device security and email using activesync

["Smith, Bob" <smithrj () LONGWOOD EDU>]

In our current setup we only allow the use of a Blackberry device, either university or personally owned, connected to 
our BES for integration with our Exchange system.  All devices must conform to the same set of security policies.  This 
current setup has served us well, but recently the desire to integrate/sync the now large numbers of iPads on campus 
with Exchange has started some research regarding how ActiveSync may play a role in achieving an acceptable level of 
security (remote wipe, lockout, PIN, etc.) for this and other devices.

As part of this research, we are now testing various other devices (iPhone, Droid, iPad, etc.) to see what the actual 
results are and in doing so I was asked to query this group to see what other institutions are doing or have done with 
regard to leveraging ActiveSync for security and access to your email system.

Do you:
-       offer support for all devices or just specific devices and what level of support?
-       allow both institutionally owned and personally owned devices?  Why or why not?
-       require different/same/no security policies for institutionally owned versus personally owned devices?
-       enforce any security policies using ActiveSync or require/encourage the user to manually set them?
-       have any "lessons learned" you would care to share?

Your feedback is greatly appreciated.

Bob Smith
AVP IITS & Information Security Officer
Longwood University