<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Disable Exchange ActiveSync feature by default

Published on
7,363 Points
4,263 Views
1 Endorsement
Last Modified:
We receive many questions about how to disable the Exchange ActiveSync feature by default so that once an email account is created, the ActiveSync feature is disabled by default for that account, and since this is not configurable neither by Exchange server settings nor by any script, I will share with you the best practice to work around this issue.

We will do the below configuration:
 
  1. Configure on the Exchange server a policy named DisableMobileAccess to allow a maximum of zero mobile devices to connect through ActiveSync or through OWA for devices per user, and apply it on the organization level. Thus, when we create a user with a mailbox, even if the ActiveSync is enabled for it by default, the user will not be able to connect via ActiveSync since the allowed number of devices for him is zero by default! (He will not be able to connect through OWA for Devices feature either.)
     
  2. Configure on the Exchange server a policy named EnableMobileAccess to allow a maximum of a specified number of mobile devices to connect through ActiveSync per user, and apply it on the users level, so for each user we want to grant him an ActiveSync access, we will add his account to that policy, in my example, the specified number will be 50 which is the default number in the default policy settings on the Exchange Server 2013.

To Create the DisableMobileAccess policy, log on to your Exchange Server 2013, open the Exchange management shell with administrator privileges, and run the below cmdlet:
 
New-ThrottlingPolicy -Name DisableMobileAccess -EasMaxDevices 0 -ThrottlingPolicyScope Organization

Open in new window


To Create the EnableMobileAccess policy, log on to your Exchange Server 2013, open the Exchange management shell with the administrator privileges, and run the below cmdlet:
 
New-ThrottlingPolicy -Name EnableMobileAccess -EasMaxDevices 50 -ThrottlingPolicyScope Regular

Open in new window


After creating those policies, the DisableMobileAccess policy will be applied to each user in your organization, and whenever you want to allow a user to access his email through ActiveSync you must add his account to the EnableMobileAccess policy by running the below cmdlet:
 
Set-ThrottlingPolicyAssociation -Identity UserAccount -ThrottlingPolicy EnableMobileAccess

Open in new window


Note: the above will be applied immediately on the newly created email accounts. To apply it to the existing email accounts you must run the following script first; this script will delete the mobile devices for all users, so when a user tries to sync, the new policies will be applied on it.
 
$UserList = get-content "c:\scripts\users.csv"

Open in new window


$UserList | % {Get-mobileDeviceStatistics -Mailbox $_ | remove-mobiledevice -Confirm:$false}

Open in new window


The users.csv is a file contains the account name of all users; it is exported by running the below script:
 
Get-ADUser -Filter * -Properties * | select -Property samaccountname | Export-Csv "C:\Users.csv" -NoTypeInformation

Open in new window


Thank You.
1
Comment
1 Comment
LVL 7

Author Comment

by:Marwan Osman
Great, thank you
0

Featured Post

How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

Join & Write a Comment

This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month