2
Confused about Activesync - and how it works
Question asked by Lorne Moffat - January 27, 2016 at 6:37 AM
Unanswered
Hello
I am new to the whole IMAP activesync experience and think i am having issues but not sure. 
the main issue i am having is when the initial sync happens the emails that are in the inbox  do not sync only emails that arrive after.  All subfolders under the inbox are there along with the emails.
 
 

1 Reply

Reply to Thread
1
Bruce Barnes Replied
January 27, 2016 at 8:26 AM
IMAP and ACTIVESYNC are two different protocols:
 
IMAP (Internet Message Access Protocol) is a standard protocol for accessing e-mail from your local server. IMAP (the latest version is IMAP Version 4) is a client/server protocol in which e-mail is received and held for you by your Internet server. You (or your e-mail client) can view just the heading and the sender of the letter and then decide whether to download the mail. You can also create and manipulate multiple folders or mailboxes on the server, delete messages, or search for certain parts or an entire note. IMAP requires continual access to the server during the time that you are working with your mail.  Source: https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol
 

Exchange ActiveSync (commonly known as EAS) is a communications protocol designed for the synchronization of email, contacts, calendar, tasks, and notes from a messaging server to a smartphone or other mobile devices. The protocol also provides mobile device management and policy controls. The protocol is based on XML. The mobile device communicates over HTTP or HTTPS.  Originally branded as AirSync and only supporting Microsoft Exchange Servers and Pocket PC devices, the protocol has since become a de facto standard for synchronization between groupware and mobile devices.

Microsoft licenses the technology. Support for EAS is now implemented in a number of competing collaboration platforms, including GroupWise with the Novell GroupWise Mobility Services software and Lotus Notes with IBM Notes Traveler. Google previously offered support for the protocol for personal Gmail and free Google Apps accounts, but began removing support from all but paid Google Apps for Business subscriptions in 2013.  Beyond on premises installations of Exchange, the various personal and enterprise hosted services from Microsoft also utilize EAS, including Outlook.com and Office 365.

In addition to support on Windows Phone, EAS client support is included on Android,  iOS,  BlackBerry 10 smartphones and the BlackBerry PlayBook tablet computer. The built-in email application for Windows 8 desktop, Mail app, also supports the protocol.  Source: https://en.wikipedia.org/wiki/Exchange_ActiveSync

 
Here's a simplified explanation of the standard behind the ActiveSync protocol:
The basic functionality of the ActiveSync protocol is simple:

1.The mobile device identifies to the mail server 
 - mail server can be Microsoft Exchange or any other mail servers that implement the Exchange ActiveSync protocol
 - not all mail servers support all of the Microsoft Exchange protocols!

2.The mail server sends a list of policies the mobile device must apply.  This capability is not available in all e-mail server software.

The current list of policies available in Microsoft Exchange ActiveSync include:
  • Allow Bluetooth: This setting specifies whether a mobile phone allows Bluetooth connections. The available options are Disable, HandsFree Only, and Allow. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow Browser: This setting specifies whether Pocket Internet Explorer is allowed on the mobile phone. This setting doesn't affect third-party browsers installed on the phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow Camera: This setting specifies whether the mobile phone camera can be used. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow Consumer Mail: This setting specifies whether the mobile phone user can configure a personal e-mail account (either POP3 or IMAP4) on the mobile phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow Desktop Sync: This setting specifies whether the mobile phone can synchronize with a computer through a cable, Bluetooth, or IrDA connection. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow HTML E-mail: This setting specifies whether e-mail synchronized to the mobile phone can be in HTML format. If this setting is set to $false, all e-mail is converted to plain text.
     
  • Allow Internet Sharing: This setting specifies whether the mobile phone can be used as a modem for a desktop or a portable computer. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • AllowIrDA: This setting specifies whether infrared connections are allowed to and from the mobile phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow non-provisionable devices: This setting specifies whether older phones that may not support application of all policy settings are allowed to connect to Exchange 2010 by using Exchange ActiveSync.
     
  • Allow POPIMAPEmail: This setting specifies whether the user can configure a POP3 or an IMAP4 e-mail account on the mobile phone.
     
  • Allow Remote Desktop: This setting specifies whether the mobile phone can initiate a remote desktop connection. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow Remote Wipe: This setting specifies whether the mobile phone can be remotely wiped, either deleting all of the corporate (company) data, or all of the data on the device, by the mail server operator.
     
  • Allow simple password: This setting enables or disables the ability to use a simple password such as 1234. The default value is $true.
     
  • Allow S/MIME software certificates: This setting specifies whether S/MIME software certificates are allowed on the mobile phone.
     
  • Allow storage card: This setting specifies whether the mobile phone can access information that's stored on a storage card. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow text messaging: This setting specifies whether text messaging is allowed from the mobile phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow unsigned applications: This setting specifies whether unsigned applications can be installed on the mobile phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow unsigned installation packages: This setting specifies whether an unsigned installation package can be run on the mobile phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Allow Wi-Fi: This setting specifies whether wireless Internet access is allowed on the mobile phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Alphanumeric password required: This setting requires that a password contains numeric and non-numeric characters.
     
  • Approved Application List: This setting stores a list of approved applications that can be run on the mobile phone. The Exchange Enterprise Client Access License is required to change the values of this setting.
     
  • Attachments enabled: This setting enables attachments to be downloaded to the mobile phone.
     
  • Device encryption enabled: This setting enables encryption on the mobile phone. Not all mobile phones can enforce encryption. For more information, see the phone and mobile operating system documentation.
     
  • Password enabled: This setting enables the mobile phone password.
     
  • Password expiration: This setting enables the administrator to configure a length of time after which a mobile phone password must be changed.
     
  • Password history: This setting specifies the number of past passwords that can be stored in a user's mailbox. A user can't reuse a stored password.
     
  • Policy refresh interval: This setting defines how frequently the mobile phone updates the Exchange ActiveSync policy from the server.
     
  • Maximum attachment size: This setting specifies the maximum size of attachments that are automatically downloaded to the mobile phone.
     
  • Maximum calendar age filter: This setting specifies the maximum range of calendar days that can be synchronized to the mobile phone. The value is specified in days.
     
  • Maximum failed password attempts: This setting specifies how many times an incorrect password can be entered before the mobile phone performs a wipe of all data.
     
  • Maximum inactivity time lock: This setting specifies the length of time that a mobile phone can go without user input before it locks.
     
  • Minimum password length: This setting specifies the minimum password length.
     
  • Maximum e-mail age filter: This setting specifies the maximum number of days' worth of e-mail items to synchronize to the mobile phone. The value is specified in days.
     
  • Maximum HTML e-mail body truncation size: This setting specifies the size beyond which HTML-formatted e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in kilobytes (KB).
     
  • Minimum device password complex characters: This setting specifies the minimum number of complex characters required in a mobile phone password. A complex character is any character that is not a letter.
     
  • Maximum e-mail body truncation size: This setting specifies the size beyond which e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in kilobytes (KB).
     
  • Password recovery: When this setting is enabled, the mobile phone generates a recovery password that's sent to the server. If the user forgets their mobile phone password, the recovery password can be used to unlock the mobile phone and enable the user to create a new mobile phone password.
     
  • Require Device Encryption: This setting specifies whether device encryption is required. If set to $true, the mobile phone must be able to support and implement encryption to synchronize with the server.
     
  • Require encrypted S/MIME messages: This setting specifies whether S/MIME messages must be encrypted.
     
  • Require manual synchronization while roaming: This setting specifies whether the mobile phone must synchronize manually while roaming. Allowing automatic synchronization while roaming will frequently lead to larger-than-expected data costs for the mobile phone plan.
     
  • Require storage card encryption: This setting specifies whether the storage card must be encrypted. Not all mobile phone operating systems support storage card encryption. For more information, see your mobile phone and mobile operating system for more information.
     
  • Unapproved InROM application list: This setting specifies a list of applications that cannot be run in ROM. The Exchange Enterprise Client Access License is required to change the values of this setting.



3.The mobile device applies all policies – for example encrypt the device storage, enforce a PIN code to unlock the device etc.

4.The mobile device notifies the mail server that all polices are enforced

5.The mail server sends to the mobile device a list of all folders the mobile device can sync. (Folders may include the Inbox folder, the Calendar folders, Contact folders, Tasks folders etc.).

6.The mobile device requests the content of each relevant folder. For example, the mobile device requests all emails in the Inbox folder.

7.The mail server sends all required information to the mobile device

8.The mobile device uses direct push technology to receive updates from the mail server
 
 
Again, it's important to remember that IMAP and EXCHANGE are two different protocols.  Exchange requires additional licensing, per user, from Microsoft.
 
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread