2.16 Set 'Require encryption on device' to 'True'

Information

You can use this setting to require device encryption. Configuring this setting to require device encryption increases security by encrypting all information on the storage cards for the device.

Rationale:

Unencrypted data on mobile devices is vulnerable to attack. Requiring ActiveSync encryption helps to minimize the risk of information being compromised in case a mobile device is lost.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-MobileDeviceMailboxPolicy -Identity default -RequireDeviceEncryption $true

See Also

https://workbench.cisecurity.org/files/1512

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-19

Plugin: Windows

Control ID: c50a014fea108e8e6ee4ae273ff52b2531c49675315c44ac640552d22bd73a6b