When TouchDown is configured in ActiveSync protocol, it supports enforcement of relevant Exchange ActiveSync policies.
NitroDesk, Inc. recommends ensuring that your server is SSL-enabled, and not accessible through non-SSL connections. TouchDown utilizes HTTPS/SSL for communications with the server when the server is configured for SSL encryption. This ensures that your information cannot be compromised in transit between your device and the server.
TouchDown honors the PIN policy with the following additional controls that the administrator may set:
- Require password
- Require alphanumeric passwords
- Minimum complex characters
- Enable password recovery
- Allow simple password
- Number of failed attempts allowed
- Minimum password length
- Password timeout
- Password expiration
- Password history
TouchDown supports the remote wipe command which may be issued by an adminitrator or a user in the event that the device has been lost or stolen. This remote wipe process deletes all the corporate data held inside TouchDown as well as any attachments under its control.
TouchDown honors the data encryption policy by encrypting the sensitive fields in Email, Calendar and Contact entries that are stored on the device. TouchDown employs AES-256 encryption for sensitive data held on the device.
SD Card Encryption
Android does not support an encrypted file system on the SD card. If the server requests SD card encryption policy, TouchDown honors that by encrypting the attachments downloaded to SD card using AES-256 encryption. If the removable card encryption policy is enforced, moving the SD card from one device to another renders the downloaded attachment files unreadable.
Email-Initiated Data Wipe
TouchDown now includes the ability for the user to set a Remote Kill Code (press Remote Kill button in the last tab of settings) as well as a notification SMS number. When an email is received (regardless of connection mode), if the subject contains TDKILL:(replace with the specified code), TouchDown will wipe its data and optionally send an SMS confirmation to the specified number.
This feature is for those users who either don’t use ActiveSync, or does not have an administrator readily available to do a remote wipe. Simply sending an email to your account with a specially crafted subject from another account will cause the device to lose the TouchDown data. You can also get some assurance by specifying another phone number to send an SMS message confirming the wipe.
Enterprise Configuration Extensions (NEW)
With TouchDown V7 and above, administrators can define additional security policies beyond those supported by the exchange server, simply by placing an XML file in a virtual directory on the same IIS server that serves ActiveSync. Read more here.
Support for Signing Certificate on SmartCard (NEW)
With TouchDown V7.1 and above, TouchDown can use certificates stored on Certgate™ smartcards for email signing and encryption.