I'm just running some tests to see if the 'direct push' solution is suitable for our company. I've run into a few concerns around security. I'm hoping I can find a way around these issues otherwise they will be show-stoppers for us, any help appreciated: 1) I want to enforce strong password use on users devices. I can see how to enforce this to all users. The issue is that at the moment I can't see any way to stop end users setting a password 'hint' for themselves on the device that is too obvious (or just contains their password). I've noticed this 'hint' pops up conveniently on the device after a number of failed password attempts (presumably for any 'would be hacker's convenience). How do I enforce the password hint to be off on the device? 2) How can I only enable the 'direct push' service for certain users or groups of users. I don't want to switch everything on to all users all at once and I want to have a rough idea of who is using the service. The only way I can see is to enable on a global level and then disable all users who I don't want to have it in AD. Any ideas how I can do this more efficiently? 3) If users untick the 'This server requires an encrypted (SSL) connection' box on the server settings screen in Activesync, does that mean that their AD credentials will be winging their way over the air in clear text / unencrypted? (Granted they won't be able to sync because we don't allow unencrypted connections but I'm worried about the possibility of those credentials being out there.) 4) Is there any way I can stop users saving attachments to an SD card? Again, I'm concerned because if users switch this on then those files will still be there after a 'remote wipe' (which doesn't touch the SD card as far as I can see) and the attachments are likely to be sensitive. Thanks in advance for any help you can provide. K
