Exchange ActiveSync Password Requirements

Exchange ActiveSync is a push messaging component of Microsoft Exchange Server in order to relay messages or calendar events to mobile devices such as the Apple iPhone, Palm Treo, or Motorola Q, etc. For a list of supported devices, please click here.

• Device level password enforcement = Passwords are required*
• Minimum password* length = 4 characters
• This option specifies the minimum required length of the user's device password
• Inactivity timeout = 10 minutes
• This option specifies the number of minutes of inactivity before a user is prompted to log in again.
• Reset device (erase) after repeated login failures = 7 failed attempts
• Used to specify if you want the device memory wiped after multiple failed logon attempts.
• Remote device reset capability
• Allows the device memory to be cleared by issuing a command remotely.

*The term password referenced here refers to the password a user enters to unlock his or her handheld device. It is not the same as a network user password.

These rules outline a set of security settings to be implemented for all UCSF enterprise Exchange system users. Their purpose is to help ensure that smartphones utilizing the ActiveSync protocol  adhere to industry best practices and existing UCSF minimum security standards as cited in the UCSF Information Security and Confidentiality Policy 650-16.

These settings will be configured centrally and enforced on all handheld devices using the Microsoft Windows ActiveSync Protocol when connecting to the UCSF Exchange system.

UCSF Exchange system users will be required to comply with these rules. Users can contact their CSC’s for assistance in connecting devices and addressing any individual concerns. Legacy devices will be handled on a case-by-case basis. The intent of the proposed policy is to establish a reasonable security baseline for mobile devices connecting go to UCSF Exchange resources.