Exchange 2010 / Mobile Device Policy

We currently have Exchange 2010 SP1 in our environment, 2 x Hardware Load Balanced CAS servers (including HT roles), and 2 x 2010 SP1 Mailbox servers in a DAG.  

Everything works as expected, however, we would like to put some form of policy in place that prevents a user from adding an iPhone / Andriod without us first approving the device.

At the moment, the only remedy we have is to disabled Activesync on an account basis.  But I was wondering if it would be possible to do this by policy or some 3rd party plug in.
Who is Participating?
Rajith EnchiparambilConnect With a Mentor Office 365 & Exchange ArchitectCommented:
you could disable activesync for all mailboxes and then use the following to allow specific types of devices
Set-CASMailbox -Identity: "UserA" -ActiveSyncAllowedDeviceIDs: "IDiPhone","IDiPAD","IDAndroid"
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Set-ActiveSyncOrganizationSettings –DefaultAccessLevel Quarantine

This will cause any connection requests to be initially denied, and an emailing flagging the connection request to be sent to
I think your command above will quarantine all existing users of activesyn which may not be good.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.