Why does this work? This flag tells the UM server to never send SIP INVITE messages to the gateway for the new call. If there are no gateway objects with the property set to true, then UM will not attempt to place any outbound calls. PoP is the only Exchange UM feature that will result in new outbound SIP INVITE messages; call transfers use the SIP REFER message, so the automated attendant and call answering features will still work. However, this doesn't disable the PoP user interface, so users will still see the buttons; they just won't work when clicked.

I tried the xpath command-line tool, and it did what I expected; "xpath ~/Desktop/EWS.xml //EwsUrl" returned both nodes. Apple's own XMLBrowser sample (in /Developer/Examples/Foundation/XMLBrowser) didn't work properly either, but the XMLMate plug-in for TextMate did. I looked carefully at the Autodiscover sample in the Exchange 2007 SP1 SDK and found that everything looked OK. Then I went back to my main reference for this stuff. On page 780, I finally found the answer in a subtle clue: the book's sample was using an XPath query that included the namespace! I modified my code to look like this:

NSXMLNode *rSpace = [NSXMLNode namespaceWithName: @"r"
stringValue:@"http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"];

[[adResponse rootElement] addNamespace:rSpace];

NSArray *idList = [responseRoot nodesForXPath:@"//r:EwsUrl" error:&err];

Apple has a page with lots of deeper information on the enterprise features of the v2 software. I haven't spent any time with the device management or provisioning bits, nor the VPN support. However, I have spent a lot of time with the Exchange-compatible features, and overall I'd have to say Apple isn't there yet. Windows Mobile still has some compelling features that the iPhone lacks. It's entirely possible that I've just missed some iPhone features; I'll update this post as I learn more (or am corrected).

Update 1: [0017 Monday 7/15] I should point out that Exchange ActiveSync is a protocol that supports lots of different content types and protocol option. Apple, like most other EAS licensees, has implemented a subset of EAS. I'm complaining about Apple's implementation here, not EAS itself.

About the author

Before I get into the meat of my piece, a few words about my qualifications. I've been a Mac user since 1984, an iPhone user since July 8th of last year, and an Exchange admin since 1995. I'm a Microsoft MVP for Exchange and Office Communications Server. My day job involves every possible sort of exploration into how Exchange works, with a heavy focus on mobility. I carry a Windows Mobile 6.1 device daily and rely on it to get my work done. I've been in love with the polish and responsiveness of the iPhone UI from day 1. It's an awesome device for most purposes. However, from my standpoint as an experienced Exchange administrator and WM device wrangler, there are still a lot of missing pieces (or things that are poorly implemented).

E-mail

Let's start with e-mail, which seems like an easy enough application to implement. Apple got the single biggest item right: push e-mail works properly. Mail arrives when it's supposed to, and replies are sent like they're supposed to be. HTML mail displays beautifully. In fact, the overall Mail experience is basically just like it was in v1, for better or worse.

We interrupt this review for a special gripe: Apple, why on earth do you expand the ENTIRE folder list when I want to navigate to a new folder or move a message? This is incredibly inefficient for large mailboxes. It would help a great deal if the Mail application would remember the most recently used folder and jump to it, or (even better) if the folder list were collapsible. Please fix this in the next point release. (Side gripe: why can't I flick left or right to change e-mail accounts, like I can with Safari's page selector?) We now resume our regular programming.

You might think that the iPhone would work well as an offline mail client. You might also think that you should be dating Danica Patrick and that gas should be $1.25/gallon. Bad news: the iPhone's offline story is poor. When the device radios are off, any attempt to move or delete messages results in an error dialog. How lame is that? Did anyone at Apple test a Windows Mobile device to see how it works in this situation? There are a few nice touches, though. For example, a small status line in the main mail view shows you how many messages are queued for sending. At least the software is smart enough to automatically attempt a sync as soon as the network comes back up.

There are a number of other Windows Mobile 6 features missing here: for instance, you cannot flag or unflag messages for follow-up; you can't set out of office messages or timings, and the device will frequently complain if you try to throw away a message that a client- or server-side junk filter has already moved elsewhere. The extremely convenient press-and-hold shortcuts that WM provides (like "d" to delete or "m" for move) are of course absent here, too.

Bottom line: mail is prettier on the iPhone. The devices are tied in terms of sync behavior and performance. My WM 6.1 device has a significant edge in usability speed because of one-handed message selection and movement, plus the press-and-hold keys. I realize that for novice users this speed differential might be much smaller... but I'm not a novice. (And, to forestall any flames: the iPhone keyboard is OK with me. Once I got used to it, it's as fast as a physical keyboard.)

Calendaring

OK, so let me get this out in the open: I can't stand iCal on the desktop. It's so lame compared to Entourage, Outlook, and OWA that I just flat don't use it. The fact that the iPhone's calendar app emulates iCal closely is not a good thing. Color coding of events on the iPhone is driven by where events appear in iCal, meaning that if you sync with Exchange (or Entourage, FTM), your events appear in one color. There's no support for Exchange categories, an obvious omission.

One thing I do like: the default behavior when a new meeting invite appears is to play the calendar reminder sound and show an alert. This is useful because there's no other way to show that you have pending meeting invites. There's a host of weird behavior involving existing recurring events; after your first sync, most of them will show up as "maybe" (which in Apple-speak means "tentative"), even if you've previously accepted them.

Now, on to the really bad stuff. There are several common-- nay, fundamental-- things that you cannot do with the iPhone calendar application. You cannot:

• create a meeting request and invite other people to attend. Without this, the wireless calendar functionality is largely useless unless you're the Unabomber or some other kind of Luddite hermit who never works with others. (Oddly, you can view the attendee status of meetings you create on the desktop!)
• create a recurring meeting unless it is repeated daily, weekly, bi-weekly, monthly, or yearly. That's right-- no more "first Thursday of every month" or "every Monday, Wednesday, Friday" appointments. This is disgraceful. Even Palm managed to eventually get this right, for crying out loud.
• create a meeting in a time zone other than the one you are currently in. I guess you might be able to do this by changing the device time zone, but that doesn't seem like a very good idea to me, and I haven't tried it. I have tried (in vain) explaining why I created a meeting request for 4:30am Pacific time because I forgot my device was still on Eastern time, though.
• view suggested meeting times or free/busy times, either for your own calendar or for others'. That makes sense, given that you can't invite other people, but it's still super lame.
• move to an arbitrary date, in either the future or the past. Say you want to check your schedule for 331 days from now so you can grab some frequent-flyer tickets to Maui. Hit the "month" button, then flick until you get to June 2009. Let's hope you don't need to look at dates in the far future or you'll end up with a pulled tendon or something.

As with the offline mode behavior of the mail app, it's mind-boggling that Apple didn't get these right. We're not talking cutting-edge functionality here. The fourth one is especially egregious because it's been that way since the v1.0 release.

Special note to IMAP users: you can receive meeting invitations as .ics attachments, but you can't open them or add them to your calendar. This is apparently a feature, not a bug. You're welcome. (Special bonus: the Calendar app just died on me as I was looking at my list of pending invitations).

Tasks

The iPhone doesn't include a built-in tasks/to-do application. Windows Mobile 6 has task support baked in, so it has a clear advantage here. Apple missed the boat here, as this is a natural piece of functionality for a mobile device. There are a number of such programs at the iPhone App Store, but none of them seem to support wireless sync. My money is on OmniGroup's OmniFocus, which I've recently started using on the desktop. OK, I admit it; OmniFocus doesn't support sync yet either, but it's supposed to soon, and I trust them based on their track record.

Notes

The iPhone Notes application is anemic and, IMHO, basically useless. (No, I don't mean the iPhone version of Lotus Notes, because it doesn't exist; I mean the built-in Notes application). Given its overall level of uselessness, it's no surprise that it doesn't sync with Exchange-side note items. If server sync is important to you, get Evernote, which has clients for Mac OS X, iPhone, Windows, Windows Mobile, and IE/Firefox/Safari. (Ping me if you want an invite). [Update 2: I use OneNote on my Windows machines, and its sync behavior with Windows Mobile is brilliant: plug in your device, automatically get the client, and then sync "just works". It is not, however, wireless, which is what I need. Plus, there's no Mac client.]

Policy control and security

The first time I synced the iPhone with my home Exchange server, I didn't see two things that I expected. Windows Mobile correctly warns me that I'm using a potentially untrusted certificate, because it's issued by my self-signed root CA. Once the initial sync connection was made, I got a warning that I would have to accept the organization's EAS policy to let sync continue. The iPhone didn't show either of this warnings. I consider this a failure in both cases. Without a certificate validity warning, an attacker could easily mount a man-in-the-middle SSL attack. Accepting the server-side EAS policy without telling the user opens the risk that the user's device will be remotely wiped without her knowledge, or that other policy changes will unexpectedly remove device functionality. Because I'm on the road, I haven't actually tested any of the remote wipe or security policy options because I need the device to keep working until I return home. Look for a follow-up article (in which I will probably complain that the iPhone doesn't support the most interesting new EAS policies of Exchange 2007) later.

As a side note, I fixed the original WM certificate error by adding my domain root CA certificate to the device. There doesn't seem to be a way to do this on the iPhone, although I haven't tested the desktop provisioning utility.

Bugs!!!1!

Are there bugs? Yes, in fact there are. The most noticeable one for me is Apple's refusal to use IMAP EXPUNGE to properly remove items. This makes it very frustrating to use an iPhone for IMAP access to an account that you use with Outlook or Entourage elsewhere. There are other bugs, too. For example, when you "reply all" to a message, your sending address is included as a recipient. I already mentioned the way that previously-accepted repeating events act, but I am too busy/lazy to come up with a detailed repro case.

Where to learn more

Apple's got a decent "quick start" page explaining how to set up Exchange ActiveSync for use with the iPhone, and the Exchange team has a more detailed post on the Exchange team blog. I suspect the comments for this post will be a fertile ground for updates, too. [Update 3 @ 1944 7/15: my main main Omar has a wiki that chronicles bugs in the iPhone Exchange integration here.]

Then I came home, where Arlene and I completely redid the living room: we painted all the walls, hung the TV on a wall mount for the TV, and installed a new TV stand. Of course, none of the steps were actually that simple. For example, I'd read that Behr Silver Screen made a good projection surface, so I painted one wall with two coats... only to find out that it was not a good projection surface. Four coats of eggshell white later, I was ready to move on to the other walls. The carpet installers came yesterday, so we're officially finished with that room (except for the speaker stands, which aren't here yet).

Then the boys came back from their trip to Louisiana, so it was back to normal life for a day, then it was time for David's Boy Scout camp. While he was gone, Peter, John, and Paul Flynn from 3Sharp came to town for our quarterly meeting; along with watching some truly excellent thunderstorms, we got a ton of work accomplished. It's amazing what you can do with four smart guys locked in a room for two days.

Now we're having a temporary lull before the big fireworks on the 3rd and our whale-watching trip to Seattle next week. I'll try to blog somewhat more regularly, but no promises.

The answer, which I found here, is to override a private, unsupported, category method, allowsAnyHTTPSCertificateForHost. Just call it with the FQDN of the host whose certificate errors you want to ignore and you're golden.