An Activesync IT administrator has the ability to choose if the phone should require a password, and also how complex it should be.
Since the fingerprint scanner appears to replace the traditional password screen, how does that affect an Exchange-connected phone with traditional password policies?
The Exchange ActiveSync Policy Engine gives administrators the option to allow biometrics. See http://technet.microsoft.com/en-us/library/dn282287.aspx for details.
In addition, it seems almost certain that using a PIN code or passphrase instead of biometrics will remain an option. It turns out that you must set at least a PIN when using TouchID. When you reboot, or have not unlocked the phone for 48 hours, the phone requires the PIN to unlock. See http://blogs.wsj.com/digits/2013/09/11/apple-new-iphone-not-storing-fingerprints-doesnt-like-sweat/
