Device Encryption on Apple iPhones

Following up from my last post on enforcing security policies devices such as iPhones, I thought it might be worth clarifying how iPhones deal with encryption.

Essentially iPhones from the 3GS onwards are encrypted by default, this isn’t something the end user or administrator can control.  Earlier devices such as the iPhone and iPhone 3G do not support encryption at all, they’re simply not powerful enough apparently (Apple told me this!).

So if you use Exchange and wish to set the encryption security policies onto iPhones the ‘Require Encryption on the Device’ doesn’t actually do much in of itself – the device is either already encrypted or just can’t be.

Where it is useful is if you wish to block access to devices that cannot be encrypted.  In this case you simply set the ‘Require Encryption on the Device’ policy and uncheck the ‘Allow Non-Provisional Devices’ policy.  The iPhones will report back their support for encryption and Exchange uses this to evaluate whether they should be allowed on not.  So iPhone’s and 3G’s will be blocked.

Further info on iPhone support for Exchange ActiveSync Policies can be found here.


  • 1 Kenneth

    Posted Oct 20, 2010 at 7:29 pm

    I believe the sentence “So iPhone’s and 3GS’s will be blocked” isn’t correct, and you meant to say “So iPhone’s and 3G’s will be blocked” – right?

  • 2 Tom Basham

    Posted Oct 20, 2010 at 9:01 pm

    You’re quite right, I’ve now fixed it!

One Trackback

  1. By Mobile Banking Redux on Dec 21, 2010 at 8:33 pm

    […] Your photos of checks and other sensitive banking data may be stored on your phone’s memory expansion card. Even if the phone itself is secured with encryption, the card probably isn’t. You should set up the card to automatically encrypt data. Note that some older phones don’t have enough power to run encryption software. If you have a BlackBerry, learn how to secure it here. iPhone users click here. […]

Post a Comment

Your email is never published nor shared. Required fields are marked *