1

I'd like to enable on my Exchange 2013 server the quarantine settings for activesync, because I want that my colleagues can sync with their mailbox only the company mobile phone and not their personal phone/ipad/tablet. I have two questions:

1) I will set a rule to put in quarantine all devices, so I'll need to enable each single new device. Is this rule dangerous for whatever reason? Is that the correct way to reach my goal?

2) what about the "already configured devices"? Will they continue to work without any enable needed? It will be a nice thing, despite the fact I don't know at the moment if they have other devices configured except the company phone, but it won't be a hard problem.

Thank you

maurice
  • 61
  • 2
  • 6

1 Answers1

1

If you enable quarantine, then everything gets quarantined, including existing devices. There are various scripts around that will approve everything that already exists. I found this one in about 30 seconds, there are others.

http://www.zerohoursleep.com/2014/03/bulk-approving-existing-activesync-devices-after-enabling-activesync-quarantine/

Although I would probably run some of the clean up scripts and remove any device that hasn't connected for six months or more first.

Otherwise what you have proposed works well. You have complete control over the devices. Just make sure that you have set it up correctly so the notifications are made to the right person so a valid user isn't hanging around for ages waiting for the approval.

The only other method is to use an MDM tool. Some of them will do the approving of the quarantined device for you, because the device has been added via the MDM.

Sembee
  • 2,884
  • 1
  • 8
  • 11