03-08-2013 11:21 AM
We are scrambling to put out a BB10 server for a customer and are at the testing phase, playing with the limited policies we can (can't wait for advanced server).
We have noticed this: when you connect the z10 to the BES, you have the options for enabling/disabling the work area password, but by default the phone will use the users Active Directory password as the phones master password.
Is there any way to disable this? Other than making the work password the master password, which is probably what we're going to do.
Yes, this goes against most security setups, but these users specifically want the ability NOT to lock their phones. Yeah, I know.. I'm against it too, but they've been warned before - thankfully we can remote wipe the phones when they 'lose' them.
03-09-2013 03:06 PM
By default no device password is needed. It will prompt for your AD password when activating/pusing out an EAS profile if you're using AD credentials for auth. But this shouldn't be needed on an ongoing basis once verified unless it changes. This can be avoided if you setup a SCEP server and use certificate authentication.
A device password would only be needed if enforced through it policy.