Some large organizations no longer support passwords for Microsoft Exchange accounts, but instead require Windows Mobile-powered device users to authenticate by installing security certificates on the device. Other organizations may require certificates because they use the 802.1x wireless protocol EAP-TLS (Extensible Authentication Protocol-Transport Level Security) authentication, L2TP/IPsec (Layer 2 Tunneling Protocol and Internet Protocol Security), or an SSL/TLS (Secure Sockets Layer and Transport Layer Security) client program.
The process of getting a user identity certificate onto the device is called enrollment. Enrollment consists of contacting a certificate server and requesting that the server issue a certificate. The server requires you to present credentials, such as a smartcard or a user name and password, to identify yourself before the certificate will be issued.
You can use ActiveSync on the PC to enroll for a certificate using the Get Device Certificates feature. To enroll, select a certificate type, which is a set of the information needed to enroll, such as the certificate server address and the name of the certificate to be requested. Get Device Certificates displays the certificate types available on the device and published in Active Directory on your network. The display can be filtered to display only certificate types from one or the other location.
If you add a certificate type, it will be added only to the connected device and not to Active Directory. Also, you can remove or change only certificate types that are on the device.
See also
Synchronize with Microsoft Exchange
Switch from synchronizing with Microsoft Exchange