• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

microsoft exchange forces screen lock

K

Kragen2179

Lurker
Hi, I have a HTC One, and I have had it connected to my work's exchange server for a few months now.

Last week they upgraded (long overdue) and are now running a windows 8 server.

The first time after the upgrade I my phone asked me to create a password for exchange security. So I did.

But instead of requiring the password to access my exchange, it has set a lock screen on my phone so every time I go to check a text or Facebook I now have to enter this password.

Any ideas how to keep exchange happy without requiring a lock screen?
 
There's nothing in Exchange, at least up to Exchange 2010 (and I doubt it for Exchange 2013), that would cause that. It must be something in the email app. You may want to try an alternate email app. However, finding one that supports the latest versions of Exchange may be tough.
 
Hi

I'm using the stock HTC Sense email app, as I said nothing happened until my work upgraded to Windows 8. I have googled this and found a number of topics on the subject.
So I know it is an issue both on iPhone and Android. Most people talking about it have company phones whereas I am using my own personal phone to access the exchange server.
 
Interesting. I wonder if it's related to Exchange 2013 or somehow related to an extended Active Directory domain schema (usually required when installing a new version of Exchange) or Server 2012 AD functional level.

What's really intriguing, though, is that it manages to affect mobile devices in that manner; I didn't realize that any mobile OS, let alone both Android and iOS, have any level of obedience to a remote Windows server. Even a Windows computer doesn't let a Windows server boss it around if the computer is not a domain member. Android and iOS don't have the ability to join an Active Directory domain.

Can you give me some search terms that produced the topics on this subject? My searches keep coming up with unrelated stuff. I may or may not get ideas from your search that will help you, but there's probably something there relevant to my job.

For what it's worth, I suspect that experimenting with other email apps may help. I prefer to use the stock app when it's good enough, but if it's giving you a hassle then it might be time to try something else.
 
from what i've read on this issue, it's your company's IT people setting security policy that requires phones accessing the email system to have a lock on them in case of lost/stolen phones.

it's not a requirement, but it's a simple thing that helps them keep their data secure.
 
Hi the search term I used was
exchange forces lock screen android
Click to expand...

I have been speaking with out IT guy at work and he has run into the same problem on his iPhone lol - I think he said he's going to try and turn something off server side so fingers crossed
 
Just to clarify - when I go into the security settings on my phone, under the screen lock options, None, Face, and Pattern are greyed out with the message

Disabled by administrator, encryption policy, or credential storage
Click to expand...

leaving me with only pin and password unlock options
 
Wow! I still wonder how it works (I imagine that Microsoft requires it in the license for the info they provide for writing Exchange clients, and it's negotiated between the client and server and then the client requires appropriate control of its host OS), but I see that it is there.

If your IT department doesn't come through, your only hope is to find client software that disobeys the requirement...that definitely won't be the stock email app.

Here's how to configure the policy server-side using the GUI-based management tool:
Configure Device Password Locking: Exchange 2010 Help
  1. In the console tree, navigate to Organization Configuration > Client Access.
  2. In the work pane, click the Exchange ActiveSync Mailbox Policies tab, select an existing mailbox policy, and then click Properties in the action pane.
  3. Click the Password tab.
  4. Select the Require password check box.
  5. Select the Time without user input before password must be entered (in minutes) check box.
  6. Enter the inactivity time-out value in minutes.
  7. Click OK.
Click to expand...
I couldn't find a screenshot on an image search so I made one:
BZ5mEfj.jpg
 
You must log in or register to reply here.
Back
Top Bottom