6

I have a Microsoft Exchange server for a small business and we just upgraded to 2010. It's now prompting people on Android with:

Activate device administrator?

 - Erase all data: Perform a factory reset, deleting all of your data without any confirmation 
 - Limit Password: Restrict the types of passwords you are allowed to use. 
 - Watch login attempts: Monitor failed attempts to login to the device, to perform some action 
 - Force Lock: Control when device locks, requiring you re-enter its password.

We don't want this. Is there a way in Exchange to turn this off?

SamErde
  • 3,324
  • 3
  • 23
  • 42
Don Rhummy
  • 403
  • 4
  • 8
  • 15

3 Answers3

5

This is pretty similar to how to disable remote wipe for Exchange 2010 ActiveSync?

The short answer is - No. Android will prompt for those permissions regardless of whether Exchange's ActiveSync policies specifically allow or deny Exchange's ability to do those actions.

As far as I can tell, Android's ActiveSync apps have to require that you approve all possible permissions that an ActiveSync policy MIGHT require. I think it has to do with Android's permission models - in order to change the permissions, you have to update the app, and since an Exchange server changing its ActiveSync policy does not physically change the underlying app (and the app itself generally only physically changes through updates from the AppStore), it has to ask for the entire permission set up front.

Driftpeasant
  • 3,207
  • 2
  • 20
  • 28
1

This might work:

From the Exchange Management Console:

  1. Navigate to Organization Configuration > Client Access
  2. Click on the tab labelled Exchange ActiveSync Mailbox Policies
  3. Right-click an existing mailbox policy, and then click on Properties
  4. Click on the tab labelled Password
  5. Remove the checkmark beside Require Password
  6. Click OK
Richard
  • 11
  • 1
0

Android will prompt for that permission as soon as the Exchange server sends a policy. However it won't if the Exchange server doesn't send any policy. So the only way I know is to not assign any policy to users (in Exchange) including deleting the default policy.