No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

security settings for android - please advise

This question is answered This question is answered

I'm just trying to set up 365 email and calendar sync on my Android phone. At the end of the process, when I try to set up office 365 exchange server email, I get the following screen with choices to activate or cancel:

 

Update Security Settings > Activate device manager?

 

Then below, I see the list of permissions it is asking for with no choice to disable individual ones. Check this out! The list of permissions is alarming, especially the first ones:

 

Erase all data

Change Screen unlock password

set password rules

allow password recovery

allow password expiration

allow tracking of password history

minimum # of complex characters in password

Monitor screen unlock attempts

touch panel auto-lock (controls screen lock settings)

attachment control

attachment limits

maximum age of emails

max body size of email

allow html email

max body size of html email

max age of calendar events

require manual sync when roaming

allow pop and IMAP email

allow storage card (to enable or disable card)

allow camera (to enable or disable)

allow wifi (same)

allow text messaging (same)

allow internet use (same)

allow internet sharing (same)

allow bluetooth (same)

require device encryption

require SD card encryption

require messages to be S/MIME signed

require messages to be S/MIME encrypted

require signed S/MIME algorithm

require S/MIME algorithm encryption

allow S/MIME encryption algorithm negotiation

allow S/MIME software certificates

allow desktop sync

simple password control

 

I just want to sync email I don't want to use 365 to control my phone, nor would I ever want the vulnerability associated with allowing access to control of my phone via a cloud program that asks for all this. How do I set up sync without giving total permission to microsoft 365 to control my phone, or destroy my data?  I really read and consider app permissions and NEVER have I seen something like this.

Verified Answer
All Replies
  • Hi apihtv,

    Thanks for posting here.
    Exchange ActiveSync device policies control how uses use and synchronize their mobile devices in your organization. With Exchange ActiveSync Mailbox policies, it will manage ActiveSync and enhance the security of the device and the Exchange ActiveSync server by setting a common set of security settings to a collection of users. Administrators can modify its mobile device security and sync setting.

    For more information about ActiveSync device policy, please refer to the articles below:
    http://help.outlook.com/en-us/140/ff628673.aspx

    Understanding Security for Exchange ActiveSync
    http://technet.microsoft.com/en-us/library/bb430761.aspx

    Understanding Exchange ActiveSync Mailbox Policies
    http://technet.microsoft.com/en-us/library/bb123484(v=exchg.80).aspx
    Thanks,
    Grace Shi

     

     

     

    1 out of 1 people found this post helpful.

  • Thanks Grace!

    I'll ask our admin about device settings.

    apihtv

    1 out of 1 people found this post helpful.

  • Hi apihtv,

    We appreciate your update.

    If you have another questions when using Office 365, please feel free to post in the forum. We will be more than happy to be of assistance.

    Thanks,
    Grace Shi

    1 out of 1 people found this post helpful.

  • After reading your documents, I understand any Office365 admin can set the policies that will actually be enforced on a smartphone. However, I am concerned to give ANY administrator the rights to e.g. wipe my phone (which is my own) or determine if I am allowed to use the camera of my phone. So my question is - can I setup my phone to sync with Exchange WITHOUT granting permissions that are excessive from my point of view.

    Or alternatively, can the administrator of my domain set this up so that these permissions are not required for email sync?

    Thanks for your help!

    Michael

    1 out of 1 people found this post helpful.

  • Hi Michael,

    Thanks for your reply.
    If you need further assistance, please describe this issue in detail and post a new thread in this forum.  So that our support engineer will help you to solve this issue.

    Thanks,
    Grace Shi

    1 out of 1 people found this post helpful.