"Bring-your-own-device" has long since become the standard in many companies, perhaps even unconsciously. A correctly configured Exchange Server is very sociable and makes it easy for users to connect any number of devices. Even inexperienced users can synchronize their private smartphone with the company's Exchange server via ActiveSync.
However, this is not entirely uncritical. Private smartphones are not subject to any control, they can be lost or stolen. The devices are often not even protected with a simple PIN. A curious finder can therefore view the company's emails and appointments.
Exchange 2010 does, however, offer options to stem the flood of devices. For example, it makes sense to set that not every user is allowed to synchronize smartphones with their mailbox without the administrator's intervention. The setup is simple:
The ECP can be used to set what should happen when a new smartphone is registered. The ECP can be accessed via the browser at the URL "https://exchangeserver.domain.local/ecp". The "Edit" button is located on the right
There, the connection setting can be changed to "Isolate - Decide for yourself whether to block or allow later", and a user can also be selected to receive an e-mail when a new smartphone is registered.
That is all. If a new device now attempts to connect to a mailbox, the selected user receives an email with a link in which they can allow or block the device.
The procedure is also transparent for the user, who also receives an e-mail informing them that their smartphone is not yet authorized.
The device then ends up in the quarantine list and can be blocked or authorized there.
The device access rules can also be used to control which devices are allowed to connect to Exchange. For example, you can only explicitly allow the smartphone used by the company.
Furthermore, ActiveSync mailbox policies can be used to enforce that the smartphone must be secured with a password; the policies can also be created via the ECP:
However, the settings that apply depend on the manufacturer and smartphone operating system. Here you can find a nice overview of supported functions depending on the software (unfortunately not completely up-to-date):
http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients
or here: