This article is aimed at upper level management decision makers for small and medium sized business.
Exchange has some awesome features, and one thing I had never considered was the following:
An employee has a personal mobile phone, onto which he has asked to have his corporate e-mail account, his manager thinks this is a perfectly reasonable request and calls me in to set it up. Employee then leaves company, manager wants mail off the phone. Now Exchange can cope with exactly this. However, it does it in rather a sledge hammer nut kind of way, when adding the account to the phone, you will see a pop up screen which outlines the powers the phone is allowing the exchange server, when you issue a remote wipe from the exchange server it assumes the phone is a corporate device and factory resets it, including any data stored on it.
So now you have effectively protected your company but trashed the data of the ex-employee. It is therefore imperative that any such device that is not owned by the company has a waiver signed by the employee to the effect of, on termination of employment the telephony equipment must either be surrendered to the company in order that company data may be erased, or by issuing the company power over all data on the device to be destroyed at will, via wireless sync. If this is not acceptable then the request for mobile based e-mail on a personal device should be refused or if necessary the company should provide a company owned device for this purpose.
Please lets think about this before we jump in to these things.