Exchange ActiveSync Policy Compliance Test
Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users. With the help of these policies, Exchange administrators can indicate what specific devices – thus users – connecting to ActiveSyc, can do.
EAS policies are applied to users; each user can have zero policies or one EAS policy at any given time. If you don't explicitly assign a policy to a user, the default policy is applied instead. During the initial sync of a new device (that is, one that has not been synchronized to the server before), the device and server exchange what EAS calls a policy key. Think of the policy key as a GUID or MAC address; it's a unique key that indicates one specific policy. If the device and server keys do not match, the device is required to request the most recent policy and then apply it. The process of applying a policy to the device is known as provisioning. On most devices, the user will see a dialog box indicating that the server is applying a policy and asking whether to accept it. If the user declines the policy, the server might or might not allow the device to continue to sync to it; the exact behavior depends on whether the default policy on the server allows non-provisioned devices.
Not every device that connects to ActiveSync will implement every setting defined in a policy; some devices may even lie about the policy settings that they implement. Hence, the onus of determining the number of devices that comply with the policy settings and to what extent is the compliance, lies with the administrator. To determine this, administrators can use the Exchange ActiveSync Policy Compliance test. This test reports the count and percentage of devices connecting to ActiveSync that are fully compliant, partially compliant, and completely non-compliant with their mailbox policies. This way, the test reveals the degree of compliance to configured policies.
Target of the test : A Microsoft Exchange 2013/2016 server
Agent deploying the test : An internal agent
Outputs of the test : One set of results for each type of compliance – Compliant, Partially compliant, Not compliant, Unknown
|
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Total hits: |
Indicates the number of devices currently accessing ActiveSync that are of this compliance type . |
Number |
Compare the value of this measure across compliance types to know how compliant the maximum number of devices are - fully compliant? partially compliant? non-compliant? or unknown? (i.e., the compliance level cannot be determined) |
Hits ratio: |
Indicates the percentage of devices currently accessing ActiveSync that are of this compliance type. |
Percent |
Compare the value of this measure across compliance types to know the degree of compliance of devices accessing ActiveSync - fully compliant? partially compliant? or non-compliant? or unknown? (i.e., the compliance level cannot be determined) |