Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Company installed new Screen Password Lock thru Exchange. How is this possible?

S

SingaporeStu

macrumors regular
Original poster
Mar 12, 2009
100
0
My company just installed some new screen password lock on my iPhone through my Exchange account. (It has to be that because there are no other company-related software or settings apart from that on my iPhone).

How is this possible? I thought all software getting on to the iPhone has to be approved by Apple and installed through iTunes/ App Store?

This is my personal iPhone, not a company iPhone, and has never been touched by my company's IT guys. The Exchange account settings were configured by me. I've been using it for email on the go.

They sent out an email earlier saying that Blackberry & WinMo users (company-issued or not) would have this, but I didn't think it could get on to my iPhone.

Also, if they can install that, what else can they install? Now I'm really afraid Big Brother is watching...
 
ActiveSync (that your iPhone uses for push email w/ Exchange) allows companies to set general device policies, like the 'lock password' on your device.

I think these are the only policies that can be applied:
http://images.apple.com/iphone/business/docs/iPhone_MS_Exchange.pdf

Exchange ActiveSync security policies
• Remote wipe
• Enforce password on device
• Minimum password length
• Maximum failed password attempts (before local wipe)
• Require both numbers and letters
• Inactivity time in minutes (1 to 60 minutes)

Additional Exchange ActiveSync policies (for 2007 only)
• Allow or prohibit simple password
• Password expiration
• Password history
• Policy refresh interval
• Minimum number of complex characters in password
• Require manual syncing while roaming
• Allow camera
 
Exchange servers give System Adminstrators the power to enforce security policy on client computers. It's one of the features of Exchange that make it popular in business. This functionality is written into the iPhoneOS, so nothing needs to be "installed."
 
Oh, ok... That's news to me... Guess I haven't really read up much on Exchange Activesync.

But that's all they can do right? They can't install anything beyond that? There's no "back door" through Exchange Activesync to spy on my iPhone?

Also, does the Remote Wipe through Exchange Activesync wipe the whole phone? Or just the data from the Exchange account?

Thanks for your replies, all.
 
My understanding in remote wipe is essentially the same as doing a full reset or restore. I administer 10 iPhones at work and we use notifylink to control our devices. It emulates activesync and it can do a remote wipe. It fully wipes it like a restore does. I have tested this...it was one of the key features we looked for in a product.

I would assume if you are allowed to access your companies information you signed some type of policy that allows them to do this or agreed to do something. So it's their information ( their email) so they can administer it anyway they see fit...even if it means locking your device to control it and remote wipe it to secure it.
 
phishindsn said:
My understanding in remote wipe is essentially the same as doing a full reset or restore. I administer 10 iPhones at work and we use notifylink to control our devices. It emulates activesync and it can do a remote wipe. It fully wipes it like a restore does. I have tested this...it was one of the key features we looked for in a product.

I would assume if you are allowed to access your companies information you signed some type of policy that allows them to do this or agreed to do something. So it's their information ( their email) so they can administer it anyway they see fit...even if it means locking your device to control it and remote wipe it to secure it.
Click to expand...

Well, for what it's worth, I didn't sign any agreement or policy. It was a "remove your settings or accept the new sh*t" kind of thing. I just didn't think my iPhone would be affected, that's all.

I tried to deactivate my Exchange account, but the new password lock is still there. How do I remove it and restore to the default 4-digit lock?
 
sounds like an IT policy. Similar to the blackberry BES that we manage at my office.

suckers
 
SingaporeStu said:
I tried to deactivate my Exchange account, but the new password lock is still there. How do I remove it and restore to the default 4-digit lock?
Click to expand...

Could you turn off the password lock entirely? If so then maybe it switch back to the four digit after you turn that option back on.
 
-aggie- said:
I wouldn't have my work's email on my iPhone then. Let them give me a business phone.
Click to expand...

If you don't have your work email on your iPhone that means you don't have exchange set up, and they wouldn't be able to do a remote wipe.
 
It's not like they're doing it on his personal phone. If he has company data through his email on the phone then they should require him to have the passcode. Take off the company data, no need for them to enforce it on your phone.
 
If they did a remote wipe on an iphone, but I had my iphone backed up in itunes, and I restore the backup from itunes... Will I get my stuff back? I'm assuming I will get back anything that was not synced with the exchange server, such as apps and settings, but probably not my contacts or calendar?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back