Join Brien Posey for an in-depth discussion in this video Connect a mobile device to Exchange, part of Windows 10: Provision and Manage Mobile Devices.
- [Instructor] Connecting a mobile device to Exchange Server is normally a really easy process. Microsoft has designed the process to be easy enough that an end user can connect their own device. However, there is one potential gotcha that you need to be aware of. Mobile devices connect to Exchange Server by using the ActiveSync protocol, and in order for ActiveSync to work correctly, the Exchange Server has to be provisioned with a certificate and the mobile device has to be configured to trust the certificate authority that certificate came from.
Now, this isn't ordinarily a problem, because typically Exchange Server is set up to use a certificate that was purchased from a well-known commercial certificate authority. However, you can configure Windows Server to act as an enterprise certificate authority, and if Exchange Server uses a certificate from an enterprise certificate authority, then mobile devices aren't going to trust certificates from that certificate authority. So the way that you fix this problem is to download a CA certificate to the mobile device.
So let me show you what this looks like. What I'm going to do is open my browser. And I've got an enterprise certificate authority on my network. So what I'm going to do is go to a website that exists on that enterprise certificate authority, and the URL is http:// and then the server name for your certificate authority. In my case, that server name is in-ss-ca.poseylab.com. And then you have to enter /certsrv.
That's C-E-R-T-S-R-V. And that will take you to the certificate authority website. And you'll be prompted to log in, so I'm going to enter a set of administrative credentials. And I'm taken into the certificate authority website. And you can see that right here, I have an option to download a CA certificate, certificate chain, or CRL. A CA certificate is a certificate authority certificate.
It's what allows a device to trust the certificate authority. So I would go to this link, and then I would download a CA certificate. And this has to happen on the mobile device. That's what allows it to trust your enterprise certificate authority. Now, as I said, if you're using a commercial certificate authority that's well-known, then the mobile device should already trust that certificate authority. So let me switch over to my mobile device. So here I have a Windows Phone emulator, and I've already gone ahead and downloaded the necessary certificate to this device.
If I open my mobile browser, you can see that I'm on the same website that you just saw, and I used the link to install the CA certificate, and that downloaded a certificate to my device so that it would trust the certificate authority, and therefore ActiveSync would work and I would be able to connect this device to Exchange Server. So with that said, let's go ahead and connect the device to Exchange. The method that you're going to use is going to vary slightly from one device type to another. It's going to be a little bit different on Android and a little different on iOS.
I just happen to be using Windows Mobile. So what I'm going to do is I'm going to tap on Outlook Mail, and when I do that, I'm taken to an accounts page. I'm asked to add an account. So I'm going to tap add account, and then you'll notice that I have choices for a lot of different types of accounts. I've got Outlook, Exchange, Google, Yahoo Mail, iCloud, and other accounts. I'm going to go with the Exchange option and click continue. Next I'm asked for my email address, so I'm going to type an email address for a standard user on my Exchange Server.
I'll use firstname.lastname@example.org. It takes just a second to look up that user's account. And now I'm prompted for a password, so I'll enter the password for that account. And I'll tap sign in. And I receive a message saying that my account was set up successfully. So you can see right here, email@example.com. So I'll tap done.
And I see a message saying ready to go, so I'll tap that. And I'm taken into Outlook Mobile, and you can see that I've already got some email in my inbox. So that's how you connect a mobile device to Exchange Server.
- Configuring mobile device mailbox policies in Exchange
- Viewing mobile device information
- Managing ActiveSync policies with Configuration Manager
- Configuring profiles: VPN, certificate, email, and Wi-Fi
- Configuring Intune for mobile device management
- Enrolling mobile devices in MDM
- Managing devices with Intune