To an email-syncing office drone with an iPhone 3G, this change looks like a bug. To an IT admin, this change actually looks like a bugfix. But no matter how you see it, Apple screwed up somewhere down the line.
Users are reporting that iPhone 3.1, which just dropped Wednesday, won't sync with some Exchange servers—in particular, any that ask for full device encryption. Which quite a few do! Apple's official note on the change:
iPhone OS (beginning with the iPhone OS 3.1 update) can enforce the Exchange ActiveSync mailbox policy requiring encryption on the device. If your Exchange Server administrator has selected this option, only devices that support device-level encryption are allowed to sync Mail, Contacts, and Calendars.
So in a direct way, the iPhone has actually increased Exchange support, in that it honors Exchange servers' requirements for device-level encryption, and won't connect if the device doesn't meet them. Since they don't support hardware encryption at all, the iPhone 2G and 3G can in no way meet these requirements, so blocking them from connecting is just good security policy.
Here's the problem: Before 3.1, firmwares just falsely reported that a user's iPhone supported device-level encryption. To frame this change as a bugfix is basically dishonest, since this "bug" was intentionally planted by Apple in order to rush full Exchange support out the door on devices that, by their very nature, can't have it. Now, anyone who bought an iPhone 3G under the (reasonable!) impression that they'd be able to use it to connect to their company's security-enabled Exchange server now can't. Oops? Sorry? Both?