How to Securely Deploy iPhones With Exchange ActiveSync in the Enterprise - The Complete Cookbook

Friday, June 18, 2010
Based on a request at TechEd, I consolidated my 7-part series "How to Securely Deploy iPhones With Exchange ActiveSync in the Enterprise" into a single PDF document. Now you can view the entire series in one place or print it out for easier reference.

On a side note, I've tested these procedures on iPhone OS4 and everything works as expected.  No changes need to be made to the existing procedures - it all works fine.


  1. Jeff,
    is it possible to configure ActiveSync just for the purpose to implement Remote Wipe under one Email Address to manage multiple iPhones?

    Just wondered if this could be done with Exchange 2003 at all before getting to far into a project by trial and error.

    Thank you for the excellent cookbook.

  2. I'm not sure what you mean by "implement Remote Wipe under one Email Address to manage multiple iPhones". Can you explain?

  3. Here is the scenario:
    A non-profit organization has 1000 contributing members. Each member has his/her own iPhone.
    The organization operates Exchange 2003 with one email account '' under which all iPhones are to be managed with ActiveSync for the sole purpose of Remote Wipe.
    Each iPhone is configured to sync with '' to enable Remote Wipe (no email or other services are required because each member has a personal email account configured using a separate iPhone configuration profile).

    Could this be implemented?

    Thanks Jeff.

  4. Interesting scenario. Yes, that will work as long as all users have full mailbox access to the mailbox.

  5. Thank your for the feedback.
    Here is one more requirement which I did not mention.
    The organization does not want to maintain Windows user accounts for each member.
    Just one Windows user account will be made available and associated with mailbox
    Each member's iPhone connects to the same account.
    It is hoped that the system will wipe the correct iPhone based on the unique
    iPhone identifier.
    Is this approach still doable?

  6. The maximum number of ActiveSync devices per user is 10 with Exchange 2010 SP1. Besides, it would be very difficult to tell which device you want to wipe. You would have to keep a database of all the device ID's.

  7. Thank you very much for your advice.


Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.