Topic '[iPhone] 3.1 breaks Exchange Sync for pre-3GS phones' in forum 'All Things Macintosh'

Topic '[iPhone] 3.1 breaks Exchange Sync for pre-3GS phones' in forum 'All Things Macintosh' - dslreports.com http://www.dslreports.com/forum/iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-22999133 en Wed, 08 Feb 2012 21:52:54 EDT Wed, 08 Feb 2012 21:52:54 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23096345 said by bbarrera:

If end-user device lock-down matters, then why aren't you running Blackberry Enterprise Server, or creating a white-list of approved mobiles for use with Exchange 2007 SP1?
Or using RSA SecurID to stop Sprint Mobile Email and other OWA based workarounds to side-stepping the server security policy for mobile clients.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23096345 Mon, 28 Sep 2009 16:12:08 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23093449 - owners of WinMo 5.x and 6.0 phones
- owners of Sprint phones, using Sprint's Mobile Email Services that grabs email from Outlook Web Access and forwards to the phone

The 2nd case exemplifies how opening up Outlook Web Access to Internet username/password login (w/o 2 factor auth) immediately allows a software app (like Sprint mobile email services) to talk directly with OWA, and broker email on behalf of a mobile phone, completely bypassing Exchange server mobile policies. To cut off those users, you'll need something like RSA SecureID to stop users hell-bent on sidestepping security policies.

iPhone users are the least of my worries, at least we've got a chance of remote wiping their devices.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23093449 Mon, 28 Sep 2009 01:57:58 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23093402 this is a problem that Microsoft created, to maintain backwards compatibility with Windows Mobile 5 and 6.0 devices (many of which can't be upgraded). When SP1 was rolled out I read Microsoft's release notes about the new ActiveSync policies, repeated here:

quote:
Exchange 2007 SP1 introduces new Exchange ActiveSync policy settings. The policy settings introduced in Exchange 2007 Service Pack 1 require Windows Mobile 6.1, or a later version, or other compatible mobile phone operating systems. Windows Mobile 6.0 and earlier versions only support the Exchange ActiveSync policy settings available in the original release (RTM) version of Exchange 2007. For more information about the additional Exchange ActiveSync policy settings, see New Client Access Features in Exchange 2007 SP1.

OK, its very clear that Microsoft allowed the servers to define a policy and for the mobiles to ignore it. Now go search the Exchange 2007 documentation and attempt to find as clear a statement as in the release notes for SP1. Good luck, what you'll find are high-level statements that sound like the device must obey the server policy. Does that mean that Microsoft lied about Exchange ActiveSync policies being mandatory?

Security is a complex process, and Exchange compatibility is a complex topic even in an all Microsoft world. There are still a lot of Exchange 2003 servers in the world, where enforcing device encryption is not possible. There are still millions of Windows Mobile 5.x and 6.0 mobile devices, where enforcing device encryption is not possible. And Exchange 2007 SP1 was in beta when Windows Mobile 6.0 was released, why didn't Microsoft ensure that WM 6.0 would be compatible with server security features they intended to rollout in 6 months?

Microsoft designed their server to allow syncing with older Windows Mobile devices. If you are so passionate about iPhone, how come you aren't ranting about the security hole perpetuated by Microsoft for backwards compatibility with older Windows Mobile devices?

By the way, at this time the new Palm Pre doesn't support device encryption policy setting on Exchange 2007 SP1:
»kb.palm.com/wps/portal/kb/na/pre···_en.html

If end-user device lock-down matters, then why aren't you running Blackberry Enterprise Server, or creating a white-list of approved mobiles for use with Exchange 2007 SP1?]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23093402 Mon, 28 Sep 2009 01:35:35 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23092074 http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23092074 Sun, 27 Sep 2009 19:22:08 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23070861
Thanks for the intellectual discussion and understanding at least some of my points. It's been a frustrating last couple of weeks.

Regards.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23070861 Wed, 23 Sep 2009 16:06:36 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23070853
Again, I never expected the device to work under all circumstances from now and until the end of time. I understand that updates happen (both by Apple and other vendors like Microsoft) that may disable functionality for some and enhance it for others. I am also not saying that enforcing the additional layer of hardware security is a bad thing. Apple did not release a bug in 3.1 by plugging the security hole with hardware encryption, they fixed one. The only problem is that it wasn't a bug. A bug is unintentional. This was clearly a deliberate move. In addition, to this date they are still not informing potential 3G customers of the issue up front. Having verbage in the 3GS manual or expecting people to know about a press release burried somewhere on the Internet which acknowledges the issue does not help inform 3G customers of any shortcomings. The only people who really know about the issue are a few tech support people at Apple, Gizmodo, enGadget and the rest of us who got screwed. Not even the people at the Apple or AT&T stores are aware of it so they can't warn customers. I mean how long would it take to update their website to alert users who purchase an iPhone 3G and opt for the MS Exchange service that the 3G doesn't support hardware encryption???

I just got an email from Apple yesterday informing me about the 3.1 iPhone OS update and that if I haven't downloaded it yet, I should. How ironic is that? Guess what was noticably absent from the marketing email? If you said "any warning about blocking MS Exchange for iPhone 3G" then you guessed correctly! If Apple isn't trying to hide anything then why is there no mention of this in the email? Not even in the fine print!

Lastly, your comment about Apple never stating that the 3G would work on MS Exchange indefinitely is also missing the point. I am not saying that they ever claimed this. What I am saying is that it was not legitimately compatible with MS Exchange from day one but they deceived the public into thinking it was. There is a very, very big difference between Microsoft making an update to MS Exchange that breaks the iPhone ActiveSync support after the release of the iPhone 3G and Apple ignoring a security requirement from the get-go when they knew full well that the server required it. ]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23070853 Wed, 23 Sep 2009 16:06:29 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23057459
I always like to play Devil's Advocate, so I can see his point, but as I mentioned in my 2nd post you can't expect software/hardware to behave the same way forever when updates are being applied. All I can think of is really for Godlikesme to find someway of rolling back the update to a previous, working version. I'm sure on some iPhone modding sites there will be a tutorial on how to do it.

Also as I mentioned earlier, Apple never stated that the 3G would work indefinitely on Exchange... but the assumption is that it would... but you know what happens when you assume. C'est la vie. I can sympathise to a point, but dude, tell your boss to get you a 3GS :-)]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23057459 Mon, 21 Sep 2009 09:51:43 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23047045

quote:
Exchange ActiveSync security policies
• Remote wipe
• Enforce password on device
• Minimum password length
• Require alphanumeric password
• Require complex password
• Inactivity time in minutes

There is no fraud, and Apple was upfront about the enterprise capabilities in the documentation made available to enterprises.

That information is in the 2-page iPhone_MS_Exchange.pdf and longer iPhone_Enterprise.pdf, and both were made available around the time iPhone 2.0 firmware launch (when Exchange compatibility was introduced). Go bark up Microsoft's tree over their weak protocol for policy enforcement on mobiles.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23047045 Fri, 18 Sep 2009 17:52:36 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23046599
I agree with mostly everything you've written in your last post. I realize that I am living in a dream world by thinking I can beat Apple in court. Life is not a Disney movie.

I also realize that there are many other options for phones and I HATE AT&T as a provider -they are absolutely attrocious. In the end I may very well end up getting another phone but that wouldn't make what Apple did right.

I emphasize this specific issue over any other shortcoming on the iPhone to date because it was done deliberately to deceive consumers and arguing that no one forced me to update the iPhone OS software is like telling you not to update Windows or your antivirus definitions. When people buy hardware or software these days they expect that at some point in the product's lifetime at least one or more software updates will need to be applied. Granted there are always disclaimers about the risks involved and how the company assumes no reliability etc. but this case is different. In this case Apple falsified functionality when the 3G was initially released knowing it would ultimately deploy updated software that would effectively render the MS Exchange functionality useless when using the iPhone 3G in a secure corporate environment. For over a year (i.e. June 2008 through September of 2009) Apple continued to sell the 3G without providing any information to existing or potential customers that this was an issue. In my mind this constitutes fraud.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23046599 Fri, 18 Sep 2009 16:43:40 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23046485
I put it to them very simply. I said that if they would have been forthcoming from the get-go and not "spoofed" the whole MS Exchange hardware encryption support I would have immediately known that the phone would not meet my needs with respect to the corporate email functionality and I would have promptly returned it within my 14 day window. I could have then opted for another phone or stuck with my existing one until a newer version of the iPhone launched that did support my needs. This was a chance for Apple to set things right with me. I didn't immediately jump up and yell lawsuit. I only started pursuing the idea after I exhausted ever other attempt at resolving the dispute.

You know how the entire ATM banking system has an agreed upon set of "guidelines" which all participating banks must adhere to (i.e. Plus, Star, Most etc.) and failing to adhere to those guidelines would result in the cards issued by those banks being refused access to the ATM network?

If Apple ran a bank you could probably expect something like this to happen...

Most people using an ATM card are under the impression that as long as no one knows their 4-digit pin their money is safe. Not with the "Apple Computer iDebitCard". With this wonderful piece of plastic the whole 4-digit pin is bogus and in reality if someone got a hold of your card they could have entered in any 4-digit combination and cleaned out your account.

Now in the case of a bank it didn't cost me anything to open up the account and I might have even received a free gift or $50. In addition there is no penalty for me closing the account. In the case of the iPhone however it cost me $300. Are you starting to catch my drift here?]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23046485 Fri, 18 Sep 2009 16:42:54 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23045111
My whole issue with you is the fact you think you can sue.

Let me ask, and answer some questions...
(First, I totally understand your point about SP1 Nov 07 and Apple, June 08 and their claim about something). But let me ask this...
When you bought it, did it work as advertised? "Yes"
Did anyone FORCE you to upgrade? "No"
Do/Did Apple claim it will forever work? "No"

On that basis, a lawsuit will fail dismally and Apple will laugh hard and long at you. I can be pretty certain that their lawyers get paid more than the one you hired.

I understand you're upset that something that worked now doesn't. But Apple NOT telling you that something MAY NOT work in the future is just bad communication, not a lie and not false selling.

As for turning off encryption, yes I understand for some people that's not an option, nor is forwarding email. I realise that. But you have never addressed the point many people, and myself, raised... why not just ditch it and get a Blackberry? Or a Nokia? Or a Palm? Do you continue to use the iPhone for other things? Does everything else work?

I have to ask this also - if you SO badly need work email on a handheld device, why doesn't your employer supply you with a device that will work? I'd never use my own device for work email, just out of principle. If I need to check work email outside of the office, I'll use an internet cafe and VPN. I'd suggest you ask your boss about the company providing you with something compatible. Hell, they may even get you a 3GS if you ask nice.

I know you feel slighted by Apple's behaviour and it's understandable to a point, but not so far as you genuinely thinking you can sue. That's just ridiculous, and you're letting your anger overshadow your better judgement. I'm sure in the back of your mind you can't seriously think you'll get anything from Apple.

Oh BTW - I personally HATE FaceBook and Twitter etc so please don't assume I'm a spotty teenager and mix me up with other spotty teenagers. I've got almost 20 years in the tech industry. I'm no PFY or a noob.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23045111 Fri, 18 Sep 2009 12:05:21 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23044259 http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23044259 Fri, 18 Sep 2009 09:41:55 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23044172
Another thing, and for the last freaking time...

IT IS NOT ACCEPTABLE TO EXPECT COMPANIES TO TURN OFF ENCRYPTION!!!

Having my company relax their security settings is not an option and shouldn't have to be! Why is that so difficult for you to understand? Apple marketed a product as being compatible with MS Exchange "touting" their ability to run with the likes of RIM in the corporate market and it looks like they were a bit too early coming out of the gate. They need to own up to it just like Microsoft did with all of the failed Xbox 360 red-ring-of-death issues.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23044172 Fri, 18 Sep 2009 09:36:12 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23042423
Photos also need to be encrypted, or at least have the option to do so. Lots of health patient data can be stored in visual form.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23042423 Thu, 17 Sep 2009 21:28:18 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23042218 said by Matt:

... This is not HTTPS encryption which is relatively minuscule... Why isn't it like HTTPS encryption? How much encryption is bloody needed? And why does EVERYTHING on the flash have to be encrypted? To comply with the ActiveSync policy, what more than the e-mail, contacts and attachments would be encrypted? How hard can it be to retrieve 20 e-mail messages, encrypt them and store them on the flash? The titles and contacts could be cached in memory and kept unencrypted for fast searching. When a message is opened, it's decrypted. Attachments might be a bit more challenging but the only thing I see is a bit slower experience and the potential for some significant battery drain. Who bloody cares about the battery? I'd rather experience a bit of a slow down and not lose my e-mail capabilities.

I just don't buy into why this isn't technically feasible. The only thing that would make it a non-starter is if ActiveSync encryption requires 1024-bit encryption or something else that would take a thousand years to crack. I've read 128-bit SSL would take 10 years to crack using a brute force method. If true, unless you work for the CIA, 128-bit SSL should be sufficient to keep corporate e-mail safe for the next several years until the current iPhone models outlive their useful life. And if SSL is part of Safari on the iPhone, it seems completely PLAUSIBLE that pre-3GS iPhones could encrypt and decrypt the e-mail and contact store without major performance or battery-life issues.

This smells fishy to me.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23042218 Thu, 17 Sep 2009 20:54:05 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23040506
Dude. I've been reading your posts across various forums. I can somewhat understand your frustration about being led to believe the phone did something it apparently doesn't do, but seriously...

A lawsuit? ARE YOU KIDDING???

Tell your Exchange Admin to turn off the policy setting to require encryption. Job done.

Or, sell your phone on Craigslist and buy a Blackberry. Job done. That's cheaper than a lawsuit.

You think Apple will give you money because you can't get your email?

How about having your work mail forwarded to Gmail and access it there?

You have got no grounds for a lawsuit, it's frivolous at best. So what, you can't get your work email on your phone. Too bad. If your company switch to Lotus Notes, or Sendmail, or move to some other system, will you blame Apple then too?

You can't get your own way, so you sue. It's (re)actions like this that give America the "ambulance chaser" and "screw everyone for cash" labels the rest of the world think about you/us. Sorry to say it, but it's true. Just accept the fact that your toy has been taken away and now you need to decide whether to deal with it, or just get a new toy.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23040506 Thu, 17 Sep 2009 16:07:01 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23039316 http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23039316 Thu, 17 Sep 2009 12:46:43 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23039238
»www.microsoft.com/downloads/deta···ylang=en]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23039238 Thu, 17 Sep 2009 12:45:14 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23039225 http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23039225 Thu, 17 Sep 2009 12:44:38 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23035124 said by ChiefTom :

Matt,

Thanks forthe referance links.

In the first referance in the middle of the page is the following

Require Device Encryption
This setting specifies whether device encryption is required. If set to $true, the device must be able to support and implement encryption to synchronize with the server.

This means to me that unless the device has can support encryption, it can not synchronize.

It has been this way since mid 2008.

If Encryption was required, why was the device able to sync when this policy say no.
Because the iPhone's version of Activesync had no idea about that requirement. The requirement wasn't introduced until Exchange 2007 SP1, so the iPhone (or any other device) would have to run a version of Activesync updated or released after the release of SP1 to honor it.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23035124 Wed, 16 Sep 2009 17:53:32 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23034925 http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23034925 Wed, 16 Sep 2009 17:11:17 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23034711 said by ChiefTom :

This means to me that unless the device has can support encryption, it can not synchronize.It doesn't matter what it means to you, it matters how Microsoft designed the Exchange ActiveSync protocol. One of the protocol's weak links is that mobile devices can ignore policies set on the server, full stop.

That means older Windows Mobile devices may connect to Exchange 2007 SP1 servers and ignore the policy settings.
»technet.microsoft.com/en-us/libr···129.aspx

It means Nokia, Palm, Apple and anyone else that has licensed Exchange ActiveSync can pick and choose which policies are enforced on the device. It means that if you want to limit access and control the security policies, the Exchange ActiveSync protocol will force you down another path to gain control over the mobile device.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23034711 Wed, 16 Sep 2009 16:36:05 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23034235
Thanks forthe referance links.

In the first referance in the middle of the page is the following

Require Device Encryption
This setting specifies whether device encryption is required. If set to $true, the device must be able to support and implement encryption to synchronize with the server.

This means to me that unless the device has can support encryption, it can not synchronize.

It has been this way since mid 2008.

If Encryption was required, why was the device able to sync when this policy say no.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23034235 Wed, 16 Sep 2009 15:58:50 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23034017 said by bbarrera:

Yeah I got a good chuckle from that comment too, if there is one thing Microsoft does well its Exchange.

I'm curious about your Outlook Web Access comment, do you allow any device to connect to OWA? If so how do you reconcile the 'no encryption no support' comment (which I could parse one of two ways)?
RSA key required for logon to complete]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23034017 Wed, 16 Sep 2009 14:45:47 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23031832
»technet.microsoft.com/en-us/libr···84.aspx#
»msexchangeteam.com/archive/2007/···551.aspx

Note the requirement that for all those policies to be applied, the device must support Activesync 12.1. If the device doesn't support a 12.1 requirement that it doesn't know about (as is the case with the iPhone) it continues to function but it just ignores that policy setting. My guess is that Windows Mobile 5 devices also continue to function normally yet don't support encryption or any of the new Activesync 12.1 policies either.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23031832 Wed, 16 Sep 2009 09:44:34 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23029864 said by Matt No, it wasn't reporting anything to the Exchange server. It simply ignored the policy setting sent to it by Exchange.[/bquote :

That is not what was happening but, even if it was, that makes it ok????

The Data Owner says don't connect unless you have Hardware encryption and Apple ignored the data owners requirement.

That is still a LawSuit.

Hea, how about you send me your credit card number... Its ok, I promise to encrypt it so no one can get it if my computer is stolen.

The data exchange between the Exchange Server and the iPhone went like this...

iPhone: I have a user that wants to log in.
Exchange says: Do you have hardware encryption?
iPhone says: Yes (I really don't but I am say yes anyway)
Exchange says: ok, give me the user's credentials...]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23029864 Tue, 15 Sep 2009 21:43:19 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23028304 said by ChiefTom :

said by Matt:

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one.
What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.
No, it wasn't reporting anything to the Exchange server. It simply ignored the policy setting sent to it by Exchange.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23028304 Tue, 15 Sep 2009 16:50:44 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23028293 said by ChiefTom :

said by Matt:

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one.
What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.
How you figure?
--
standard disclaimers apply.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23028293 Tue, 15 Sep 2009 16:49:16 EDT Re: [iPhone] 3.1 breaks Exchange Sync http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23028218 said by Matt:

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one. What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-23028218 Tue, 15 Sep 2009 16:46:50 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23027223 --
standard disclaimers apply.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23027223 Tue, 15 Sep 2009 13:43:18 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026659 said by wingrider01:

said by itguy05:

quote:
Shouldn't the server know its on an encrypted connection?

Yes but you are talking about crappy MS software (Exchange) here and like with all things Microsoft, it's neither reliable nor stable.

/rofl so speaks one that has not used Exchange 2007 in a large environment
Yeah I got a good chuckle from that comment too, if there is one thing Microsoft does well its Exchange.

I'm curious about your Outlook Web Access comment, do you allow any device to connect to OWA? If so how do you reconcile the 'no encryption no support' comment (which I could parse one of two ways)?]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026659 Tue, 15 Sep 2009 11:59:46 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026373 said by rradina:

Does anyone know why you have to have a "hardware encryption chip" to encrypt e-mail on the iPhone? I understand that asking the general purpose CPU to perform this task may cost battery life and performance but isn't it possible to offer this to pre 3GS users and still adhere to the Exchange policy?

The iPhone supports HTTPS which is at least 128-bit encryption. Are there requirements from Exchange that specify it has to be something only a hardware encryption chip can perform?

This seems senseless on Apples part for not being able to perform software encryption of the e-mail. Perhaps I'm just twisting in the wind because I don't understand the complexities but it just seems like the hardware chip would enable the 3GS to perform faster and use less battery life when working with encrypted e-mail. Great -- that's part of the allure of a 3GS, it's faster. This doesn't mean pre 3GS users have to get locked out of Exchange. Surely some form of minimal and efficient software encryption can be performed on pre-3G phones that adequately protects corporate e-mail.
This is encryption of all the data on the internal flash, which would require it to be encrypted and decrypted on the fly, for every single read/write. This is not HTTPS encryption which is relatively minuscule. That is likely too taxing for the hardware in the pre-3GS models as just running the OS software, they pause and stutter.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026373 Tue, 15 Sep 2009 10:59:35 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026302 said by itguy05:

quote:
Shouldn't the server know its on an encrypted connection?

Yes but you are talking about crappy MS software (Exchange) here and like with all things Microsoft, it's neither reliable nor stable.
/rofl so speaks one that has not used Exchange 2007 in a large environment]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026302 Tue, 15 Sep 2009 10:45:25 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026286 said by Daemon:

said by Youngjm:

Some industries such as Health Care require mobile devices to be encrypted. This just fixes that setting so that admins be assured of compliance with outside agencies.

IMHO.

I work at a health care research institution. Even though none of our lab members ever handle patient data, we still have to be trained and aware of HIPAA rules, and ensure that HIPAA-protected data does not end up on our machines, because we are not following the more strict set of protection standards.

It's been several days since we last heard from our exchange server administrators. I suspect they are weighing HIPAA against the complaints of a thousand or more faculty and students grousing they no longer have exchange connections. (They haven't disabled the required encryption policy yet)
SysAdmin at a CRO - easy response here for us, no encryption, no support. That is IF we allowed personally owned items to connect

Add to the fact that we do not permit ANY personally owned equipment, be it cell phones, laptops, personal computers access to the network outside of Outlook Web Access.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026286 Tue, 15 Sep 2009 10:42:38 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026264
The iPhone supports HTTPS which is at least 128-bit encryption. Are there requirements from Exchange that specify it has to be something only a hardware encryption chip can perform?

This seems senseless on Apples part for not being able to perform software encryption of the e-mail. Perhaps I'm just twisting in the wind because I don't understand the complexities but it just seems like the hardware chip would enable the 3GS to perform faster and use less battery life when working with encrypted e-mail. Great -- that's part of the allure of a 3GS, it's faster. This doesn't mean pre 3GS users have to get locked out of Exchange. Surely some form of minimal and efficient software encryption can be performed on pre-3G phones that adequately protects corporate e-mail.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23026264 Tue, 15 Sep 2009 10:37:42 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23013704 said by ssj4android:

Just curious, what about iPods? Do the new 32 and 64 GB support encryption while the rest don't?
And I do think it's stupid Apple isn't even giving people the option of using software encryption.
According to the deployment guide from Apple:

The Exchange policy to require device encryption (RequireDeviceEncryption) is supported on iPhone 3GS, and on iPod touch (Fall 2009 models with 32 GB or more). iPhone, iPhone 3G, and other iPod touch models do not support device encryption and will not connect to an Exchange Server that requires it.
--
"The only thing that’s worse than being blind is having sight but no vision."

"Nothing is impossible, you just don't have the technology or the knowledge to do it"]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23013704 Sat, 12 Sep 2009 17:44:27 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23013117 And I do think it's stupid Apple isn't even giving people the option of using software encryption.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23013117 Sat, 12 Sep 2009 15:07:53 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23011355 --
Islam is a hate crime: »www.thememriblog.org]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23011355 Sat, 12 Sep 2009 01:35:25 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23010737 http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23010737 Fri, 11 Sep 2009 22:16:32 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23010569 quote:
Shouldn't the server know its on an encrypted connection?

Yes but you are talking about crappy MS software (Exchange) here and like with all things Microsoft, it's neither reliable nor stable.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23010569 Fri, 11 Sep 2009 21:39:45 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23008944 said by AVD:

The same guy in charge of MMS was in charge of encryption? Why cant the unit encrypt a folder or two with software?
The thinking is that the decryption routines are CPU intensive and would thus demolish what little battery life the phone has. The 3GS has a built in decryption chip.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23008944 Fri, 11 Sep 2009 16:10:04 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23008052 said by Daemon:

said by AVD:

Shouldn't the server know its on an encrypted connection?

Yes, but the feature we are talking about is not the connection between the server and the device when downloading emails (SSL), it's encrypting the data on the device after it's downloaded. It's so that in case the device is lost or stolen, someone can't remove the data storage chips/drive in the device and download all of the information on it, bypassing the password. If it's encrypted, they'll need the password or the data will just look like a garbled mess.

It's like encrypting your home directory on a mac.
The same guy in charge of MMS was in charge of encryption? Why cant the unit encrypt a folder or two with software?
--
standard disclaimers apply.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23008052 Fri, 11 Sep 2009 13:34:04 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007902 said by Youngjm:

Some industries such as Health Care require mobile devices to be encrypted. This just fixes that setting so that admins be assured of compliance with outside agencies.

IMHO.
I work at a health care research institution. Even though none of our lab members ever handle patient data, we still have to be trained and aware of HIPAA rules, and ensure that HIPAA-protected data does not end up on our machines, because we are not following the more strict set of protection standards.

It's been several days since we last heard from our exchange server administrators. I suspect they are weighing HIPAA against the complaints of a thousand or more faculty and students grousing they no longer have exchange connections. (They haven't disabled the required encryption policy yet)
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007902 Fri, 11 Sep 2009 13:10:57 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007883
IMHO.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007883 Fri, 11 Sep 2009 13:08:14 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007817 said by AVD:

Shouldn't the server know its on an encrypted connection?
Yes, but the feature we are talking about is not the connection between the server and the device when downloading emails (SSL), it's encrypting the data on the device after it's downloaded. It's so that in case the device is lost or stolen, someone can't remove the data storage chips/drive in the device and download all of the information on it, bypassing the password. If it's encrypted, they'll need the password or the data will just look like a garbled mess.

It's like encrypting your home directory on a mac.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007817 Fri, 11 Sep 2009 12:58:22 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007784 said by Daemon:

said by AVD:

Shouldn't this be enforced on the server end and not the client end anyway? This is just poor design by Microsoft.

Aside from Microsoft issuing signed certificates to handset makers to include on ActiveSync devices, how would Microsoft enforce it on the server side? Devices could just claim to be encrypted. I suppose since ActiveSync already requires licensing, having a Microsoft-maintained 'whitelist' wouldn't cause too much grousing, but MS already takes a lot of flak for not being interoperable.
Shouldn't the server know its on an encrypted connection?
--
standard disclaimers apply.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007784 Fri, 11 Sep 2009 12:53:08 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007746 said by AVD:

Shouldn't this be enforced on the server end and not the client end anyway? This is just poor design by Microsoft.
Aside from Microsoft issuing signed certificates to handset makers to include on ActiveSync devices, how would Microsoft enforce it on the server side? Devices could just claim to be encrypted. I suppose since ActiveSync already requires licensing, having a Microsoft-maintained 'whitelist' wouldn't cause too much grousing, but MS already takes a lot of flak for not being interoperable.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007746 Fri, 11 Sep 2009 12:44:24 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007708 said by Daemon:

said by PhoenixDown:

However... if the IT group did allow it, and I saw the iphone supported exchange syncing (I'm sure I saw it for the 3G, not 100% about the original) -- I would've bought the phone on that assumption and been REALLY pissed if that functionality was taken away in an update like this.

Functionality wasn't taken away per se. Microsoft added a feature to the Exchange 2007 system. Apple then started supporting that feature, which is to prevent connections when the Exchange server forces encryption.

The 3G has NEVER supported encryption. Nothing was taken away.

It's a hell of a lot worse for Apple to just let 3Gs connect to the server anyway. Having a bunch of non-encrypted devices connected to an exchange server that is supposedly requiring encryption is a nightmare for IT managers and companies that have sensitive data in emails.
Shouldn't this be enforced on the server end and not the client end anyway? This is just poor design by Microsoft.
--
standard disclaimers apply.]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007708 Fri, 11 Sep 2009 12:38:05 EDT Re: [iPhone] 3.1 breaks Exchange Sync for pre-3GS phones http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007437 said by PhoenixDown:

However... if the IT group did allow it, and I saw the iphone supported exchange syncing (I'm sure I saw it for the 3G, not 100% about the original) -- I would've bought the phone on that assumption and been REALLY pissed if that functionality was taken away in an update like this.
Functionality wasn't taken away per se. Microsoft added a feature to the Exchange 2007 system. Apple then started supporting that feature, which is to prevent connections when the Exchange server forces encryption.

The 3G has NEVER supported encryption. Nothing was taken away.

It's a hell of a lot worse for Apple to just let 3Gs connect to the server anyway. Having a bunch of non-encrypted devices connected to an exchange server that is supposedly requiring encryption is a nightmare for IT managers and companies that have sensitive data in emails.
--
-Ryan
sig for sale! Only one previous owner, lovingly cared for]]> http://www.dslreports.com/forum/Re-iPhone-31-breaks-Exchange-Sync-for-pre3GS-phones-23007437 Fri, 11 Sep 2009 11:45:52 EDT