The way that Blackberries are done, every mobile device must have an account created and then given an activation password prior to syncing which effectively prevents unauthorized devices on the network.
Based on what I've read, it appears that by default all devices can connect to ActiveSync providing you don't have it 1) disabled; 2) don't have the policy setting preventing any device that cannot support ActiveSync to be prevented from accessing Exchange.
So the question is who do I let on some devices but not others?
I read something about blocking policies, should I be selecting devices by group and setting up a block on each device type? Or is a way to block by default and allow only the ones I want on?
Or what's the best way to accomplish this?