Android and major company secure email

[Carterman32]

Hello,

I have a question about how to set up my phone for a company Exchange server. I work for a major company and own an Android phone with Touchdown. According to the company, they only support Blackberries and Iphones, which stinks, because I don't want to carry around two phones just to get my work email.

I've asked IT numerous times about Android support, and their answer is, "they're testing it." My question is, since I can log onto a secure owa server at home that gives me information like "Outlook Web Access Host Address" and "Mailbox server name," shouldn't I be able to setup my Android/Touchdown to receive email from their system?

I'm thinking they just want users to believe there is no way to do it, but I'm hoping that someone more knowledgable than me will be able to explain how I can receive my work email on my Android device.

Thanks.

 

[sitlet]

If its a true Exchange server, it should work fine on android.

 

[Eugene]

A lot of large companies forbid mixing company and personal data on one device so it may be a moot point anyway. Mine just relaxed their policy and issued us blackberries and will allow us to pay half the plan to use it for personal use but its so locked down its useless.

 

[lunatic59]

Since the company permits you access to your company mailbox from home, and it's an exchange server. Your phone should work just fine. The caveat, as your IT dept. told you, is they won't support it, so if something goes amiss, you're stuck with support from goobers like us

 

[chawski]

I wouldnt see any problem from getting email on a android. just out of curiosity, how much IT support to people generally need for email. Its one of those things that pretty much just works...

 

[Benjie]

It will work. The company I work for uses Exchange and I used precisely the same settings I had with my TP2 and gosh, it worked fine. It really is nothing more than a settings thing. Evo.

 

[lunatic59]

I wouldnt see any problem from getting email on a android. just out of curiosity, how much IT support to people generally need for email. Its one of those things that pretty much just works...

You'd be surprised, especially if they have "VP" in their title

 

[Carterman32]

You'd be surprised, especially if they have "VP" in their title

I don't think you guys are understanding. The company must have some way of blocking Android on their exchange server. When I input the server information into Touchdown, it does not work. When I've called the IT department, they've said that Android is not supported (even though they use Exchange 2007).

I can use my phone's web browser to go to their secure OWA site, but I can't get push email on my Android.

They must have some way to block push email, because even if you have a supported phone (e.g. Iphone), you need to fill out a form and then they send you something that allows you to hook up to their server.

Does this sound right?

 

[lunatic59]

They must have some way to block push email, because even if you have a supported phone (e.g. Iphone), you need to fill out a form and then they send you something that allows you to hook up to their server.

Does this sound right?

Sounds like they require a certificate to authenticate on the exchange server. They certainly could send you the certificate and it should work, but because the IT dept. says it's not supported, they apparently aren't going to. Why not volunteer to be a beta tester for Android on their server?

 

[A.Nonymous]

I don't think you guys are understanding. The company must have some way of blocking Android on their exchange server. When I input the server information into Touchdown, it does not work. When I've called the IT department, they've said that Android is not supported (even though they use Exchange 2007).

I can use my phone's web browser to go to their secure OWA site, but I can't get push email on my Android.

They must have some way to block push email, because even if you have a supported phone (e.g. Iphone), you need to fill out a form and then they send you something that allows you to hook up to their server.

Does this sound right?

You're setting it up wrong more likely than not. I work in IT and manage several Exchange servers. If you turn on ActiveSync there's no way that I know of to block certain types of devices from connecting. You may be able to block a particular Android phone, but I know of no way to block all phones. It's possible that ActiveSync isn't set up for your account and they have to move you into the OU that allows it. My phone works with my company's server with TouchDown and ActiveSync is not turned on on the phone though.

 

[takeshi]

According to the company, they only support Blackberries and Iphones, which stinks, because I don't want to carry around two phones just to get my work email.

If they support iPhones then Android will work just fine as both support ActiveSync for connecting to Exchange servers.

I'm thinking they just want users to believe there is no way to do it, but I'm hoping that someone more knowledgable than me will be able to explain how I can receive my work email on my Android device.

Just be aware that some companies have very strict policies regarding what devices can an cannot be connected to their Exchange servers. While something may be possible, it may also lead to getting you fired or reprimanded. I'd make sure to clarify all that first.

If its a true Exchange server, it should work fine on android.

"True" doesn't mean a thing. The admins can enable and disable various forms of access in Exchange environments. Not all Exchange environments are set up identically. We only offer BES (Blackberries), for example.

Since the company permits you access to your company mailbox from home, and it's an exchange server. Your phone should work just fine.

That's not a guarantee. Access from home doesn't automatically mean Android support.

 

[lunatic59]

That's not a guarantee. Access from home doesn't automatically mean Android support.

It wasn't a statement about technical ability, but more about the company policy.

 

[Eugene]

It wasn't a statement about technical ability, but more about the company policy.

Access through OWA dosn't mean e-mail on a device. OWA doesn't store anything on the client where having e-mail setup on your phone may.

 

[miiike]

If you turn on ActiveSync there's no way that I know of to block certain types of devices from connecting.

Although you cannot block certain devices from connecting, you can have ActiveSync enabled on the CAS and block RPC over HTTPS along with ActiveSync for a specific user. I do this for all except IT and the VP's. It's very possible you are allowed to access Outlook Anywhere and have ActiveSync disabled for your account.

Set-CasMailbox -ActiveSyncEnabled $false -MAPIBlockOutlookRPCHTTP $true

 

[A.Nonymous]

Although you cannot block certain devices from connecting, you can have ActiveSync enabled on the CAS and block RPC over HTTPS along with ActiveSync for a specific user. I do this for all except IT and the VP's. It's very possible you are allowed to access Outlook Anywhere and have ActiveSync disabled for your account.

Set-CasMailbox -ActiveSyncEnabled $false -MAPIBlockOutlookRPCHTTP $true

Really? That's interesting information. I didn't know you could block ActiveSync on a user by user basis. Is this just on 2010 or 2007 as well? I'm gonna bet you can't do it on 2003 which is what the majority of our clients are using.

 

[miiike]

It's available through the Exchange Shell in 2007 and 2010 (the 2010 cmd-let may be slightly different, refer to TechNet). Not sure about 2003.

 

[Kerberos73]

Hi forum!

I do also have the same problem, my company have until today supported Android phones, but now there is a server policy in place so my android phone is blocked.

Just wondering, is there a way to make my mail application report as a iPhone or Windows phone, to fool the exhange server to belive it is a windows phone?

 

[Eugene]

My big company uses an app called Good, its kind of a sucky app in that its too iphone like but at least I can get my mail

 

[level]

It's available through the Exchange Shell in 2007 and 2010 (the 2010 cmd-let may be slightly different, refer to TechNet). Not sure about 2003.

on 2003 you can disable activesync for user in the active directory under the tab:
exchange features
user initiated synchronization

if you disable it , user cannot sync!

 

[level]

Although you cannot block certain devices from connecting, you can have ActiveSync enabled on the CAS and block RPC over HTTPS along with ActiveSync for a specific user. I do this for all except IT and the VP's. It's very possible you are allowed to access Outlook Anywhere and have ActiveSync disabled for your account.

Set-CasMailbox -ActiveSyncEnabled $false -MAPIBlockOutlookRPCHTTP $true

on 2010 you can block device family (android,iphone,ipad,touchdown)
and/or device model (GT-I9000T , GT-I9100,Galaxy Nexus,nokiaE71 ...)

this is down on the Exchange control panel (ECP Web Page)
under phone and voice,activesync policy,device access rules.

 

[Allybee]

It is actually possible to block Android on any version of Exchange if you are publishing EAS via ISA server. Blocking Android client will simply not allow Android devices to sync, as they never reach Exchange Client Access Server.
Company I work for simply blocks requests that contain Android and Touchdown in the Request URL signature. I'm looking for a way to replace signature in the requested URLs - this would allow me to use Android against company Exchange system.