It is also important to ensure that your environment is running either Exchange 2003 SP2 or Exchange 2007 SP1 or newer. Apple has specifically listed these as requirements, and the iPhone will not function properly, if at all, with earlier versions.
If you are working with Exchange 2003, you will need to download and install the Exchange ActiveSync Mobile Administration Web Tool. The Mobile Administration Web Tool can be used with Exchange 2007 as well, though it's not required; Exchange 2007 has a built-in Exchange Management Console. You might opt to use the Mobile Administration Web Tool if you want to give nonadministrators (such as helpdesk staff) remote wipe or other administration capabilities without giving them full access to the Exchange Management Console.
Managing users' mobile access
From an administrator's perspective, managing access and policies for iPhone users is largely the same as managing access for any other mobile device. Exchange direct push and ActiveSync are enabled by default for all users, meaning that unless you have explicitly changed things, all iPhone users with existing accounts should be able to access their accounts without requiring per-user configuration. (If you rely on iPhone configuration profiles, you should also be able to deploy iPhones to users so that they only need to enter their Exchange username and password -- see Part 1 of this series for details.)
If you are running Exchange 2007, the iPhone also supports Exchange Autodiscovery based on a user's e-mail address.
As with other devices, you can adjust the organizationwide policies or user-specific policies to grant or deny mobile device access. Once a user has configured an iPhone with his Exchange account information and connected to Exchange, you will be able to use either the Exchange ActiveSync Mobile Administration Web Tool or the Exchange Management Console to view additional information about the device, including the last time the iPhone was synced with Exchange, the last time Exchange policies were updated on the iPhone, and the time of the last ping request. You can also use these tools to initiate a remote wipe of a lost or stolen device and view the status of a remote wipe request.
Configuring passcode policies
The only Exchange policies (other than allowing users to access their accounts from mobile devices) that you can enable for the iPhone via Exchange are passcode policies. You can require users to create a passcode that must be entered to unlock the iPhone, specify a minimum passcode length, require an alphanumeric passcode, and specify a period of inactivity after which the iPhone locks automatically.