I'm looking for help. When I connect to my company's exchange server, it forces down policies that turn off data when roaming, and requires a 6 digit pin to be entered in at least once every 15 minutes. My phone is rooted, running DarkDroid, deodexed and debloated. I'm trying to find a way to remove that PIN requirement. As to sync to exchange without allowing the sync to be a phone administrator. Can anyone help me with that?
Sounds like an inherited setting that your company has synced to it when you synced your company account to it. My dad's droid x acts similarly, and so does my D3 with my school email. Allowing the phone to sync with a corporate account allows for them to do things like that (like in my case it would be remote wiping, not a forcing of certain data services).
Yes, but with a rooted phone, I should be able to maintain the email without using their policies. That's my goal. And remote wipe is indeed in effect. Its very upsetting.
ChristianPreachr said:
Yes, but with a rooted phone, I should be able to maintain the email without using their policies. That's my goal. And remote wipe is indeed in effect. Its very upsetting.
Click to expand...
Click to collapse
I'm actually an e-mail administrator for my company and am interested in this thread, as this would be a huge violation of security policies and would create a HUGE risk, which would require us to re-evaluate our mobile device policy.
A potential work-around for your issue might be to use TouchDown, I think there is a way to only prompt you for the passwords only when you open up work related emails.
I only hope your not from my company. Tho I'm certain there's a way to spoof the exchange server. It only needs to think that I have the policies. It doesn't check as the policies can't be removed while the account is active. Ill update this when I figure it out....and I will figure it out.
Sent from my DROID3 using XDA App
There is an app in the Market called "Enhanced Email" that I have been using since the OG droid came out. It allows you to sync an exchange account and bypass exchange security policies. It is a paid app, but worth it for what it does. You set up the account using the web access url and it works beautifully.
Sent from my XT862 using XDA App
Bottom line is if you don't want to have a pin, etc, don't sync email to exchange. Either abide by the rules or don't use the service.
Try an imap connection instead?
Or get your company to use Good. We do.
Sent from my DROID3 using xda premium
jediman said:
Bottom line is if you don't want to have a pin, etc, don't sync email to exchange. Either abide by the rules or don't use the service.
Try an imap connection instead?
Or get your company to use Good. We do.
Sent from my DROID3 using xda premium
Click to expand...
Click to collapse
Abide by the rules or don't use it, then you suggest another method of connection? Irony much?
That said, rules don't bother me. The fact that they can remote wipe my device based off a pin bothers me. Limiting my control over my device bothers me. You're right, I don't have to use it. But I want my cake and eat it too. And by all means, I'll have my cake!
FOUND!
There's an email apk that completely removes the security from the app. Can't enforce that which does not exist. I doubt there's a way "rectify" this without creating your own email app that you would push to a device.
http://www.droidforums.net/forum/droid-hacks/141253-email-apk-without-exchange-security.html
Related
My company only allows Iphone's to use active sync. I connected my GT-I9000 to active sync and the company sent me an email asking me to remove active sync from phone, that i was using an unapproved device.
Is there any way to have my phone report to Active Sync that it is an iphone and not an android?
brbjr said:
My company only allows Iphone's to use active sync. I connected my GT-I9000 to active sync and the company sent me an email asking me to remove active sync from phone, that i was using an unapproved device.
Is there any way to have my phone report to Active Sync that it is an iphone and not an android?
Click to expand...
Click to collapse
touchdown gives you this option in the settings. not sure about the stock client though. would probably be doable with some hackery
brbjr said:
My company only allows Iphone's to use active sync. I connected my GT-I9000 to active sync and the company sent me an email asking me to remove active sync from phone, that i was using an unapproved device.
Is there any way to have my phone report to Active Sync that it is an iphone and not an android?
Click to expand...
Click to collapse
I would recommend not using ur phone.
As of today, android isn't secure. Even a layman with knowledge of android can get all info on ur phone. This is why companies are not supporting android devices.
If u circumvent this restriction and still try to get set up, it could lead u to getting fired.
Note: Companies these days tolerate an incompetent employee more than an employee who poses a potential security risk. And using android phone when it is not supported could be considered a security risk.
Edit: Here is one of the links on Google android support where there are numerous requests for security support for android.
Code:
http://code.google.com/p/android/issues/detail?id=11211
Trying to get an exchange account set up for my friend on her Incredible and it basically just keeps saying it's an invalid username/password. Both are correct though, for sure. Any reason this isn't working with the proper information put in?
Sent from my SGH-I897 using XDA App
Mine works perfectly...
Do you want to try to put the domain name in front of the username?
That doesn't seem to work. I'm more apt to believe it's a server problem rather than a phone problem but it's not like I can go check anything out since it's not my workplace.
In my experience, getting
android exchange clients to work with corporate servers can be a bit hit and miss, I think its down to security restrictions placed by the server administrators. I found that the stock exchange client would not work for me, Touchdown used to work until my company blocked it, but now I use Moxier which works perfectly (but costs about £12, but worth it).
I have two ActiveSync exchange accounts I need to set up...one sets up fine (no domain) but the other continues to error out. They are the same settings I used on my Droid Charge for the two weeks I had it, the same settings I used on my G2 for the year I had it, and even works in Touchdown on the D3, but not on the standard software on the phone...
Anybody else successfully setup an exchange account with domain?
Code3VW said:
I have two ActiveSync exchange accounts I need to set up...one sets up fine (no domain) but the other continues to error out. They are the same settings I used on my Droid Charge for the two weeks I had it, the same settings I used on my G2 for the year I had it, and even works in Touchdown on the D3, but not on the standard software on the phone...
Anybody else successfully setup an exchange account with domain?
Click to expand...
Click to collapse
I set mine up with domain, as I did a thousand times on Tbolt. Piece of cake. Immediately go into manual of course and go from there. I have not set up two accounts however.
Are you using a self signed SSL certificate? I'm waiting back for official word from Motorola, but I think the Droid 3 doesn't support it, which makes no sense since every other droid has (and Android in general).
I fear for what Blur is going to do to this phone.
lol, the blur on this phone is better than any android skin or aosp... by far.... and i'm coming from a DX and hate blur.
I've had a droid since day one, I can't wait to get asop or cyanogen running on this. I love the hardware and speed of the phone, but after running cyanogen the last 1+ years, its hard to live with the stock moto blur
I agree, cant wait to get CM on this. The bloatware sucks, and although the phone is fast I know it would be a lot faster on CM....
for now though, I'm actually not annoyed with blur (yet)
neonerz said:
Are you using a self signed SSL certificate? I'm waiting back for official word from Motorola, but I think the Droid 3 doesn't support it, which makes no sense since every other droid has (and Android in general).
I fear for what Blur is going to do to this phone.
Click to expand...
Click to collapse
I'm not sure, I just know that SSL is needed for the account settings to work, and that my account works fine in Touchdown, but when I set it up in the stock "email" app, it errors out. And yes, I'm connecting manually and inputting the correct server address...
Code3VW said:
I'm not sure, I just know that SSL is needed for the account settings to work, and that my account works fine in Touchdown, but when I set it up in the stock "email" app, it errors out. And yes, I'm connecting manually and inputting the correct server address...
Click to expand...
Click to collapse
Im getting the same issue, trying to load up my regular email account.
I manually put all the right values in, as I have in the desktop email program, thunderbird, to no avail.
Anyone got a clue what is wrong?
I was able to sync my work exchange account no problem, went pretty easy.
What are you guys trying to connect to?
Exchange Server ? Do you know what version?
lordgodgeneral said:
I was able to sync my work exchange account no problem, went pretty easy.
What are you guys trying to connect to?
Exchange Server ? Do you know what version?
Click to expand...
Click to collapse
Just my regular ISP's email account.
UPDATE: Went to my ISP's site for instructions. Seems on the android, Mediacom wants secure authentication to retrieve emails.
Thunderbird doesn't require that to log in, for some reason.
Touchdown, which works with this account on the D3 btw, says this:
Connection Mode: ActiveSync ONLY
"Uses SSL" and "Fetch and trust certificate (not recommended)" are both checked.
When I go to Refresh ActiveSync Settings in Touchdown it says:
Versions:Microsoft-IIS/7.0,1.0,2.0,2.1,2.5,12.0,12.1
Policies:SET
Again, this email account has been properly setup on:
Droid Charge running 2.2
T-Mobile G2 running CM7 and CM6
T-Mobile MyTouch Slide running CM7
Yet, when I put in the settings into EMAIL on the Droid 3 it comes back with "Error: Count not connect to server."
Ive noticed one thing with exchange emails the last couple days and wanted to see if others were having it.
Has anyone had emails cut off, like its only loading some of the message. I get daily email updates on some xda threads, and it seems if they are very long it cuts it off and you can't read the whole message. Didn't have this problem on my old droid so must be something in motorolas new setup.
lordgodgeneral said:
Ive noticed one thing with exchange emails the last couple days and wanted to see if others were having it.
Has anyone had emails cut off, like its only loading some of the message. I get daily email updates on some xda threads, and it seems if they are very long it cuts it off and you can't read the whole message. Didn't have this problem on my old droid so must be something in motorolas new setup.
Click to expand...
Click to collapse
I've seen it, but I'm not seeing it right now when I check my email. Perhaps I changed a setting but I do remember having to select something to see the rest of the email.
Should i contact motorola?? Why should i have to pay $20 for touchdown because they put a defective email client on the phone?
Code3VW said:
Should i contact motorola?? Why should i have to pay $20 for touchdown because they put a defective email client on the phone?
Click to expand...
Click to collapse
Motorola's software isn't defective and works as intended. The corporate sync doesn't trust self signed certificates. But there are ways to work around this and later set the account to not verify it's certificates. First you need to either setup the account while on wifi on the same network or setup activesync to answer http requests. Meaning allow insecure connections. Once you do this you can setup the account insecurely, then goto settings -> accounts -> the email account in question and deselect the verify certificates option. Yes I agree that motorola is a pain for doing this, but the device is actually more secure disallowing self signed certificates.
I have to use K-9 Mail for my corporate, since Motorola doesn't support self-signed certificates.
spruleme said:
Motorola's software isn't defective and works as intended. The corporate sync doesn't trust self signed certificates. But there are ways to work around this and later set the account to not verify it's certificates. First you need to either setup the account while on wifi on the same network or setup activesync to answer http requests. Meaning allow insecure connections. Once you do this you can setup the account insecurely, then goto settings -> accounts -> the email account in question and deselect the verify certificates option. Yes I agree that motorola is a pain for doing this, but the device is actually more secure disallowing self signed certificates.
Click to expand...
Click to collapse
I cannot setup the account while on the same wifi network, as there is no wifi allowed on that network. How do I "setup activesync to answer http requests?" Thanks for the above info and your help in the future with this.
If its any conciliation I cannot get my work mail to sync regardless of allowing or disallowing the self signed certificate. I will have to try it over WiFi to see if that helps, and I wasn't trying to use exchange either.
I do however consider the mail client defective as I did not have this issue on previous Moto Android 2.2 devices.
I love the idea of OK Google Now, but have been told that it won't work if you are running an Exchange email account. Apparently, when you talk to it, you have to manually unlock the screen before it will do its thing.
Here's my question. Is there a way to disable the lock screen, so OGN can work hands free?
Thanks in advanc.
Use touchdown for exchange instead of native email app... even if it didn't do this I would recommend it.. Best exchange integration since leaving Blackberry..
Sent from my XT1060 using Tapatalk
johnmolino said:
Use touchdown for exchange instead of native email app... even if it didn't do this I would recommend it.. Best exchange integration since leaving Blackberry..
Sent from my XT1060 using Tapatalk
Click to expand...
Click to collapse
Do you, in fact, know whether Touchdown doesn't require a lock screen?
Thanks.
drjim said:
Do you, in fact, know whether Touchdown doesn't require a lock screen?
Thanks.
Click to expand...
Click to collapse
Touchdown has it's own pin screen separate from the phones lock screen. So it still fulfills the Exchange requirements without locking up your phone.
bclenney said:
Touchdown has it's own pin screen separate from the phones lock screen. So it still fulfills the Exchange requirements without locking up your phone.
Click to expand...
Click to collapse
So, "OK, Google Now," will work hands-free without having to manually unlock the Moto X if I use Touchdown?
BTW, I'm buying a Moto X tomorrow, thus the questions.
Much appreciated.
On the topic of the email client and Exchange Active Sync, the only OK Google Now function that works with a PIN or password lock screen is to make phone calls. I have the Moto X with an Exchange account set up using the default client and all I can do hands free at the lock screen is make phone calls. I'm no expert but one would think an Exchange Active Sync policy to enforce a lock screen PIN or password is determined by the account set up and not by the email application used. Just my 2 cents...
Sent from my XT1058 using XDA Premium 4 mobile app
drjim said:
So, "OK, Google Now," will work hands-free without having to manually unlock the Moto X if I use Touchdown?
BTW, I'm buying a Moto X tomorrow, thus the questions.
Much appreciated.
Click to expand...
Click to collapse
Touchdown sets up its own little sandbox that all the activesync policies will be applied to. So you can use the rest of the phone without locking if you choose. There are also Exchange policy bypass solutions out there if you have root.
detmar said:
Touchdown sets up its own little sandbox that all the activesync policies will be applied to. So you can use the rest of the phone without locking if you choose. There are also Exchange policy bypass solutions out there if you have root.
Click to expand...
Click to collapse
I found that I could select None in the Security settings to bypass the lockscreen. So, now I can just say OK, Google Now and everything works flawlessly.
Problem solved!
For those who have enforced security settings, like me, selecting None, or anything your IT guys don't allow, won't be an option. In that case you can root, install Xposed, and then one of the Exchange security bypass modules within Xposed. If you already have the security restrictions in place, remove and re-add the Exchange account from your phone.
I went through all this just so I could use a NFC Skip tag in my car's holder with Google Now. I still use a PIN as only an idiot would walk around with a completely unlocked phone all the time.
Sent from my Nexus 7 using Tapatalk 4
I use the stock Exchange app and don't love the restrictions that it put son my device (because it takes the functionality of the phone away). I looked at Touchdown as a replacement, but it doesn't seem to integrate the calendar. I don't really care much about reading my email on my phone, I mostly just delete stuff I don't need or see if there is something real urgent to go to my PC for.
What I do value a lot from it is my calendar. I have my Outlook calendar synced as well and it merges with my Google calendar (and my girlfriend's Google calendar) in my agenda widget on my home screen.
That said, are there any good apps (free or pay) that can do an Exchange calendar only, and potentially don't require the same restrictions as the full setup? OR, can I get the calendar from Touchdown to integrate into my Google Calendar app/agenda widget somehow?
I suspect it probably isn't possible, but I'd love if it was.
I'm running Gear Manager 1.5.120903 and Software UAMK7 on Note 3. I'm considering returning my gear because i don't not get full body notifications from Touchdown, my work email exchange client, I do get the title of the emails but to see the full body I have to go manually into the app on the watch. On the other hand gmail works just fine. Any fixes?
I understand the Sony SWII gives full email content notifications.
I believe that it is because your Outlook server has security settings that make it that way. Mine did. Also made it so I had to have a lock screen with a pin code to unlock.
I Google searched Outlook no pin for android 4.3 and found a solution that worked. I had to flash a zip file.
Anyways. I think the issue is with your email server. Not the watch...
TroyLeeWells said:
I believe that it is because your Outlook server has security settings that make it that way. Mine did. Also made it so I had to have a lock screen with a pin code to unlock.
I Google searched Outlook no pin for android 4.3 and found a solution that worked. I had to flash a zip file.
Anyways. I think the issue is with your email server. Not the watch...
Click to expand...
Click to collapse
Thanks but can't root my phone as IT can tell. However why does Sony S2 work? Just bought one today and the touchdown email comes thru as a notification complete with entire email body
My company changed over to requiring Maas360 and TouchDown for accessing the 2010 Exchange Server. I poked around through the TouchDown settings to find the new server address and was able to setup my work account using the stock email app. TouchDown is still installed but pretty much disabled. I have had no issues with my work email account and get most of the email body on my gear. Don't know if this will work for you, but it's worth a shot.
Sent from my SAMSUNG-SM-N900A using XDA Premium 4 mobile app
mhonard said:
Thanks but can't root my phone as IT can tell. However why does Sony S2 work? Just bought one today and the touchdown email comes thru as a notification complete with entire email body
Click to expand...
Click to collapse
I'm fairly certain that this is because Touchdown isn't specifically designed to work with the Gear, and as a result it's just trying to do its best. If Nitrodesk updated their software to specifically communicate with the Gear it'd work ok. You may want to send them a request email, I'm probably going to.
[email protected] said:
My company changed over to requiring Maas360 and TouchDown for accessing the 2010 Exchange Server. I poked around through the TouchDown settings to find the new server address and was able to setup my work account using the stock email app. TouchDown is still installed but pretty much disabled. I have had no issues with my work email account and get most of the email body on my gear. Don't know if this will work for you, but it's worth a shot.
Sent from my SAMSUNG-SM-N900A using XDA Premium 4 mobile app
Click to expand...
Click to collapse
WOW this was great advice So Simple never thought to give it a try or even considered it would work. I now have complete email messages on my gear thru exchange. Thanks