When I configured my Droid 2 (Android 2.2) to communicate with our Exchange 2007 client access server, it appeared to apply a policy that forced me to use a password lock on the device.
Curious, I went to look and the default ActiveSync policy that we are using does not appear to have this enforcement configured, so it must be the device doing this.
My question is, is there a way to override this? On either end?
I believe this is actually forced from the Droid side, not from your Exchange server and is a part of the mobile OS by design. The good news is that it's a terrific security practice and should be used by most people. I'm sure however that doesn't satisfy your needs.
One alternative is to not use the embedded exchange client, but an alternative such as TouchDown by Nitrodesk (http://nitrodesk.com/). This third party client will not only trigger a forced password by the OS, but will also get you out of having to pay for the extra "Corporate email" recurring fee charged by some providers. Also I believe this client will sync some aspects of Exchange which the embedded client won't, such as tasks.