Permit only approved mobile devices in Exchange

How do I permit only specific devices in Exchange 2013?

So I want Bob to only be able to check his mail on his specific company issued phone, I assume by DeviceID.

NOT families of devices and models, but specific ones.
LVL 11
loftywormAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RoninCommented:
If I'm reading this correctly, there are only those options to limit devices:

DeviceModel
DeviceType
DeviceOS
UserAgent
XMSWLHeader

You probably should be looking towards some MDM.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bill KIT ManagerCommented:
I think what you want to do is turn in the quarantine feature to control active sync device access. This area is found in the EAC or Exchange Admin Center under the mobile area or tab of left side.  Find mobile device access and choose edit and the choose or enable quarantine. Make sure you add the email of the person who will go into the quarantine to allow the devices requesting access. The device data will show in the quarantine when a request is registered. You will then be in control of every new device that requests access.

Google "controlling activesync device access on exchange 2013" for step by step instructions from Chris blog.
0
loftywormAuthor Commented:
Still working on this.  But right now it appears I will have to set the entire Exchange server ABQ to Quarantine, and then use the command line to allow the specific devices.  Not tested yet, because it will happen to all, but I will try to check in after I test it.
0
Bill KIT ManagerCommented:
All existing devices connected via Active sync in Exchange will remain connected. This quarantine feature works on a going forward basis.  I don't see how you can script for future devices unless you have some sort of relationship with phone Manufactuer that could provide devices with specific IEMI or other data type that is sent to server during the initial request.  I may be misunderstanding what your long term goal is at moment.
0
RoninCommented:
All possible answers have been provided.
In the current setup, no  solution to the question since it's impossible to achieve with existing deployment.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.