exchange online mobile device quarantine status cannot be changed
we have a new office 365 environment which seems to be working OK for all users and all accounts.
We have just connected our first iPhone to collect email, and keep getting an email from exchange online saying our email is blocked.
On looking at the users individual details, (in Exchange Online Admin Centre) I can see that the mobile device is quarantined. I have tried to grant access by selecting the allow option, and I see the status - access granted - pending. On saving and going back in to look, we see that the status remained at quarantined.
Can anyone advise how we can provide access for this device?
Any advice much appreciated.
We have just connected our first iPhone to collect email, and keep getting an email from exchange online saying our email is blocked.
On looking at the users individual details, (in Exchange Online Admin Centre) I can see that the mobile device is quarantined. I have tried to grant access by selecting the allow option, and I see the status - access granted - pending. On saving and going back in to look, we see that the status remained at quarantined.
Can anyone advise how we can provide access for this device?
Any advice much appreciated.
Vasil Michev (MVP)
Do you perhaps have Office 365 MDM or Intune configured/in play here? Have you tried with other devices, are you seeing the same? If it's only this device, I'd recommend removing the device association completely (Remove-MobileDevice or the delete button above) and trying again. This should take care of any "funny business" with the device, for example is someone tried to wipe it previously.
ASKER
i have already removed the association with delete button, but it has not helped. we have not yet tried a second device, but will do so tomorrow and let you know. i dont know what mdm or intune is, but as it is a fresh install and all that we have done is added the users, connected the clients, restored data and connected one mobile device, i would presume that we do not.
will let you know how it goes with a second device.
many thanks
will let you know how it goes with a second device.
many thanks
ASKER
i have added another mobile device and exactly the same thing has happened.
i find that when we put the outlook app on the apple devices it works fine.
i can see the outlook device is allowed, but the ios device is quarantined, and allowing it does not resolve matters.
any advice appreciated.
regards
nigel
i find that when we put the outlook app on the apple devices it works fine.
i can see the outlook device is allowed, but the ios device is quarantined, and allowing it does not resolve matters.
any advice appreciated.
regards
nigel
Which again begs the question, do you have Intune or any other MDM solution configured? What does Get-MobileDevice show?
Get-MobileDevice | select Name,DeviceAccess*ASKER
thankyou for your reply. we have not yet configured powershell. i will do so and confirm the info requested.
are these components active by default as we have not configured them.
will get the info and let you know.
regards
nigel
are these components active by default as we have not configured them.
will get the info and let you know.
regards
nigel
ASKER
i am having trouble authenticating in powershell.
i can run the $UserCredentials = Get-Credential but when we run $Session = New-PSSession etc we get an error that access is denied.
i note that dual authentication is actually active and cannot connect to our admin portal without a text pin code.
i have checked the user details for for our admin account for multi-factor authentication i see it is disabled, so i dont understand why a pin code is sent to my mobile each time we login??
i am wondering whether it is related to this, that we cannot authenticate to powershell and cannot get the apple devices to connect to exchange online (only by the outlook app).
how can i disable the pin security for our admin account to test this, as the settings say it is disabled??
any advice much appreciated.
regards
nigel
i can run the $UserCredentials = Get-Credential but when we run $Session = New-PSSession etc we get an error that access is denied.
i note that dual authentication is actually active and cannot connect to our admin portal without a text pin code.
i have checked the user details for for our admin account for multi-factor authentication i see it is disabled, so i dont understand why a pin code is sent to my mobile each time we login??
i am wondering whether it is related to this, that we cannot authenticate to powershell and cannot get the apple devices to connect to exchange online (only by the outlook app).
how can i disable the pin security for our admin account to test this, as the settings say it is disabled??
any advice much appreciated.
regards
nigel
That's probably because of the security defaults feature: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
It's not recommended to disable it, but that's of course up to you.
As for PowerShell, use the V2 module and the method outlined here (with MFA enabled!): https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps#connect-to-exchange-online-using-the-exo-v2-module
It's not recommended to disable it, but that's of course up to you.
As for PowerShell, use the V2 module and the method outlined here (with MFA enabled!): https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps#connect-to-exchange-online-using-the-exo-v2-module
ASKER
many thanks, that was a great help!
I managed to get connected with powershell and produced the information you requested, as follows :-
I managed to get connected with powershell and produced the information you requested, as follows :-
ASKER
I see the 2 devices that we tried to connect as quarantined, but what do I need to do to release them?
Many thanks.
Many thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.