EAS Logo Program: Good Start, But Not Far Enough

Yesterday, Microsoft announced theExchange ActiveSync Logo Program, which is designed to give IT pros confidence that they're allowing well-supported mobile devices to connect to corporate networks. Exchange ActiveSync (EAS) has become the standard protocol for mobile device syncing and policy control. The problem has been that even device makers that license the protocol from Microsoft can implement it at different levels on their smartphones and other mobile devices. The new logo program will certify that a given device meets a minimum level of EAS support.

The program details 14 EAS policies that must be correctly implemented. They include such basics as direct push for email, calendar, and contacts; handling HTML email messages; Autodiscover for over-the-air provisioning; and GAL lookup. But the required features also include some of the enterprise-level controls, such as remote device wipe, password requirements, and managing the number of acceptable failed logon attempts. Certification for the program to achieve the logo will be handled by a third-party lab, which makes sense when you consider that Microsoft wants to certify its own entrant, Windows Phone 7.

But therein lies the problem with the program, as I see it. The idea is a good one; it can make it easy for businesses to either allow or deny a given device based on this logo, which should state the device's ability to be secured to corporate standards. An organization could establish a policy to allow only devices that have been so certified. However, at least in this initial release, it appears that the level to gain certification has been set, well, rather low—because all Windows Phone 7 devices are included.

Let's remember that one of the major criticisms of the WP7 platform to date ( apart from the update process, of course) has been its lack of full support for EAS. Specifically, it lacks support for full device encryption and storage card encryption. Failure to support this feature alone will prevent some businesses from allowing a given device to connect to their Exchange organization.

Anytime I've spoken with members of the Exchange team and asked about why WP7 doesn't have better EAS support out of the gate, I've gotten the sense, the feeling, that they, too, are disappointed with what the phone team has chosen to include—although certainly no one has said anything against the WP7 developers. But I also know that the Exchange team is quite proud—and rightly so—of what they've done with EAS. So it's easy to imagine some confusion about why the major new mobile phone platform developed within Microsoft is the mobile platform that currently has the lowest level of EAS support overall.

With regards to the EAS Logo Program, I can't help feeling that the powers that be at Microsoft have made it necessary to set the initial baseline level for certification in this program in line with what WP7 already supports—which is well below what EAS can do for organizations. According to the Exchange Team Blog, "Over time, the program will evolve to require additional features and management policies." That's good news, of course, but my suspicious mind says that evolution might just be in lockstep with developments on the WP7 platform itself—seriously, can you imagine a scenario where Microsoft isn't certifying its own product in the space?

According to Ian Hameroff, group product manager for Exchange Partner Marketing, "The Exchange ActiveSync Logo Program allows end users and IT pros to choose the devices they want to use, without requiring a technology ultimatum. To help support this demand, the Exchange ActiveSync Logo program seeks to first establish baseline support for critical security and device management policies. These criteria were based on feedback from customers and partners, with the goal of helping drive greater consistency across Exchange ActiveSync implementations. Over time, this program will enable Microsoft and its partners to further elevate what is considered enterprise ready mobile email device functionality, while not risking user choice, productivity, or experience with Exchange." Developing consistency is a great goal and will eliminate many of the problems with supporting mobile devices, but I still think many organizations will feel that the current level of support doesn't go far enough.

One of the first things I thought when I saw this announcement was that there should be different levels of certification. Many, many devices can achieve what the company has outlined as the baseline expectations currently; why not offer a higher tier of certification that indicates a device has met exceptional levels of support of EAS—levels much more in line with strict corporate policies? Reading through the comments on the Exchange Team Blog, several others have suggested this option as well.

In addition to WP7, the logo program launches with certification already verified for iPhone 4 and iPhone 3GS as well as the iPad and iPad 2. Nokia devices running Mail for Exchange 3.0.50 are also included, which brings in the Nokia E7. Oh, yes—and also, all Windows Mobile 6.5 phones, although one wonders what use it is to certify a dead-end platform. Maybe someone out there is picking these things up at a fire sale, but no sensible business will.

Overall, this is a very welcome idea, and as with most 1.0 releases, we can hope that it will only improve over time. What are your thoughts about this program? Will it affect which smartphones you allow into your Exchange organization? Will it make it easier to deny your company execs the use of some untested device just because they want to use the latest and greatest? Let me know what you think.