WaTech provides information to implement and support ActiveSync in State agencies. The WaTech Mobile Messaging team seeks to provide relevant industry related news that may impact users. We welcome your feedback - contact us at firstname.lastname@example.org.
ActiveSync Helpful Links
- ActiveSync Approved Device List - This document contains the list of devices that have been tested to meet or exceed State OCIO Security Standards.
- ActiveSync End User Guide - This document is a template to assist agencies with developing their End User training / guide.
- Must know ActiveSync PowerShell commands - This is a list of frequently used PowerShell commands that agency support can use to administer their users.
- Apple iPhone or iPad Activiation Process - Step by step process for activating Apple devices on ActiveSync.
- ActiveSync Troubleshooting Essentials v.1 - Step by step process for troubleshooting a variety of ActiveSync issues.
- ActiveSync – Distributed Agency Device Testing Process - Detailed process for agencies doing their own testing & approval of new ActiveSync devices for the ActiveSync Approve Device List.
- ActiveSync Device Test Matrix - Test matrix used for testing all devices for the ActiveSync Approved Device List.
Why is the State offering ActiveSync?
Washington Technology Solutions (WaTech) is offering ActiveSync as an example of meeting Governor’s Directive 09-02. ActiveSync is expected to optimize the value of IT by concentrating email services from across state agencies into a central service. Also, WaTech announced 2012 that it will sun set the existing BlackBerry service June 2013; it is being replaced by ActiveSync.
What is meant by "ActiveSync approved mobile device?"
WaTech & other agencies test and approve mobile devices for use with ActiveSync. Testing is required to insure that each ActiveSync device meets or exceeds State OCIO policies. Fact: Each smartphone and its operating system interpret the Exchange ActiveSync policies that are pushed to agency mobile devices differently. This gap of interpretation between mobile devices and ActiveSync policies is so large that thorough testing of each device model is required to insure OCIO compliance, this is why State agencies & WaTech established the ActiveSync Approved Device List. This list provides detailed information about each approved device & information about devices that have failed testing. The list is intended to help agencies make informed purchasing decisions about specific devices for their agency staff using ActiveSync. This approved device list is updated regularly by the WaTech Mobile Messaging group. WaTech ActiveSync Approved Device List
Note: ActiveSync approved device test results on Apple devices to-date have not varied from model to model or from iPhone to iPad. ActiveSync test results on Android devices present the largest variance and require ‘device model’ level testing. ActiveSync test results on Windows 8 phones to-date have not varied from model to model similar to Apple devices, but device model level testing is still being done, given this a new product with little history.
Will agencies be delegated the ability to add approved devices to the Exchange environment?
No, this will be managed by WaTech, however, if an agency would like a device of their choice added to the approved device list, then they can follow the ActiveSync Distributed Agency Testing Process.
How does an agency get a specific device on the ActiveSync Approved Device list?
Follow the ActiveSync Distributed Agency Device Testing Process, test the device using the ActiveSync Device Test Matrix, complete the test matrix and have your agency’s CIO email the completed matrix and the test results to WaTech Mobile Messaging email@example.com. Note: If an agency tests a device regardless of whether it passes or fails, the agency CIO emails the completed test matrix and test results to WaTech Mobile Messaging so that those test results can be posted on the ActiveSync Approved Device list – both approved & failed devices are on the list & starting March 2013 the reason[s] for device failing are posted too.
My personally-owned device is on the approved list. Can I use ActiveSync?
There are a couple of things you need to do prior to using ActiveSync. First you will need to work with your supervisor to determine if a personally-owned device or a state owned device is appropriate for the type of work you do. If you use your personal mobile device for state business, your device may become subject to laws surrounding public records requests, litigation requirements or agency personnel issues for anything for any and all data and/or meta data. WaTech or your agency may need to wipe your mobile device without notice if the device is suspected of being compromised and poses a threat to the state; if a technical issue arises that requires the mobile device to be wiped; if the user violates State policies concerning use of the device; if the State account associated with mobile device is disabled; or if the owner of mobile device has resigned, been terminate, or suspended without pay.
If my device is remotely wiped, will it erase all my data?
Yes. All stored information (text messages, photographs, contact list information, calendaring, and user settings) are erased from the device and will be set back to factory settings.
How do I set up ActiveSync?
This process varies based on agency policy. Please contact your supervisor and/or your agency’s Help Desk to determine next steps.
What if I attempt to sync a device that is NOT on the ActiveSync Approved Device list?
You will receive a quarantine email and will not be able to sync your device. You will need to delete the email account from your phone, and the system administrator will need to remove that device from your account prior to you being able to sync a device that is on the approved list.
What if I don’t do anything once I am in quarantine? Will that affect my device?
No, it will not affect your device; you just won’t be able to sync. Agency System Administrators can run a script to see who is in quarantine.
Who do I contact if I am having issues with syncing my device?
Contact your agency’s ActiveSync support staff or your agency’s Help Desk.
ActiveSync Technical Resources & 'Tips and Tricks'
- Must know ActiveSync PowerShell commands. This is list of frequently used PowerShell commands that agency support can use to administer their users.
- A user’s mailbox must be ‘Enabled’ in Exchange for ActiveSync to function.
- The mailbox policy enabled for a specific device for a user must meet or exceed OCIO requirements.
- Customer agency support staff is responsible support and testing of ActiveSync BYOD devices & State owned devices. NOTE: WaTech will continue to test major devices released and new OS update and will assist small agencies with limited IT resources with testing devices.
- The Recovery Password in OWA for any Apple devices is not enabled & does not function. If a user forgets their password, then device must be wiped, deleted & reactivated.
- All Apple devices should be in Policy1 or Policy1-Encryption. Policy2 & Policy3 will work; however, Password requirements exceed OCIO requirements.
- To encrypt an Apple or Android device requires the device be fully charged [100%] and/or plugged into a power outlet during the encryption process.
- What do we do with users with more than 1 device that should be in different policies?
ActiveSync Roles & Responsibilities
- Define policies in the best interest of the Enterprise service offering.
- Ensure ActiveSync is disabled on existing mailboxes prior to rollout.
- Define and update list of approved devices.
- Create and maintain ActiveSync mailbox policies in the Exchange 2010 environment. This includes a default policy which will be applied if an agency policy is not chosen.
- Publish documentation to assist agencies with ActiveSync implementation and management.
- Procure devices and wireless plans (Existing BlackBerry data plans can be converted to ‘generic’ data plans at no cost to agencies. A simple phone call to the wireless carrier to covert data plans can be done in minutes.)
- Ensure when new mailboxes are created, ActiveSync is disabled.
- Determine if desired mailbox policy requires the Microsoft Ecal.
- Customize WaTech provided documentation templates to meet customer’s specific needs.
- Train and support end users: This includes training agency staff on how to ‘self-service’ ActiveSync issues via the user’s OWA account.
- Ensure that any agency staff using ActiveSync has signed a personal device access request form prior to activation.
- Set the ActiveSync mailbox policy for each user prior to activation.
- Provide assistance to end user’s during activation. This may include installation & maintenance of desktop software and/or 3rd party accounts (e.g. iPhone) that are a prerequisite for activation.
- Maintain the agency’s fleet of mobile devices and ensure all devices and OS levels are within the guidelines and device standards provided by WaTech.
- Review logs for quarantined device requests and make note of any trends.
- Provide ongoing support to end users.