Securing mobile devices access to an on-premises Exchange Server infrastructure without a hybrid setup is not complicated when using a single-vendor strategy. You simply implement a Mobile Device Management Solution and you are done. Enterprises doing business in the high security industry tend to follow a multi-vendor strategy to reduce the risks due to security flaws in third-party devices.
ENow Software's Exchange blog built by Microsoft MVPs for IT/Sys Admins.
One of the largest challenges many organizations face is how to secure email. Industries such as healthcare and financial have government regulated policy to adhere to such as HIPPA and Sarbanes Oxley. So how do we ensure that our users are not sending out information they shouldn’t be from their desks or mobile devices? Also with the emergence of Bring Your Own Device (BYOD) securing company data is become even more important than it has in the past.
Information Rights Management
Over the years there have been many options that we have been able to consider. First, let’s look at Information Rights Management. This is a great product from Microsoft that allows the administrator or user to control what can be done with their email. For example, if I send you information that may be somewhat confidential in nature I can put a restriction in place that prohibits your ability to forward or print this message. Even better yet the message is transferred in an encrypted state. As Microsoft continues to work on Information Rights Management the feature set is improving. From a BYOD perspective they are even able to support Outlook Web App and Exchange Active Sync with the newer versions of the Exchange product. The largest downfall of this application is that it will only protect messages internal to an organization. You will need a two-way federated trust between your Active Directory forest and any other organizations Active Directory forest in order to send messages to that external entity.