Administrators can configure Device Management security policies for users to ensure that all devices connecting to the Exchange server meet a minimum security level before ScanMail Mobile grants access to any sensitive data. Security policies allow administrators to set standards on password strength, device inactivity times, and encryption. If a device does not comply with these standards, ScanMail Mobile blocks access to the Exchange server.

Administrators can further protect the Exchange server by configuring behavioral rules for devices. When devices are inactive for a specified time, ScanMail Mobile can automatically lock the device to prevent access by unauthorized individuals. When a user unsuccessfully tries to sign in to a device for a specified number of times, ScanMail Mobile can perform a wipe action on the device to protect the data stored on the device from whoever is attempting to gain access.