Wednesday, December 16, 2009

Exchange 2010 – Enterprise Client Access Licenses

Some customers have asked about what an Enterprise CAL in Exchange 2010 grants you compared to the standard CAL. It is important to know that Exchange CAL's are additive (this was also true in exchange 2007) so an Enterprise CAL is not a "covers all" - you need the Standard and the Enterprise CAL.

The most complete licensing comparison on Exchange 2010 is here:

And from the CAL chart there, we can see the detailed parts that are granted with an Enterprise CAL.

So let's detail these.

Advanced Activesync Policies
Within Organization Configuration, Client Access, Exchange ActiveSync Mailbox Policies, anything changes from the defaults on the Device, device Applications, or Other tab require an Enterprise CAL

You can see in these screenshots, that pretty much anywhere Enterprise CALs are being used there is an icon and a reminder.

Premium Journaling

If you have ever used an archiving product, you have probably used standard journaling. This is where every email written to a particular database is also copied to a single mailbox. Typically, then the 3rd part archive product picked up those emails and wrote them elsewhere. Premium journaling is under Organization Configuration, Hub Transport, Journal Rules. When you go to create a new journal rule, you see the same Enterprise CAL notification.

Unified Messaging

If you enable UM for a user, you need an Enterprise CAL.

Retention Policies

There are two different Managed Folders.. Default and Custom. Default folders are your Calendar, Contacts, Inbox, Draft, Sent Items, Tasks, Etc. Custom is anything you want to create and deploy to your users outside of this. When you create a new Custom folder policy, you see the Enterprise CAL notification.

Integrated Archive

Integrated Archive mailbox is new for Exchange 2010. When you attempt to enable archive for a mailbox, you get the Enterprise CAL notification shown below.

Multi-mailbox search and legal hold

This is the Discovery Management role within the RBAC (Role Based Access Control) that can be controlled via the ECP (Exchange Control Panel) This one does NOT give an Enterprise CAL notification when you add a user to the role group.

IPC, Transport Decryption, etc

This is a multifaceted one, that is not highlighted as Enterprise CAL required when you configure it either. I will default to Technet for descriptions of each of these features, as they have them neatly collected here:


Anonymous said...

Very useful blog post thanks. Do you also happen to know whether an Enterprise CAL is required for the Remote Device Wipe functionality?

Chris Lehr said...


I understand your confusion - the licensing page here is pretty vague:

However, from experience, I am 95% certain that remote device wipe is allowed within the Standard CAL. As a general rule, Microsoft was pretty good about putting the "Enterprise CAL is required for these features" on any of the GUI's that require that level of licensing.

Also, typically, MSFT works on the honor system of administrators, and since remote device wipe is a function available to the end user, I would think that this is definitely something available in the standard CAL as it is enabled for end users out of the box.

Hope this helps!

Hans Carlsson said...

Hi Chris,
Thanks for a very good post. I found it when looking for Exchange ENT CAL licensing rules for Activesync. I totally agree that it´s when changing the policy you need an ENT CAL but do you know any information from Microsoft confirming that?

Greatful for any help in this.
Best regards,