How to limite mobile accesss/activesysnc only to allowed devices on office 365.

We have office 365 with 70 users. Up to know, anyone has been allowed to connect both company and personal devices to Exchange and setup work email. We have been using the default policy without changes.  I would like to now limit this to only company mobile devices. This means that if I need to do something that if anyone decides to setup exchange account on their phone, we would allow it and somehow know that its our phone and not personal. If I somehow get that done, what happens to the existing phones.( d0 the existing phones have to be approved ). I still have to figure out a way which existing  phone and mobile is personal or company owned as there  phone number nor the IMEI number is being listed in Exchange or powershell . Thank you,
Who is Participating?
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Please have a read of the following MS article for details of how to disable Activesync:

If Activesync is disabled for a user - they won't be able to use their mobiles as it will stop working.

You can (optionally) go through 365 and get a list of users / mobile devices that have been added and then manually delete them via OWA (logged in as each user), then you can re-enable activesync and allow the ABQ to govern access.
Alan HardistyCo-OwnerCommented:
You need to setup the Allow / Block / Quarantine configuration for mobile devices and you can do this with help from the following link:

Once configured - anyone adding a device will have to be approved before being allowed to use their device.

netcompAuthor Commented:
The issue is that office 365 does not show nay serial, phone,IMEI, number. How would I know if this is or company owned device. We only buy Iphones for staff, but so many others do personally as well.  
Also, if I do configure the allow/block/quarntine, what happens to existing devices? Thanks,
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Alan HardistyCo-OwnerCommented:
When the ABQ is configured, you can configure a recipient or several recipients who will receive and email and they allow or deny the request to sync.

You should know who has been given devices and thus should know who to approve.

Existing devices will need to be disabled / disallowed from syncing or you can disable Activesync for all users other than those who have been given company devices.

The ABQ will show you the Make / Model of device trying to connect to 365 so you should be able to figure out which ones to allow or block.
netcompAuthor Commented:
How do i disable existing devices ? Would they be able to connect  back to Exchange again after having been disabled. ?Thanks
John ChristopherAnylystCommented:
As mentioned above by Alan - you can disable and same way enable by changing the $false to $true
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.