If implemented, this still needs to be controlled on a domain-by-domain basis, with a maximum number of ActiveSync licenses available to each domain.
If implemented, the security aspect of "admins" within domains must also be completely re-designed. It is already lax, allowing sub-administrators to change the password, and even remove, the main domain administrator's privileges as domain administrator.
There is a potential for a domain owner to be able to easily abuse a contracted obligation if domain level admins are capable of adding as many ActiveSync accounts to their domain users as they desire.
Phonr: (773) 491-9019
Phone: (224) 444-0169
E-Mail and DNS Security Specialist
Network Security Specialist
Customer Service Portal: https://portal.chicagonettech.com
Security Blog: http://networkbastion.blogspot.com/
Web and E-Mail Hosting, E-Mail Security and Consulting