5.0

(Upgrade only)

NOTE: Before you begin encryption, the phone must be 80% charged and connected to the charger.

  1. Go to the Settings App.
  2. Tap Lock Screen.
  3. Choose Screen Lock to set a PIN or Password (Skip this step if this is set.)
  4. Choose Lock Automatically to set the Auto-lock time (Choose a time that is 10 mins or less).
  5. Go back to Settings
  6. Tap Security.
  7. Tap Encrypt Device, then ‘Encrypt SD card’.
  8. A 4 digit PIN or a password is required to be set, if not already set.

Android 4.4

NOTE: Before you begin encryption, the phone must be 80% charged and connected to the charger.

  1. Go to Settings.
  2. Tap Security.
  3. Choose Screen Lock to set a PIN or Password (Skip this step if this is set.)
  4. Choose Automatically Lock to set the Auto-lock time (Choose a time that is 10 mins or less).
  5. Go back to Security.
  6. Chose Encrypt phone/tablet, then ‘Encrypt SD card’.
  7. Tap Next and Enter PIN.
  8. Tap Encrypt phone/tablet.
  9. Phone will reset several times, then ask for PIN to finalize the process.

Android 4.1

NOTE: Before you begin encryption, the phone must be 100% charged and connected to the charger.

  1. Go to Settings
  2. Tap Security
  3. Choose Screen Lock to set a PIN or Password (Skip this step if this is set.)
  4. Choose Automatically Lock to set the Auto-lock time (Choose a time that is 10 mins or less).
  5. Go back to Security.
  6. Chose Encrypt phone/tablet, then ‘Encrypt SD card’.
  7. Tap Next and Enter PIN.
  8. Tap Encrypt phone/tablet.
  9. Phone will reset several times, then ask for PIN to finalize the process.

Android 4.0

NOTE: Before you begin encryption, the phone must be 100% charged and connected to the charger.

  1. Go to Settings.
  2. Tap Security.
  3. Choose Screen Lock to set a PIN or Password (Skip this step if this is set.)
  4. Choose Automatically Lock to set the Auto-lock time (Choose a time that is 10 mins or less).
  5. Go back to Security.
  6. Chose Encrypt phone/tablet, then ‘Encrypt SD card’.
  7. Tap Next and Enter PIN.
  8. Tap Encrypt phone/tablet.
  9. Phone will reset several times, then ask for PIN to finalize the process.

Windows Phone 8

When Active Sync is enabled on an existing Exchange account for Windows Phone you will be giving the following prompt:

“Create a new password

Your phone’s security policy has changed, so you’ll need to change your lock screen password. Here are the new requirements.
Must have at least 4 digits
Select “Set” to add the password.

If you select “Set” you will be prompted to create a pin.“

To verify that the device is encrypted on Windows Phone 8, please do the following:

  • Go to Settings.
  • Tap Storage Sense
  • Under the Phone listing you should see the amount of storage used and the word “Encrypted”.

Windows Phone 8.1 update 1

When Active Sync is enabled on an existing Exchange account for Windows Phone you will be giving the following prompt:

“Create a new password

Your phone’s security policy has changed, so you’ll need to change your lock screen password. Here are the new requirements.
Must have at least 4 digits
Select “Set” to add the password.

If you select “Set” you will be prompted to create a pin.“

To verify that the device is encrypted on Windows Phone 8.1, please do the following:

  • Go to Settings.
  • Tap Storage Sense
  • Under the Phone listing you should see the amount of storage used and the word “Encrypted”.