To ensure the compliance of the Mobile Device Encryption Policy signed by President Gogue, the ActiveSync mailbox rules will be updated on Monday, November 2, 2015. This change will require that any smartphone/tablet trying to check University email via Exchange ActiveSync have the following security settings in place:
These new ActiveSync rules do NOT make changes to your device for you. These security features must be enabled for ActiveSync to allow email to flow to your device. This means iOS users will likely need to manually turn on the "auto factory reset" feature and Android users will likely need to manually enable all the required security features.
You are strongly encouraged to take steps now to ensure your device is in compliance so there will be no interruption in email service to your device. If you need help making these changes, contact your IT Provider.
Please backup your device information, including photos, before running the encryption, there is a possibility when trying to encrypt the device that it could fail and a Factory Reset may need to be done to restore the device. When this occurs this means there is a potential to lose data for Call Logs, Contacts, Instant Messaging, photos and other data for applications.
Mobile Device Encryption Chart
|OS Version||Native Encryption||Time to Encrypt||Battery Life Required||Lock Method||Notes|
|iOS 3.1 or greater||Yes||5 mins||NA||PIN||Encrypted automatically when passcode & auto-lock are set|
|Android 4.4.x - 5.x||Yes||Up to an hour||80%, Recommended to plugin charger||PIN or Password||Upgrade or New Phones Factory Encrypted|
|Android 4.0 - 4.2||Yes||One hour or more||100%, Recommended to plugin charger||PIN or Password|
|Android 1.6 - 3.0||No, Use third party application||Varies based on device||Recommended to plugin charger||PIN||Recommend Outlook Web App|
|Windows Phone 8 or 8.1 update 1||Yes||5 mins||NA||PIN||Encrypted automatically when passcode is set and policy applied (encryption cannot be user initiated)|
|Windows 10 Mobile||Yes||5 mins||NA||PIN|
Windows 8.1 users: The Microsoft native mail application does not support Microsoft ActiveSync. To access your email on this device please use Outlook email that comes with Office or Outlook Web Access.
How to Set a PIN/Password, Set Auto-Lock Time, and Turn on Encryption
NOTE: Encryption is automatically turned on when passcode is set.
NOTE: Before you begin encryption, the phone must be 80% charged and connected to the charger.
NOTE: Before you begin encryption, the phone must be 100% charged and connected to the charger.
When Active Sync is enabled on an existing Exchange account for Windows Phone you will be giving the following prompt:
"Create a new password"
Your phone's security policy has changed, so you'll need to change your lock screen password. Here are the new requirements.
Must have at least 4 digits
Select "Set" to add the password.
If you select "Set" you will be prompted to create a pin."
To verify that the device is encrypted on Windows Phone 8.1, please do the following:
Device encryption is an option that comes disable by default, but you can easily enable the feature using the following steps:
Important Note: A password PIN must be in place to enable the feature if your mobile device doesn't have one when trying to enable Device encryption, you will be automatically redirected to the Sign-in options settings page to create a PIN. Then you would just tap the Add button, under the PIN section, and follow the on-screen wizard to create a new PIN. After the PIN password is created, you can go back to Device encryption settings to verify that the feature has been enabled.
While the feature should work as expected, Windows Phone 8.1 used to display an "encrypted" label in the phone storage settings, and Windows 10 Mobile doesn't provide such visual confirmation in the storage settings. The only way to verify your device is being encrypted is by making sure the "Device encryption" is turned on in the Settings app.
It's important to point out that while encryption is enabled on your mobile device, the operating system and your data stored in the local storage will be encrypted, but device encryption will not encrypt data that you stored on an SD card unless you have build 15007 or later. As such, it's highly recommended that you not save sensitive data on a removable storage, as anyone could easily remove the storage and have unrestricted access to that data from any computer.
Frequently Asked Questions
Yes and No. The ActiveSync rules mentioned above will only be activated on your device if you have an ActiveSync Exchange account setup on your device; however, these rules are security enhancements that all users should consider implementing on their devices whether they view sensitive University data on it or not. Furthermore, even if you do not have an ActiveSync Exchange account you are still subject to the Mobile Device Encryption Policy. Please make sure your device is in compliance based on your activity while on your device.
While encryption of your data is an important security feature you should enable, be aware that if you damage your phone, the data on it and its SD card will likely be unrecoverable.
It depends. If you're using your mobile device to enter grades through the Canvas web application or the mobile app, you're fine. If you're storing that data on your device or home computer, then yes you should protect that machine.
Yes, those type devices are included in the Mobile Device Encryption Policy. Over the next few weeks recommendations will be made on how to encrypt these devices.