I've just rolled out Exchange 2010. I've a policy that if people want to use ActiveSync on their personal phones, then they must have MDM installed and agree that I have the power to remote wipe their phones. A few users are unhappy with this.
From a security point of view, I get the need to have remote wipe capability. I get the need to use MDM rather than just use Exchange's limited remote management functionality (I use Meraki). I also get users' reluctance to cede such power over their personal phones.
A solution is to just tell those users to use OWA through their phones' browsers.
From a security point of view, what are the main differences between OWA and ActiveSync? It seems that ActiveSync is very locked down and managed (I can control which devices can use it, I can manage those devices), whereas OWA is a free-for-all (any computer or phone can be used and isn't monitored or managed at all).
ActiveSync enables offline viewing - so if a phone is stolen and I don't wipe the phone, e-mail will be viewable even if the account is disabled. So this is perhaps a greater security risk than OWA? Then again, doesn't Blackberry use OWA to convert messages and download permanently to the phone?
Am I doing the right thing in telling users to either install MDM or use OWA?