06 Mar ActiveSync- The recommended way to connect your mobiles devices to MDaemon
For many years now its been common place for users to need access to their business email, calendars and contacts on their mobile devices. Over the years there have been different ways to achieve this, but by far the easiest to setup and the option with best support for access from any connection is ActiveSync.
ActiveSync was added to MDaemon way back in 2013 and has seen multiple updates and revisions, maturing into a very stable client access method and has become our connection method of choice for all mobile devices.
So why not just connect using IMAP and SMTP?
It may be tempting to create a connection on your phone to MDaemon choosing IMAP and SMTP services and with a few extra steps this can be configured to work. However, there are some key advantages of ActiveSync over plain IMAP/SMTP:
- ActiveSync is an extremely easy setup procedure especially when using Auto Discover DNS records.
- Additional Synchronising of Personal, Shared and Public Calendar and Contacts folders.
- ActiveSync uses HTTPS which is very unlikely to be blocked by network providers unlike SMTP that is often blocked on public networks.
- Native support in Android and iOS means no need to install 3rd party apps linking directly into device calendar and triggers device notifications.
- ActiveSync devices can be remotely wiped completely or just the mailbox data wiped when lost or stolen.
- Server side searches of mailbox data.
So whats this Autodiscover record you mentioned?
In order to setup any client to connect to your MDaemon server using ActiveSync the client needs to know what server to connect to.
Historically this was something the users would have to enter in when setting up the account along with the username and password. An autodiscover record is a DNS ‘CNAME’ record that is specifically created to simplify this setup procedure. It is a record created on the domain of the email address ( the username).
So lets say the the username is firstname.lastname@example.org then you would create a dns ‘CNAME’ record for autodiscover.bloggs.com and point it to the mail server address typically mail.bloggs.com.
So now all the user needs to know in order to setup their client is the email address and password for their account. The client will check to see if the autodiscover record exists for that domain and if it does can find the server it should be connecting to automatically.
One less step for the end users and speeds up client setup procedures.
The Outlook app supports ActiveSync why can I not use that?
We often get asked about clients using the Microsoft Outlook app on their mobile devices, I mean its Outlook right?
Well no actually far from it.
The Microsoft Outlook app was developed as a way for Microsoft to simplify the setup of clients connecting to hosted and on-premise Exchange platforms as well as Office365 and other Active Sync mail services. It aims to bypass most of the connection issues public firewalls can add and secure the connection by proxying the connection via Microsoft Proxy services.
Sp when you setup the Outlook App as a client what you are actually doing is providing Microsoft with the login details for your mailbox and asking their servers to connect for you, collect your email and then present it to the client as needed.
This really does add a whole additional layer of access to your email data by Microsoft, and where some users may be OK with this, we would suggest you proceed with caution – from a data protection point of view this is not ideal to say the least.
As an end user you will never know who has access to this data and even if deleted if the ‘cached copy is also removed.
We would always recommend mobile users should where possible stick to the native Android and iOS email clients as these are direct connections from the device to your server.
Why would I want to remote wipe a phone?
Day to day admins don’t usually need to remote wipe users mailboxes or devices , however in the now common BYOD world we live in it is a constant admin worry that the sensitive company data is traveling around on many user devices that the Admin has no control over. What Happens if any of these devices gets stolen. Sure you can change the password on the users account so new email cannot be downloaded but all of the existing cached data is still there to be seen by the thief and depending on that data could prove useful.
With Active Sync, Clients acknowledge that they are happy for the server admin to be able to issue control over there device an a ‘device admin’ when they first setup there account. from there on should the time occur the admin can issue either a data wipe ( to remove the mailbox data for that account) or a full device wipe to factory reset the device. reducing the risk of the data being accessible if in the wrong hands.
I have a 50 user MDaemon licence do I need a 50 ActiveSync user licence?
No not at all – ActiveSync licences can be purchased for the number of accounts that need to add devices using it. One user only needs one licence even if they connect 4 or 5 devices using ActiveSync and if you have users that don’t need Active Sync you don’t need a licence for them. Its quite often the case that an MDaemon licence has a smaller number of ActiveSync licences than the main MDaemon user account licences. Also, you can always upgrade to a larger number later should you need to.
So what if I work away from the office with a laptop running Outlook?
No problem Outlook also fully supports ActiveSync nativity and is a great option for Outlook users that need access in and out of the office as the connection is over HTTPS so no need to run different profiles when users jump between networks.
It’s a good alternative to MDaemon Connector for users who need a simple to setup access method that works from all locations.