how to disable remote wipe for Exchange 2010 ActiveSync?
When connecting android mobile devices to Exchange ActiveSync some require granting device administrator privileges which permit an exchange administrator to remotely wipe the phone. The warning messages are scaring some mobile users and turning them away from using Exchange ActiveSync altogether.
How can I disable his functionality on Exchange Server 2010? [security breaches are not an issue here]
Solution 1:
UPDATED (again)
The short answer to your question is NO.
Outlook/Exchange clients either are capable or aren't capable of Remote-wipe. The Exchange policy simply expects that they support that feature.. If the phone supports Remote-wipe and you've accepted the policy (by being a so-called "Provisional Device"), then Exchange may send a request to wipe the phone (on behalf of the Admin or the user may request it from their web/PC logged in account.)
If your users want to be sure their email won't get wiped then they need to find an Exchange client that doesn't support remote-wipe and convince you to drop that as a requirement from your policy (By turning on AllowNonProvisionalDevices). Period. There is no other way to "turn it off".
Features of the client can't be disabled by the server, they can just be required by it. And in this case it seems the requirement is part of Exchange Sync in general. :-( I don't see anyway out of it.
The policy on Exchange says "if you don't agree with these settings, you don't get email" and then has a list of settings. You can also set "AllowNonProvisionalDevices" to ON which will allow devices that reject the policy to still get email.
As other have said, the message from the client to the user on the phone isn't configurable so you never know if it will STILL scare them even though you've turned that request off.
http://technet.microsoft.com/en-us/library/bb123484.aspx
and here is the link to how to create a new policy and apply it to users: http://technet.microsoft.com/en-us/library/bb124120.aspx
Solution 2:
I think your biggest issue is not going to be disabling your ability to remotely wipe from the server, but the permissions the Active Sync app requests on Android. From my understanding, many of the apps request that permission whether the policy is enabled on the server or not - because the policy can be changed after the Sync is established.
So I think you're running into a political/PR issue more than a technical one.