0

I used to use the -ActiveSyncAllowedDeviceIDs mailbox property to whitelist mobile devices for ActiveSync.

Ever since we upgraded to Exchange 2013, any mobile device has been able to use ActiveSync, ignoring this property.

My colleague found the device quarantine options in the Exchange Control Panel, but setting quarantine as the default behaviour cuts all my existing users off from ActiveSync (we found this out the hard way). Before I go ahead and start using the quarantine feature, is there any other way to get the -ActiveSyncAllowedDeviceIDs property working again?

Edit: We upgraded from Exchange 2007.

Seyren
  • 141
  • 1
  • 6

1 Answers1

0

As far as I am aware the behaviour hasn't changed. If you want to control the devices that can sync you need to have Exchange quarantine and use allowed rules. That has been the case since at least Exchange 2010. Therefore if you were seeing different behaviour then you were mistaken. ActiveSyncAllowedDeviceIDs without Quarantine doesn't do anything because as you have found, any devices can connect.

There is a script available which will allow you to grandfather all existing devices in to system when you are going to use the Quarantine. https://blogs.technet.microsoft.com/rmilne/2015/02/25/exchange-activesync-script-to-grandfather-existing-devices/

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • We upgraded from Exchange 07, that must be it. The script looks useful, I'll adapt it for my environment. Thanks! – Seyren Jul 12 '17 at 10:26