Question : Exchange 2003 and Mobile phone Syncing/Security Best practice?

I'm working on devising a policy and setup route for officially supported phone syncing between employee purchased phones and company  exchange 2003.  I'm looking for tips and best practice advice/direction.

Current setup is a front and backend server within the lan, same machine no front end out in the dmz.  I have OWA with a commerical SSL setup. Remote laptop user are also setup to use rpc over https, while everyone has access to outlook 2003/07 client and owa.    

While I setup the CEO iphone last year b/c he's the CEO I wanted to offer full support after I figured out truly best way to provide access.  E.g. Should POP and IMAP stay disabled for security reasons, should Active sync ready phones be the only option I support?  I'm going for the latter.    ANything else I should be worried about in the configuration?   I've got users, managers with Iphones, Droids, HTC tilt2, and BLackberrys.  We have no plans to implement a blackberry server or the lite version.

Thanks!

Answer : Exchange 2003 and Mobile phone Syncing/Security Best practice?

Definitely only support ActiveSync devices.  Blackberry devices can still connect using the Blackberry Internet Service (using the URL of OWA).

I would go ahead and disable the POP/IMAP services in Exchange as well as make sure the ports are blocked on the firewalls.

It's too bad you don't have Exchange 2007 of 2010--it gives you the ability to enforce lots of device settings such as device passwords (great for when the user loses their device and you want to prevent someone who finds it from having full access to their mailbox) or disable certain device features (such as the camera, removable memory slots, or the installation of certain programs).  Also it gives you the remote wipe feature.

I want to say though that Exchange 2003 had that remote wipe capability as well, but I'm not 100% sure.  I know it required downloading/installing a mobile device utility from Microsoft.