• Illustration: Outlook 2007 vs. Exchange 2007 OWA

Exchange 2007, the successor to Exchange 2003—Microsoft's e-mail server software for organizations—and its Outlook 2007 client contain many new features that directly benefit end users. In addition to unified messaging (UM)—features that integrate e-mail, voice mail, and faxes—the new products will also give users better mobile access, spam blocking, and calendaring. Unlike UM, which will cost extra, the other new features come standard and should help win end-user support for upgrading from earlier versions of Exchange. However, rights to install Outlook will no longer be included as part of the Exchange client license.

This article does not cover new features in Outlook 2007 that are independent of Exchange 2007, such as RSS support for subscribing to blogs and other Web content; these were detailed in "Outlook 12 Adds Internet Hooks" on page 24 of the Jan. 2006 Update. Furthermore, Exchange 2007 also includes new capabilities that will primarily be of interest to IT departments, and new compliance features that help organizations meet business document-retention regulations. These features, plus an in-depth look at UM, will be covered in future Update articles.

Improvements to Mobility Features

Like its predecessor Outlook 2003, Outlook 2007 is designed to work well for remote users connecting from the Internet. Client side offline message storage and the RPC-over-HTTP feature (now called Outlook Anywhere) replicate items between Exchange and Outlook securely over the Internet, thereby allowing Outlook to connect to Exchange without a virtual private network (VPN) connection, and users can work offline when an Internet connection is unavailable. New to Outlook 2007, the offline store can keep local replicas of files checked out from a SharePoint 2007 document library, making it easier to work on these documents while offline.

However, Outlook is a "thick client" application that must be installed on users' PCs, which frequently rules it out for users connecting from public or home PCs. Fortunately, Exchange provides two alternatives aimed at mobile users: the Web-based Outlook Web Access (OWA) client and Server ActiveSync, a protocol that enables wireless synchronization with Windows Mobile phones and other phones that support the Server ActiveSync protocol.

OWA 2007 Improvements

Exchange 2007 offers several improvements to OWA.

Improved user experience. Although Exchange 2003's OWA was a huge leap forward in creating a Web-based client interface resembling the full Outlook 2003 client, Exchange 2007 OWA has gone even further. When used with Internet Explorer (IE) 6 or later, OWA's look and feel is very close to that of the full Outlook 2007 client. Increased use of client-side caching improves OWA's performance, particularly over slow connections.

Exchange 2007's mailbox and public folder indexing is now enabled by default, and now file attachments are indexed in addition to messages. This index and a revamped search interface make the OWA client faster and easier to use when searching for messages and contacts, and OWA has an improved interface for selecting recipients from the Exchange global address list and the user's private contacts. OWA's calendar features are greatly improved also. Like an equivalent new feature in Outlook 2007, the Scheduling Assistant makes it easier to find open times when booking meetings.

However, the two clients do not have complete feature parity, and some tasks can be done only from the full Outlook client. For example, although OWA users can view RSS content previously downloaded by the Outlook 2007 client, OWA does not download new RSS content. Users cannot manage their RSS subscriptions with OWA either.

(For a comparison of the two client interfaces, see the illustration "Outlook 2007 vs. Exchange 2007 OWA".)

SharePoint LinkAccess is a new feature that allows Internet-based OWA users to open Exchange items containing links to shared files and SharePoint sites and document libraries inside the corporate firewall, without requiring users to establish a VPN connection and without requiring the servers storing those files to be exposed to the Internet.

WebReady document viewing. OWA 2007 can convert a variety of document types—including Word, Excel, PowerPoint, and Adobe PDF files—from their native format into HTML so they can be viewed in a browser, rather than requiring users to download them and then launch the associated applications or readers (which must be present on the client). This allows users to read e-mail attachments from public PCs while keeping the documents safe, since the real document files can be blocked from downloading to Internet-based PCs, and the HTML views of the documents are purged by OWA at log-off or when the session times out. Although the fidelity of these converted documents is not quite identical to the originals, it is surprisingly good—even graphical content.

Tighter security. OWA now supports log-on with smart cards or RSA token cards in lieu of passwords. However, in the case of smart cards, users still require a PC equipped with a card reader.

Exchange 2007 still provides a reduced-functionality Web client—now called Outlook Web Access Light—that is compatible with pre-IE 6 browsers and third-party browsers, such as Firefox. This basic client lacks many of the full OWA features, such as right-click support, spell checking, and support for tasks, but provides better performance than OWA when bandwidth is very limited.

Outlook Mobile and Server ActiveSync Improvements

With Exchange 2003, Microsoft included built-in support for Server ActiveSync, a proprietary Microsoft protocol that provides over-the-air synchronization of Exchange content with Outlook Mobile running on Windows Mobile 5.0 phone devices (Pocket PCs and Smartphones). Furthermore, other phone vendors such as Motorola, Nokia, Palm, and Sony Ericsson have licensed Server ActiveSync and are selling non-Windows Mobile phones that can also synchronize Exchange content wirelessly with their phones' personal information managers. Exchange 2003 SP2 added support for direct-push synchronization, which enables new items to synchronize immediately with the user's device rather than at scheduled intervals.

Although SP2 and Server ActiveSync made these devices viable alternatives to RIM Blackberry devices for wireless e-mail, users still didn't get the full functionality of the Outlook or OWA clients. However, with Exchange 2007 and the next generation of Outlook Mobile (code-named Crossbow) in upcoming Windows Mobile devices that will ship in 2007, phone users will get the following added capabilities:

Search. As with Outlook and OWA, Windows Mobile phones can search their Exchange 2007 mailbox—not just the items cached on the device, but their entire mailbox. Users can mark listed items for download, and ActiveSync will immediately retrieve them from the Exchange server.

Reply to meeting requests. With Exchange 2003 and compatible Server ActiveSync devices, users could not book meetings or even respond to meeting requests. With Exchange 2007 and the new Windows Mobile phones, users will be able to reply to meeting requests, but the phones still won't provide an interface to book meetings.

Out-of-Office setting. With Exchange 2007 and the next generation of devices, users will be able to toggle their out-of-office auto-reply feature from their phones, a task not possible with today's devices.

User-initiated remote wipe. The OWA client in Exchange 2007 allows users to remotely wipe all data from lost or stolen devices. Although remote wipe was already supported by Exchange 2003 and the current generation of Windows Mobile devices, it required an administrator to perform this action; however, to reduce the risk of sensitive data falling into the wrong hands, many users will want to wipe critical data off their phone immediately rather than wait until an administrator can be contacted to perform the task.

Current Windows Mobile 5.0 phones and ActiveSync licensee devices will still work fine with Exchange 2007, but with the exception of user-initiated remote wipe, they can't access these new features. Going by past experience with Windows Mobile 5.0, it's doubtful that any current phones will be upgradeable to the next release of Windows Mobile; new hardware will be required.

Improved Spam Blocking

Even though Microsoft and many others in the software industry are pouring resources into the battle to fight spam, it remains a thorny problem. Although many tools and technologies, such as Sender Policy Framework (SPF) and Sender ID, help reduce spoofing of e-mail sender addresses, and tools such as Exchange's Intelligent Message Filter (IMF) help detect and rank messages that appear to be spam, no current technology is even close to perfect in weeding out spam without also creating numerous false positives (legitimate messages mistakenly classified as spam). Furthermore, many messages that one user might consider spam, another considers legitimate.

A foolproof antispam solution is years away or may never be found, so in the meantime Microsoft provides a two-tiered approach that catches the most blatant spam at the server level and then enables users to fine-tune filtering of the messages that get to their mailboxes. Exchange and Outlook 2007 improvements in this area include the following:

Upstream propagation of user filters. Outlook 2003 enabled users to create their own lists of safe senders, safe recipients, and blocked senders (at either the per-domain name or per—e-mail address levels), and Outlook propagated these lists to the Exchange 2003 mailbox server where they were used both by OWA and the IMF spam filter. However, this solution was inadequate because these lists were not propagated to upstream Exchange servers or Simple Mail Transfer Protocol (SMTP) gateways. This meant that some legitimate messages were filtered before ever getting to the users' mailbox server; users never saw these messages in their Outlook junk e-mail folder and could remain unaware of a false positive unless contacted by their senders using some means other than e-mail.

With Exchange 2007, per-user Outlook 2003 and Outlook 2007 sender lists are propagated to upstream Exchange servers, even to servers running in the new and more secure "edge transport server" role, which protects against threats from outside the organization's network.

Outlook E-Mail Postmarks. Another new weapon in the fight against spam is an Outlook 2007 feature called Outlook E-Mail Postmarks. These electronic signatures, attached to each outgoing message, contain the solution to a computationally intensive puzzle performed by Outlook on the message content. Creating the postmark requires many CPU cycles, and while individual users are unlikely to notice a performance difference, it will be a barrier to spammers who send thousands of bulk e-mails. When a message with an attached Outlook 2007 postmark is received by the recipient's Exchange 2007 server, it verifies that the puzzle solution matches the message (a process that is not computationally intensive). Messages with valid postmarks are less likely to be classified by Exchange 2007 as spam.

However, there is currently no Internet standard for e-mail postmarks, so for the time being they are useless when the recipient's e-mail server is not running Exchange 2007.

Improved Calendaring

Even though SharePoint 2007 has replaced Exchange public folders as Microsoft's main product for hosting group and team calendars, Exchange 2007 mailboxes remain the company's primary repository for storing individual calendar data, and e-mail continues to be the conduit for inviting attendees and sending meeting updates. Exchange 2007 and Outlook 2007 provide users with many welcome enhancements to calendaring and meeting management, including the following:

Easier calendar sharing. Outlook 2007 introduces a new Share My Calendar feature that makes it easy to give other Exchange users and groups view-only access to an individual's calendar. It also lets users simultaneously inform contacts that their calendar is viewable, and request reciprocal permissions to view their contacts' calendars.

Exchange has always published users' free/busy information so that meeting organizers could find open meeting times, and this information was also useable by other applications. For example, Microsoft's Office Communicator instant messaging client to Live Communication Server 2005 can automatically set a user's presence status to "in a meeting" based on this free/busy information. Furthermore, a user who wanted to provide others with greater detail on his schedule could set the permissions on his Exchange calendar folder to allow selected users to view or even manage his schedule. However, the Outlook 2003 procedure for setting these permissions was complex and hard to discover.

As in earlier versions of Exchange, the details of Exchange 2007 calendar items marked by their owners as "private" are not revealed to others even when their calendar is shared.

Calendar Attendant. Exchange 2003 and earlier versions used e-mail messages to transmit requests, declines, and accepts to other meeting participants. As a result, each time an organizer made a change to a meeting (such as cancelling it or changing the time or location) and sent out an update, users received a new mail item and had to process these items in the order received.

Although Exchange 2007 uses the same method, it reduces the clutter and potential for confusion by automatically purging all but the latest versions of meeting items from users' mailboxes. Furthermore, the Calendar Attendant automatically marks meeting requests as tentative on recipients' calendars and free/busy information until they can act upon the request; this includes the calendar data synchronized to Windows Mobile or other compatible phones. This feature makes users with many unread e-mails at least aware of proposed meetings when they view their schedules or receive meeting reminders.

Improved resource handling. One of the thorniest problems with Exchange 2003 scheduling—resource handling—has been substantially improved in Exchange 2007.

With Exchange 2003 and all previous versions, resources—shareable entities such as conference rooms, video projectors, or pool vehicles—could be reserved in Outlook or OWA for use by individuals or in conjunction with meetings. This feature was implemented by giving each resource its own mailbox, and reserving a resource involved the same mechanisms used to invite a person to a meeting. This implementation had some unintended consequences—organizations either had to delegate a person to manage requests for the resource (e.g., monitor the resource's inbox) or else open up the resource mailbox's permissions to allow direct booking, which created a free-for-all in which users could create conflicting reservations and delete existing ones. (Microsoft later published a free AutoAccept agent for Exchange 2003 that implemented a first-come, first-served policy, but this component was tricky to configure and wasn't fully integrated with the Exchange administration console.)

Exchange 2007 lets administrators create special resource mailboxes that are easily distinguishable from user accounts in the global address list, and these resources can have custom properties, such as the capacity of a meeting room or the license number of a vehicle. Exchange 2007 also includes a new service, the Resource Booking Attendant, that manages resource requests automatically. Depending on the policies established by an administrator, the Resource Booking Attendant can automatically accept requests or decline and e-mail requestors' details explaining the reason. Resources policies can include available hours, maximum reservation duration, and who has permissions to schedule the resource, and they can be set to forward out-of-policy requests to delegated resource managers for approval. Published resource calendars make it easy for users to view the schedules for each resource.

Better control of out-of-office messages. Outlook and OWA users have long had the ability to create and enable special server-based Exchange rules called "out of facility" (OOF) notifications (called "out-of-office" in Outlook), which automatically return a preset e-mail message back to senders. However, by default Exchange 2003 blocked OOF notifications back to senders from outside the organization's domain; although an administrator could override this default, it was a global setting and most organizations do not want untrusted individuals knowing that someone is out of the office.

With Exchange 2007, each user can determine whether Internet senders will receive OOF notifications, and they also have the option to limit OOF notices to outside senders whose e-mail addresses are in their Exchange contacts. Furthermore, users can set the exact start and end times of OOF rules so that senders will not get invalid OOF messages from users who have forgotten to turn off their OOF rules when they returned to the office.

Availability and Resources

Exchange Server 2007 and Outlook 2007 will be available in Dec. 2006. However, Outlook licensing has changed. Unlike past versions, the standard Exchange Client Access License (CAL) no longer gives users the right to install Outlook. If customers have Software Assurance (SA) for their Exchange CALs (either through an Enterprise Agreement or purchased through a volume licensing program), they are automatically licensed for Outlook 2007 as long as their SA agreement is in effect. Otherwise, to use Outlook 2007 they will need to license it separately or as part of an Office 2007 suite. Alternatively, users can use OWA, POP clients (such as Outlook Express), or existing licensed copies of Outlook 2003; however, none of these clients provide all of the capabilities of Outlook 2007.

More information and a downloadable trial version of Exchange 2007 are available at www.microsoft.com/exchange.

More information on Outlook 2007 is available at www.microsoft.com/outlook.

An overview of Exchange 2007's unified messaging features can be found in "Unified Communications Roadmap" on page 12 of the Nov. 2006 Update.