Whats the best way to provision and secure WM6.1 for a small team?

[Guest ghm101]

Best way to secure 10 Phones?

Hi

Our office just upgraded to WM6.1 (TyTN II) from orange, and I would like to see that they have a decent level of security. Sort of thing I would like to do would be

• Insist on device PIN (or password)

• Encrypt the data - device and mem card

• Auto set some Exchange sysc settings

• Set some default behaviour

• Maybe even remotely wipe them if lost

other stuff? etc

Other than individually configuring each phone, what is the easiest way to set these devices up to provide a minimum standard configuration.

I have had a quick look at Microsoft System Center Mobile Device Manager which would do the job, but it seems to be suited for larger organisations – seems to involve a gateway server in the DMZ another server in the corporate intranet etc etc. In short seems like too much overhead for a small office, or am i missing something here and is there a "lite" config possible.

I best I am best off just lining them all up and going thru them one at a time but is there another way?

Cheers

Greg

[Guest ghm101]

Also, anyone got a good list of things that should be considered for securing this type of device?

[Guest jimbouk]

Do you have an exchange server? If so you can set up pretty much everything you need.

If not, you can rent exchange accounts from hosted providers and set the security as required.

[Guest ghm101]

We have exchange server but not an exchange guru.

Can you outline the steps involved with a few bullet points?

EDIT - ahah! I found this - seems to cover the how.

http://www.microsoft.com/technet/solutiona...loy/msfp_8.mspx

Do you have an exchange server? If so you can set up pretty much everything you need.

If not, you can rent exchange accounts from hosted providers and set the security as required.

Edited September 9, 2008 by ghm101

[Guest M@rkC]

If you're using Exchange 2003 (w/SP2), then you don't have such "granular" control as you do with Exchange 2007; the Exchange ActiveSync policy is better on E2K7 and allows you to disable various components, as well as forcing encryption of email attachments on the storage card etc. (it even gives you the ability to restrict Exchange access to known devices only - by setting up MAC address access lists).

Search around on Jason Langridge's blog, as he's posted some useful articles/links to various device setup/provisioning tasks......not that this site doesn't have a good deal of information ;)

This link - http://www.microsoft.com/technet/solutiona...fpdepguide.mspx - is a good starting point for a new deployment (assuming you are using E2K3 SP2!)......

Cheers,

Mark.