1.4 Given a scenario, configure basic mobile device network connectivity and application support.

  • Wireless/cellular data network (enable/disable)
    • 2G/3G/4G/5G
    • Hotspot
    • Global System for Mobile Communications (GSM) vs Code-Division Multiple Access (CDMA)
    • Preferred Roaming List (PRL) Updates
  • Bluetooth
    • Enable Bluetooth
    • Enable Pairing
    • Find a Device for Pairing
    • Enter the Appropriate PIN Code
    • Test Connectivity
  • Location Services
    • Global Positioning System (GPS) Services
    • Cellular Location Services
  • Mobile Device Management (MDM) / Mobile Application Management (MAM)
    • Corporate Email Configuration
    • Two-Factor Authentication
    • Corporate Applications
  • Mobile Device Synchronization
    • Account Setup
      • Microsoft 365
      • Google Workspace
      • iCloud
    • Data to Synchronize
      • Mail
      • Photos
      • Calendar
      • Contacts
      • Recognizing Data Caps


There are four types of cellular networks

  • 2G – 2G is also known as Second Generation.  It was the first digital cellular system.  It provides data transfer rates of up to 64 kbit/s.  2G allowed us to send and receive text messages.  It operated at a frequency of 200 KHz.

  • 3G – 3G is also known as Third Generation.  It provides data transfer rates of at least 144 kbit/s and up to 2 mb/s.  It operated at a frequency of 2100 MHz

  • 4G – 4G is also known as Fourth Generation.  4G must use an underlying IP (Internet Protocol) network and provide data speeds of up to 100 Mbit/s for moving users and 1 Gbit/s for stationary users.  In other words, the equipment in the 4G cell tower connects to the internet.

  • 5G – 5G is also known as Fifth Generation.  It provides data rates of up to 1 Gbit/s.  5G is supposed to provide enough bandwidth to allow devices to function as primary internet connections.  5G broadcasts signals at 24 GHz to 40 GHz

When selecting a wireless device, consider the following

  • Purchase wireless access points that support Wi-Fi 6 and MU-MIMO

  • As the use of Wi-Fi increases, consider purchasing wireless access points that support a 2.5 Gbit/s or 5 Gbit/s ethernet connection.

  • Determine the range of each access point and the area that you must cover; this will allow you to calculate the number of access points required

  • Determine the number of devices or users that need to be served and the maximum capacity of the wireless access point

  • Consider whether the area that requires coverage has a basic layout or whether specific directional antennas are required

A cellular antenna in a tower can only talk to one phone at a time.  How do we connect multiple phones to a tower at the same time?  What if everybody is at the Super Bowl and texting and talking and tweeting?

There are three types of cellular network connections – GSM (Global System for Mobile Communications), TDMA (Time Division Multiple Access), and CDMA (Code Division Multiple Access).

A cellular phone connects to a tower through its cellular modem.  The phone will contain a SIM card that allows it to authenticate with that network.  Some laptops and routers also support cellular connections.

A cellular phone may be locked to a specific cellular network (Bell, Telus, AT&T, Verizon, etc.) or unlocked (in which case it can connect to any network).  You pay for a cellular plan with a specific carrier (Bell, Telus, AT&T, Verizon, etc.), which could include any number of features.

Some cellular phones have room for two SIM cards.  A cell phone with two SIM cards can connect to two networks at the same time (or maintain two separate connections to the same network).  However, a cellular phone usually has only one modem.  That means that when you are on a call through one SIM card, you can not make or receive calls (or send or receive any data) through the other SIM card.

When a phone is outside the range of its default network (for example, when it is in another country), it is roaming, and will attempt to connect to any number of available networks.  The user may incur additional charges for roaming.

GSM and CDMA are the two main types of cellular radio networks.  Most cellular networks are GSM, except for those maintained by Sprint and Verizon.  Some phones can operate on both GSM and CDMA networks. A carrier will operate the radios in their towers on several different frequencies (for example, Sprint operates over the CDMA 800 MHz and 1900 MHz frequencies).  For a phone to connect to a carrier’s network, it must have a modem that operates on at least one of that carrier’s frequencies.

TDMA was an older cellular technology that has been incorporated into GSM.  With TDMA, a cellular antenna would give each cell phone a time slot.    The width of each slot is measured in milliseconds.  Each phone would only listen during its slot.  This way the tower can connect multiple phones at the same time.  It’s like a person trying to have a conversation with several other people: say a few words to person one, say a few words to person two, say a few words to person three, come back to person one and say a few words, etc…  Each of the other people only needs to listen when they are being talked to.

GSM continues to use the same time slots that TDMA did.  But GSM data uses the GPRS (General Packet Radio Service) protocol, which is no longer considered secure.

CDMA is more complicated.  It involves complicated math, linear algebra to be specific.  You can think of the signal from a cell tower to a phone like a wave.  Each phone agrees on a code with the tower.  The tower creates a signal that is a mash of all the messages that it wants to send all the phones that are connected to it; the messages are coded so that they don’t cancel each other out.  Every phone receives the same signal but extracts the portion intended for itself.  It’s like if I hid French words between all the English words in this book.  An English-speaking person would read the English words and a French-speaking person would read the French words.  Now imagine that I hid words from eighty different languages in this book.  Every person could see all the words but only understand their own language.

Some phones support both GSM/CDMA and either 3G/4G/5G/LTE.  GSM/CDMA are becoming less popular as 5G takes over.

When selecting a phone

  • Ensure that the phone’s modem is compatible with the chosen carrier

  • Ensure that the carrier has adequate network coverage in the areas you plan to visit

  • Ensure that the cost of the cellular data and voice plan is known in advance

Cellular (data-only) connections are used by mobile workers and by cellular modems.  It is common for an organization to install a primary broadband modem and a back up cellular modem.  If the primary connection fails, the cellular back up will take over.

How to configure a wireless/cellular data network

  • Cellular Network

    • The cellular data network settings are usually obtained automatically from the SIM card/cellular network.  If you buy a phone that is locked to a specific carrier, then the settings are already preconfigured.

    • You can access the Cellular options from the phone’s option menu

    • You can configure the APN name, and a few other settings.  You can obtain the correct settings from the carrier.  They are usually available on the internet.

    • If you are in an area where your carrier does not have a tower, then your phone might roam to the nearby tower of another carrier.

  • PRI Updates/PRL Updates/Baseband Updates

    • Updates

      • Each phone contains software/hardware including a processor, memory, RAM, etc.

      • The phone also contains a hardware radio for communicating with the cell tower

      • The phone manufacturer will regularly release updates for the phone’s operating system and/or hardware

      • The phone will automatically check for updates and prompt you to download/install them

    • PRI Updates

      • The PRI, or Primary Rate Interface provides communication between the phone and the phone’s hardware radio

      • The PRI requires regular software updates

    • PRL Updates

      • The PRL or Preferred Roaming List contains a list of radio frequencies that the phone can broadcast on

      • When you travel with a phone to a different network, or when the carrier upgrades their network, the phone will automatically download a new list

      • Sometimes a manual update to the PRL is necessary.  You can manually obtain an update by dialing a specific number.  For example, on a Verizon network, dial *228.

    • Baseband Updates

      • The baseband is a chip that controls GSM and 3G/4G/5G phone radio waves

      • The software that runs on the baseband chip is separate from the software that runs on the phone (Android or iOS)

      • Software updates are made available, which improve stability and battery life

    • Radio Firmware
  • The firmware works with the operating system to control Wi-Fi, GPS, NFC, and other types of connectivity

    • Phone manufacturers release new versions of the firmware, which improve connectivity and battery life

    • You can manually download a firmware update and install it.  You may need to connect the phone to a computer and run the firmware update utility.

    • In many newer phones, the Firmware is controlled by the Operating System

  • Airplane Mode

    • You can select “Airplane Mode” from the options to turn off all external communication (Wi-Fi, NFC, Bluetooth, and Cellular)

    • You can enable or disable cellular data (when disabled, you may make and receive phone calls and SMS messages only).  This is useful when you are roaming and will incur additional charges if you keep your data on.

  • Tethering/Hotspot

    • Tethering allows you to connect your phone to another phone or computer via USB or Bluetooth for the purposes of sharing data

    • A Hotspot allows you to connect your phone to another phone or computer via Wi-Fi for the purposes of sharing an internet connection

    • Go to Options and choose the USB tethering or Configure Wi-Fi hotspot option

  • You can select the following options

    • SSID name
    • Security type
    • Password
    • Devices that are blocked from connecting

    • The SSID and password are generated randomly by default, but you can change them to something that you will remember.

  • Wi-Fi

    • Go to Options and choose Wi-Fi

    • Choose the correct SSID

    • The phone will attempt to connect.  You will need to enter the password or username/password combination for the SSID

    • If you’re attempting to connect to a hidden SSID, you must enter the SSID/password manually

    • The Wi-Fi menu shows you the signal strength of each Wi-Fi network

    • Some phones aren’t compatible with 2.4 GHz or 5 GHz networks

  • Bluetooth

    • You can configure Bluetooth by selecting Bluetooth from the options menu

    • The Bluetooth menu shows you a list of paired Bluetooth devices

    • To add a new device

      • Choose “Scan for devices” on the phone
      • Choose “Scan for devices” on the device that you want to pair with (or put the device in pairing mode by pressing the Bluetooth button on it)
      • The phone will show you a list of detected devices
      • Choose the device that you want to pair with
      • You may be required to enter a password (the device that you’re attempting to pair with will provide you with a password)
      • The devices will connect together
      • You may need to configure additional settings, depending on the type of device

Location Services

Location services lets your phone figure out where it is.  There are four ways for location services to do this

  • The GPS antenna in your phone connects to GPS satellites, which calculate its location.  This is usually the most accurate location service.

  • Bluetooth.  Your phone can use its Bluetooth antenna to detect the Bluetooth signal from other nearby devices (such as other people’s phones).  This type of location service tells you whether you are near other devices.  It is useful for contact tracing 

  • Wi-Fi hotspots.  There are centralized databases of Wi-Fi hotspots.  For example, if you’re at a Starbucks in downtown Seattle, and your phone picks up their Wi-Fi signal (even if you don’t connect to it), then your phone will know that you are at a Starbucks in downtown Seattle.

  • Cell towers.  If your phone knows which cell tower it is connected to, it can approximate your location.  This is the least accurate location service.

The location service is tracked by your phone.  You can choose whether to turn the location services on or off.  You can also choose which apps to share your location with. 

Apps will take your location data and use it to improve your experience.  They will also use it to spy on you and show you creepy advertisements based on where you are or where you have been.  Even if you turn location services off, you can still be tracked

  • Your location can be tracked using an IMEI catcher (also known as a Stingray)

  • The cell phone company can track your location based on the cell towers that you are connected to

  • Wi-Fi networks that you connect to can track your location

  • People who are travelling with you may have their location services turned on.  Your vehicle may also have a GPS tracker

Mobile Device Management (MDM) / Mobile Application Management (MAM)

One way that we can ensure our mobile devices are secure is with MDM or Mobile Device Management.  Some of the things that MDM can enforce

  • Application Management.  We can restrict the types of applications that a user can install.  We can also force the phone to download and install specific applications, prevent a user from installing any new applications, or prevent a user from uninstalling any existing applications.

  • Content Management.  We can control the type of data stored on the phone and we can set policies based on the type of data.

  • Remote Wipe.  If the phone is lost or stolen, then we can erase it.  The server sends the phone a signal to wipe it.  If the phone is not connected to a network (if it is turned off, or if the thief has disconnected the network), then the remote wipe command will not reach the phone.

  • Geofencing.  We can restrict the geographic areas where the phone can function.

  • Geolocation.  We can track the physical location of the phone.

  • Screen Locks.  We can force the phone to lock after a period of inactivity.

  • Push Notifications.  We can send notifications to the phone.

  • Passwords and PINs.  We can force the user to set a password and/or PIN, and we can enforce password complexity.

  • Biometrics.  We can force the user to set a biometric lock on the phone.

  • Context-Aware Authentication.  Context-aware authentication uses artificial intelligence to predict whether a user is legitimate or malicious.  If the system believes that the user is legitimate, then the authentication gives the use access.  If the system suspects that the user is malicious, it might request an additional form of authentication (2FA).

  • Containerization.  We can separate business applications from personal applications so that they do not share data.

  • Storage Segmentation.  We can separate business data from personal data.  We can store the business data in a “container” on the phone and enforce our encryption and authentication policies on this container.  If the user leaves the company, we can wipe the corporate data but keep the personal data intact.

  • Full Device Encryption.  We can force the phone to encrypt its entire contents.  This is a standard feature on most Android and Apple phones.

Some components that keep mobile devices secure

  • MicroSD Hardware Security Module (HSM).  A MicroSD HSM is a Smart Card that is in the shape of a MicroSD card.  We can insert the MicroSD card into our Android phone and now we have access to our security keys.

  • MDM/Unified Endpoint Management (UEM).  UEM is an application that allows us to enroll, provision, and secure end user devices.  We first create a template that includes configuration, device names, and applications.  Then we enroll the end user devices.  The UEM automatically pushes the necessary configuration onto the devices.

    For example, we might configure the devices to download the Microsoft Outlook App, have a password of at least ten characters, and encrypt all the data.  Anytime we enroll a new smartphone, UEM automatically forces that phone to install the Microsoft Outlook App, enforces a password with at least ten characters, and encrypts the device data.

  • Mobile Application Management (MAM).  MAM takes MDM a step further by allowing an administrator to configure specific application settings.

    An example of MAM is Microsoft Intune.  Some of its features

    • Automatically install apps on a user device

    • Configure installed apps

    • Encrypt company data in installed apps

    • Erase company data in installed apps.  That means that a user can use the same app for business and personal, and keep the data separated.

    • Update apps

    • Install proprietary apps (company-created apps that are not in the app store)

Your organization can combine Microsoft Intune with its Microsoft e-mail system.  If you try to access your corporate e-mail on your personal phone, your e-mail application will force you to install Microsoft Intune first and apply the required policies.

  • SEAndroid.  Also known as Security Enhanced Android or Security Enhanced Linux in Android or SELinux.  SELinux is a tool that allows an administrator to lock down a mobile Android device.  This protects the device and the user from malicious applications that exploit security holes.

    SELinux can do one of two things – deny an app any action that is not explicitly permitted (known as enforcing mode), or simply log any action that is not explicitly permitted but permit it anyways (known as permissive mode).  In permissive mode, we can review the logs to later determine whether specific actions should be prohibited.

Some things we can monitor

  • Third-Party Application Stores.  There is only one official app store for the iPhone (Apple App store), and two for Android phones (Google Play and Amazon).  These stores verify the identity of their app publishers and check each app for security vulnerabilities.  These apps are digitally signed by their publishers.  There is a lower risk that an app from one of these stores contains malicious content.

    We should not install apps from other third-party stores or sources.  By default, an Android phone will not allow the use of a third-party app.  An app from a third-party source may not be digitally signed.  That means that we may not be able to verify the identity of its publisher.

  • Rooting/Jailbreaking.  Rooting or Jailbreaking is a method for unlocking an iPhone or Android phone so that it can run unauthorized content.  Rooting and jailbreaking are bad because they remove restrictions that the operating system has placed to protect the user data from malicious applications.

    Normally, an app has limited permissions.  When you install the app, you must explicitly give it permission to access devices such as the microphone, the camera, and or the location.  The app will also not be able to access system devices or files, or files controlled by other apps.  Each time an app wants to do something, it must talk to the operating system, and the operating system gives it a response. 

    For example, when an app wants to access the camera, it does not talk to the camera directly.  It talks to the operating system and the operating system talks to the camera.

    Rooting gives applications the ability to run as the “root” user, without any limitations as to what they can do.  It also lets it talk directly to system devices.

  • Sideloading.  Sideloading is a practice of manually downloading and installing an app from a USB source or from the web, instead of from the app store.  It mainly applies to Android phones.  It is not a good idea to do so because the source of these apps cannot be verified.

  • Custom Firmware.  Some users have written custom firmware (operating systems) for their Android phones.  These are also known as Custom ROMs.  They give the phone additional features.  Some of these are legitimate, but their publishers are not usually experienced enough to verify that their ROMs are free of security vulnerabilities.
     
  • Carrier Unlocking.  When you purchase a phone, it may be locked to a specific carrier’s network.  You can unlock the phone so that it can function on other networks.  To do so, you must obtain a code from your current carrier.  Some phones come unlocked from the factory.  Unlocking the phone does not pose a security risk.

  • Firmware Over-the-Air (OTA) Updates.  Some phones automatically receive updates when connected to Wi-Fi.  It is important to install updates soon as possible because they patch security vulnerabilities.  We must make sure that the update is coming from a legitimate source.

  • Camera Use.  In a high-risk environment, we might choose to restrict the use of the camera.
     
  • SMS/Multimedia Messaging Service (MMS)/Rich Communication Services (RCS).  We might restrict whether a user can send SMS messages or MMS messages.  We might want to use a Data Leak Prevention application to control the content of these messages.  SMS and MMS messages are not encrypted.  We might want our users to communicate through more secure apps.

  • External Media.  We might restrict whether the phone can access external media such as SD Cards.  We don’t want a user to be able to copy sensitive data from the phone to an SD Card.

  • USB On-the-Go (USB OTG).  OTG allows a smart phone to read data from a USB drive or accept a connection from another USB device such as a keyboard.  Because USB devices can contain viruses, USB OTG is risky.  We also don’t want a user to be able to copy sensitive data from the phone (where it is encrypted and monitored) to a USB drive (where it is not encrypted and not monitored).

  • Recording Microphone.  In a high-risk environment, we might choose to restrict the use of the microphone.

  • GPS Tagging.  We might force the phone to place a GPS tag on each photo taken.

  • Wi-Fi Direct/Ad Hoc.  We might prohibit the phone from making a direct wireless connection to another device.

  • Tethering.  We might prohibit the phone from tethering (sharing its internet connection with another device via USB).

  • Hotspot.  We might prohibit the phone from sharing its internet connection via a hotspot.

  • Payment Methods.  We might enforce specific payment methods for purchases made by the phone.


There are several ways to deploy mobile devices

  • Bring Your Own Device (BYOD).  With BYOD, an employee can use their own personal device and not have to carry two devices.  They can use a device that they like.

The organization must be able to provide technical support for a wide range of manufacturers and models.  The organization may limit the support that they provide for BYOD devices to only basic technical support.

We might use MDM to separate the user’s apps and data from the company’s apps and data.

There may be legal restrictions on what the organization can do with an employee-owned device (such as GPS tracking, data erasing, encryption). 

The organization may be required to reimburse employees for the use of their phones.

  • Corporate-Owned Personally Enabled (COPE).  The organization supplies and owns the mobile devices, but employees are permitted to use them for non-work purposes.  This is good because people do not want to carry two phones.  The company can choose which phones employees will use and can enforce policies through MDM.

    The company might allow the user to keep their phone (for free or for a fee) when they quit.  The company should require the user to erase any company data from the phone at this time.

    The company must be careful to keep each user’s personal activities private.  Technically speaking, a company is allowed to monitor all the content on corporate-owned devices.  But many companies allow (or turn a blind eye to) their employees to use their company devices for personal use.  This leads to a problem where employees have an “expectation of privacy” in the common law and causes the company a legal obligation where they are responsible for protecting employees’ personal information on corporate devices.  It can lead to lawsuits if their privacy is violated.

  • Choose Your Own Device (CYOD).  CYOD is like COPE, except that a user can choose any type of phone that they want.  This can create a headache for the IT department because they will have to support a wide variety of devices.  Also, some of those devices might not meet the company’s security or performance standards.

  • Corporate-Owned.  The organization supplies and owns the mobile devices.  The company enforces its policies on all the devices and employees are prohibited from using them for personal activities.

E-mail Configuration

  • Android and iOS operating systems have default “Mail” apps

  • To set up an e-mail account

    • Open the Mail application
    • Choose Accounts from the Options menu
    • Choose the type of account

  • You must enter your username/password
  • The phone will automatically detect the additional settings
  • If detection fails, you may be prompted to enter the settings manually (username, password, e-mail server address, etc.)

  • You may choose to use another type of app (Outlook, Gmail) to access your e-mail.  Outlook is a good application for accessing Microsoft Office 365 or Microsoft Exchange e-mail.

  • To use another app

    • Install the e-mail application that you want to use
    • Add a new account inside the app
    • Enter your username/password
    • The app will attempt to detect settings automatically
    • If detection fails, you may be prompted to enter your settings manually
    • You can obtain the correct settings from your e-mail provider

There are several e-mail communications protocols

  • POP3

    • The server receives e-mail messages and holds them
    • Your phone/device will download the messages from the server
    • Once downloaded, the server deletes the messages
    • This protocol is not common anymore

  • IMAP

    • The server “syncs” with each device
    • If you have multiple devices that access the same e-mail account (computers, phones, and tablets) then all of them will have the same data
    • When an e-mail is created by or deleted on the phone/device, it is created on or deleted by the server.  When the server receives an e-mail, it pushes that e-mail to all the other devices.
    • The server and devices also sync e-mails, contacts, and calendar items

  • SMTP

    • Simple Mail Transfer Protocol
    • Protocol for sending messages only
    • You may be required authenticate with the SMTP server to send messages (some SMTP servers are open, which means that they let anybody send e-mail through them)
    • Your SMTP username/password may be the same as your POP3 or IMAP account username/password

  • Microsoft Exchange

    • Microsoft Exchange is very common in the corporate world.  It is a proprietary system developed by Microsoft.
    • It is like IMAP in that it allows e-mail, contacts, and calendars to sync with the server
    • It provides advanced features such as a global address directory, automatic e-mail replies, photographs/job titles of recipients, conference room bookings, and integrates with Active Directory



Port and SSL Settings

  • Port and SSL Settings are automatically detected by the e-mail app.  If detection fails, you must enter them in manually.

  • The e-mail provider may have specific port settings for authentication. You must specify the port in use (common ports are 25 and 587, although an e-mail provider may use a non-standard port)

  • The e-mail provider uses SSL (Secure Sockets Layer), TLS (Transport Layer Security), or no security.  You must specify the type of security in use.

Commercial Email Provider Configuration

  • iCloud

    • iCloud is a proprietary service offered by Apple for iOS users

    • You must pay a fee to use, and must pay additional fees depending on storage capacity used

    • iCloud allows you to back-up and sync your photos, passwords, documents, and settings across multiple Apple devices

    • iCloud provides you with an optional @icloud e-mail account

    • An iCloud account allows you to manage your phone

    • When you buy a new iPhone or iPad, you are prompted to set up an iCloud account or log in to an iCloud account.  The device becomes locked to your iCloud account.

  • Google/Inbox

    • A Google account can be used to manage an Android phone

    • You can add an account from Settings/Accounts page (choose Google account)

  • Corporate Google Accounts (Google Apps for Business or Google Workspace) can be used to manage corporate devices, prevent theft, remotely wipe phones, prevent unauthorized app installation, etc.

  • A Google account will sync data, photos, messages, and settings.  Account can also detect stolen devices and provide GPS coordinates of missing phones

  • Microsoft Office 365 / Exchange Online

    • Exchange Online is part of Office 365, and sold by Microsoft

      • You pay a fee per user per month

      • The monthly cost depends on the type of options you want and whether you need access to Microsoft Office software, e-mail, or both

      • Multiple options are available depending on needs of organization

    • Office 365 functions on any phone (iOS or Android)

    • You can set up the account in Outlook for Android/iOS or in the Accounts page on Android/iOS

    • After installing Outlook, you can enter your username/password, and the phone will automatically detect additional settings

    • Exchange will sync more data than IMAP, including the corporate address book and away messages

    • When you set up an Office 365 account on your phone, you will have access to other Microsoft applications and data including Teams, Word, Excel, and OneDrive

    • You can install the Microsoft Team app on your iPhone or Android device and make calls or join conferences

    • Your organization can use Microsoft Intune to enforce its corporate policies across all the Microsoft apps and data on your device including Outlook, Teams, Word, and OneDrive

Synchronization Methods

  • We set up synchronization settings in the previous sections (examples include iCloud account, Google account, Microsoft Exchange, Bluetooth connection)

  • Once the settings are in place, the phone will connect and sync with the cloud/desktop/automobile automatically, provided it is connected to the internet/desktop/automobile

  • There are many types of data that we can sync.  If you use an Android phone, you may have a Google account and a Microsoft account.  If you use an Apple iPhone, you may have an iCloud account and a Microsoft account.

  • It’s possible to select the types of data that can be synced or not synced

  • Data can be synced with one application provider or with multiple providers.  Some examples:

    • The Facebook app on your phone will only sync Facebook data with Facebook servers.  When you open the app, it downloads data from the Facebook server.

    • The Google photos app syncs photos from your phone with your Google Photos account.  These photos include photos that you took with your phone and photos received via other applications including WhatsApp and screenshots

  • When you run out of space on your phone, you might want to delete some data but keep it stored in the cloud.  Space is not free, and your organization might set limits on the amount of data that you can store. 

    For example, your corporate Microsoft e-mail account may allow you to store a maximum of 50 GB of data.  If you run out of space, you must delete some data.

    Your Google account may only allow you to store up to 2 GB of data.  If you run out of space, you may be able to buy more for a monthly fee.