Applies to: Exchange Server 2013

Topic Last Modified: 2013-01-17

Use the New-ActiveSyncMailboxPolicy cmdlet to create a Microsoft Mobile Device mailbox policy object.

Warning:
The New-ActiveSyncMailboxPolicy cmdlet will be removed in a future version of Microsoft Exchange. Use the New-MobileMailboxPolicy cmdlet instead. If you have any scripts that use the New-ActiveSyncMailboxPolicy cmdlet, update them to use the New-MobileMailboxPolicy cmdlet.

For information about the parameter sets in the Syntax section below, see Syntax.

Syntax


New-ActiveSyncMailboxPolicy -Name <String> [-AllowApplePushNotifications <$true \| $false>] [-AllowBluetooth <Disable \| HandsfreeOnly \| Allow>] [-AllowBrowser <$true \| $false>] [-AllowCamera <$true \| $false>] [-AllowConsumerEmail <$true \| $false>] [-AllowCopyContactsToDeviceAddressBook <$true \| $false>] [-AllowDesktopSync <$true \| $false>] [-AllowExternalDeviceManagement <$true \| $false>] [-AllowHTMLEmail <$true \| $false>] [-AllowInternetSharing <$true \| $false>] [-AllowIrDA <$true \| $false>] [-AllowMobileOTAUpdate <$true \| $false>] [-AllowNonProvisionableDevices <$true \| $false>] [-AllowPOPIMAPEmail <$true \| $false>] [-AllowRemoteDesktop <$true \| $false>] [-AllowSimpleDevicePassword <$true \| $false>] [-AllowSMIMEEncryptionAlgorithmNegotiation <BlockNegotiation \| OnlyStrongAlgorithmNegotiation \| AllowAnyAlgorithmNegotiation>] [-AllowSMIMESoftCerts <$true \| $false>] [-AllowStorageCard <$true \| $false>] [-AllowTextMessaging <$true \| $false>] [-AllowUnsignedApplications <$true \| $false>] [-AllowUnsignedInstallationPackages <$true \| $false>] [-AllowWiFi <$true \| $false>] [-AlphanumericDevicePasswordRequired <$true \| $false>] [-ApprovedApplicationList <ApprovedApplicationCollection>] [-AttachmentsEnabled <$true \| $false>] [-Confirm [<SwitchParameter>]] [-DeviceEncryptionEnabled <$true \| $false>] [-DevicePasswordEnabled <$true \| $false>] [-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>] [-DevicePolicyRefreshInterval <Unlimited>] [-DomainController <Fqdn>] [-IrmEnabled <$true \| $false>] [-IsDefault <$true \| $false>] [-MaxAttachmentSize <Unlimited>] [-MaxCalendarAgeFilter <All \| TwoWeeks \| OneMonth \| ThreeMonths \| SixMonths>] [-MaxDevicePasswordFailedAttempts <Unlimited>] [-MaxEmailAgeFilter <All \| OneDay \| ThreeDays \| OneWeek \| TwoWeeks \| OneMonth>] [-MaxEmailBodyTruncationSize <Unlimited>] [-MaxEmailHTMLBodyTruncationSize <Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordComplexCharacters <Int32>] [-MinDevicePasswordLength <Int32>] [-MobileOTAUpdateMode <MajorVersionUpdates \| MinorVersionUpdates \| BetaVersionUpdates>] [-Organization <OrganizationIdParameter>] [-PasswordRecoveryEnabled <$true \| $false>] [-RequireDeviceEncryption <$true \| $false>] [-RequireEncryptedSMIMEMessages <$true \| $false>] [-RequireEncryptionSMIMEAlgorithm <TripleDES \| DES \| RC2128bit \| RC264bit \| RC240bit>] [-RequireManualSyncWhenRoaming <$true \| $false>] [-RequireSignedSMIMEAlgorithm <SHA1 \| MD5>] [-RequireSignedSMIMEMessages <$true \| $false>] [-RequireStorageCardEncryption <$true \| $false>] [-UnapprovedInROMApplicationList <MultiValuedProperty>] [-UNCAccessEnabled <$true \| $false>] [-WhatIf [<SwitchParameter>]] [-WSSAccessEnabled <$true \| $false>]

New-ActiveSyncMailboxPolicy -Name <String>
[-AllowApplePushNotifications <$true | $false>]
[-AllowBluetooth <Disable | HandsfreeOnly | Allow>]
[-AllowBrowser <$true | $false>] [-AllowCamera <$true |
$false>] [-AllowConsumerEmail <$true | $false>]
[-AllowCopyContactsToDeviceAddressBook <$true | $false>]
[-AllowDesktopSync <$true | $false>]
[-AllowExternalDeviceManagement <$true | $false>]
[-AllowHTMLEmail <$true | $false>] [-AllowInternetSharing
<$true | $false>] [-AllowIrDA <$true | $false>]
[-AllowMobileOTAUpdate <$true | $false>]
[-AllowNonProvisionableDevices <$true | $false>]
[-AllowPOPIMAPEmail <$true | $false>] [-AllowRemoteDesktop
<$true | $false>] [-AllowSimpleDevicePassword <$true |
$false>] [-AllowSMIMEEncryptionAlgorithmNegotiation
<BlockNegotiation | OnlyStrongAlgorithmNegotiation |
AllowAnyAlgorithmNegotiation>] [-AllowSMIMESoftCerts <$true |
$false>] [-AllowStorageCard <$true | $false>]
[-AllowTextMessaging <$true | $false>]
[-AllowUnsignedApplications <$true | $false>]
[-AllowUnsignedInstallationPackages <$true | $false>]
[-AllowWiFi <$true | $false>]
[-AlphanumericDevicePasswordRequired <$true | $false>]
[-ApprovedApplicationList <ApprovedApplicationCollection>]
[-AttachmentsEnabled <$true | $false>] [-Confirm
[<SwitchParameter>]] [-DeviceEncryptionEnabled <$true |
$false>] [-DevicePasswordEnabled <$true | $false>]
[-DevicePasswordExpiration <Unlimited>]
[-DevicePasswordHistory <Int32>]
[-DevicePolicyRefreshInterval <Unlimited>] [-DomainController
<Fqdn>] [-IrmEnabled <$true | $false>] [-IsDefault
<$true | $false>] [-MaxAttachmentSize <Unlimited>]
[-MaxCalendarAgeFilter <All | TwoWeeks | OneMonth | ThreeMonths
| SixMonths>] [-MaxDevicePasswordFailedAttempts
<Unlimited>] [-MaxEmailAgeFilter <All | OneDay | ThreeDays
| OneWeek | TwoWeeks | OneMonth>] [-MaxEmailBodyTruncationSize
<Unlimited>] [-MaxEmailHTMLBodyTruncationSize
<Unlimited>] [-MaxInactivityTimeDeviceLock <Unlimited>]
[-MinDevicePasswordComplexCharacters <Int32>]
[-MinDevicePasswordLength <Int32>] [-MobileOTAUpdateMode
<MajorVersionUpdates | MinorVersionUpdates |
BetaVersionUpdates>] [-Organization
<OrganizationIdParameter>] [-PasswordRecoveryEnabled
<$true | $false>] [-RequireDeviceEncryption <$true |
$false>] [-RequireEncryptedSMIMEMessages <$true | $false>]
[-RequireEncryptionSMIMEAlgorithm <TripleDES | DES | RC2128bit |
RC264bit | RC240bit>] [-RequireManualSyncWhenRoaming <$true |
$false>] [-RequireSignedSMIMEAlgorithm <SHA1 | MD5>]
[-RequireSignedSMIMEMessages <$true | $false>]
[-RequireStorageCardEncryption <$true | $false>]
[-UnapprovedInROMApplicationList <MultiValuedProperty>]
[-UNCAccessEnabled <$true | $false>] [-WhatIf
[<SwitchParameter>]] [-WSSAccessEnabled <$true |
$false>]

Examples

EXAMPLE 1

This example creates the Mobile Device mailbox policy SalesPolicy that has several preconfigured values.

	Copy Code
New-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -IsDefault:$false -AttachmentsEnabled:$false -AllowStorageCard:$true

Copy Code

New-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -IsDefault:$false -AttachmentsEnabled:$false -AllowStorageCard:$true

EXAMPLE 2

This example creates the Mobile Device mailbox policy Management that has several preconfigured values. Users assigned to this policy should have an Enterprise client access license (CAL) to use many of these features.

	Copy Code
New-ActiveSyncMailboxPolicy -Name:"Management" -AllowBluetooth:Allow -AllowBrowser:$true -AllowCamera:$true -AllowPOPIMAPEmail:$false -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MaxEmailAgeFilter:OneWeek -AllowWiFi:$true -AllowStorageCard:$true

Copy Code

New-ActiveSyncMailboxPolicy -Name:"Management" -AllowBluetooth:Allow -AllowBrowser:$true -AllowCamera:$true -AllowPOPIMAPEmail:$false -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MaxEmailAgeFilter:OneWeek -AllowWiFi:$true -AllowStorageCard:$true

EXAMPLE 3

This example creates the Mobile Device mailbox policy Contoso that has several preconfigured values. This policy is configured to be the default policy for the organization. The default policy will be assigned to all new users.

	Copy Code
New-ActiveSyncMailboxPolicy -Name:"Contoso" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MinDevicePasswordComplexCharacters:3 -IsDefault:$true -DevicePasswordHistory:10

Copy Code

New-ActiveSyncMailboxPolicy -Name:"Contoso" -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MinDevicePasswordComplexCharacters:3 -IsDefault:$true -DevicePasswordHistory:10

Detailed Description

The New-ActiveSyncMailboxPolicy cmdlet creates a Mobile Device mailbox policy for mailboxes accessed by mobile devices.

Note:
Some Mobile Device mailbox policy settings require the mobile device to have certain built-in features that enforce these security and device management settings. If your organization allows all devices, you must set the AllowNonProvisionableDevices parameter to `$true`. This allows devices that can't enforce all policy settings to synchronize with your server.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Mobile Device mailbox policy settings" entry in the Clients and Mobile Devices Permissions topic.

Parameters

Parameter	Required	Type	Description
Name	Required	System.String	The Name parameter specifies the name of the policy.
AllowApplePushNotifications	Optional	System.Boolean	The AllowApplePushNotifications parameter specifies whether push notifications are allowed for Apple mobile devices. The default value is `$true`.
AllowBluetooth	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.BluetoothType	The AllowBluetooth parameter specifies whether the Bluetooth capabilities of the mobile phone are allowed. The available options are `Disable`, `HandsfreeOnly`, and `Allow`. The default value is `Allow`.
AllowBrowser	Optional	System.Boolean	The AllowBrowser parameter specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile phone. The default value is `$true`. This parameter doesn't affect third-party browsers.
AllowCamera	Optional	System.Boolean	The AllowCamera parameter specifies whether the mobile phone's camera is allowed. The default value is `$true`.
AllowConsumerEmail	Optional	System.Boolean	The AllowConsumerEmail parameter specifies whether the mobile phone user can configure a personal email account on the device. The default value is `$true`.
AllowCopyContactsToDeviceAddressBook	Optional	System.Boolean	The AllowCopyContactsToDeviceAddressBook parameter specifies whether contacts can be copied to the address book of the mobile device. The default value is `$true`.
AllowDesktopSync	Optional	System.Boolean	The AllowDesktopSync parameter specifies whether the mobile phone can synchronize with a desktop computer through a cable. The default value is `$true`.
AllowExternalDeviceManagement	Optional	System.Boolean	The AllowExternalDeviceManagement parameter specifies whether an external device management program is allowed to manage the device.
AllowHTMLEmail	Optional	System.Boolean	The AllowHTMLEmail parameter specifies whether HTML email is enabled on the device. The default value is `$true`.
AllowInternetSharing	Optional	System.Boolean	The AllowInternetSharing parameter specifies whether the mobile phone can be used as a modem to connect a computer to the Internet. The default value is `$true`.
AllowIrDA	Optional	System.Boolean	The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile phone. The default value is `$true`.
AllowMobileOTAUpdate	Optional	System.Boolean	The AllowMobileOTAUpdate parameter specifies whether certain updates are seen by devices that implemented support for this restricting functionality. Further control can be specified via the MobileOTAUpdateMode parameter.
AllowNonProvisionableDevices	Optional	System.Boolean	When set to `$true`, the AllowNonProvisionableDevices parameter enables all devices to synchronize with the computer running Exchange, regardless of whether the device can enforce all the specific settings established in the Mobile Device mailbox policy. This also includes devices managed by a separate device management system. When set to `$false`, this parameter blocks these devices that aren't provisioned from synchronizing with the server running Exchange. The default value is `$false`.
AllowPOPIMAPEmail	Optional	System.Boolean	The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on the device. The default value is `$true`.
AllowRemoteDesktop	Optional	System.Boolean	The AllowRemoteDesktop parameter specifies whether the mobile phone can initiate a remote desktop connection. The default value is `$true`.
AllowSimpleDevicePassword	Optional	System.Boolean	The AllowSimpleDevicePassword parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234. The default value is `$true`.
AllowSMIMEEncryptionAlgorithmNegotiation	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.SMIMEEncryptionAlgorithmNegotiationType	The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified encryption algorithm.
AllowSMIMESoftCerts	Optional	System.Boolean	The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed. The default value is `$true`.
AllowStorageCard	Optional	System.Boolean	The AllowStorageCard parameter specifies whether the device can access information stored on a storage card. The default value is `$true`.
AllowTextMessaging	Optional	System.Boolean	The AllowTextMessaging parameter specifies whether text messaging is allowed from the device. The default value is `$true`.
AllowUnsignedApplications	Optional	System.Boolean	The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the device. The default value is `$true`.
AllowUnsignedInstallationPackages	Optional	System.Boolean	The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be run on the device. The default value is `$true`.
AllowWiFi	Optional	System.Boolean	The AllowWiFi parameter specifies whether wireless Internet access is allowed on the device. The default value is `$true`.
AlphanumericDevicePasswordRequired	Optional	System.Boolean	The AlphanumericDevicePasswordRequired parameter specifies whether the device password must be alphanumeric. The default value is `$false`.
ApprovedApplicationList	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.ApprovedApplicationCollection	The ApprovedApplicationList parameter specifies a list of approved applications for the device.
AttachmentsEnabled	Optional	System.Boolean	The AttachmentsEnabled parameter specifies whether the user can download attachments. When set to `$false`, the user is blocked from downloading attachments. The default value is `$true`.
Confirm	Optional	System.Management.Automation.SwitchParameter	The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.
DeviceEncryptionEnabled	Optional	System.Boolean	The DeviceEncryptionEnabled parameter, when set to `$true`, enables device encryption on the mobile phone. The default value is `$false`. Currently, only the storage card can be encrypted on devices running Windows Mobile 6.0 or later. We recommend that you don't use this setting and use the RequireStorageCardEncryption parameter instead.
DevicePasswordEnabled	Optional	System.Boolean	When set to `$true`, the DevicePasswordEnabled parameter specifies that the user set a password for the device. The default value is `$false`.
DevicePasswordExpiration	Optional	Microsoft.Exchange.Data.Unlimited	The DevicePasswordExpiration parameter specifies the length of time, in days, that a password can be used. After this length of time, a new password must be created. The format of the parameter is dd.hh.mm:ss, for example, 24.00:00 = 24 hours.
DevicePasswordHistory	Optional	System.Int32	The DevicePasswordHistory parameter specifies the number of previously used passwords to store. When a user creates a password, the user can't reuse a stored password that was previously used.
DevicePolicyRefreshInterval	Optional	Microsoft.Exchange.Data.Unlimited	The DevicePolicyRefreshInterval parameter specifies how often the policy is sent from the server to the mobile phone
DomainController	Optional	Microsoft.Exchange.Data.Fqdn	The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.
IrmEnabled	Optional	System.Boolean	The IrmEnabled parameter specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.
IsDefault	Optional	System.Boolean	The IsDefault parameter specifies whether this policy is the default Mobile Device mailbox policy. The default value is `$false`. If another policy is currently set as the default, setting this parameter replaces the old default policy with this policy.
MaxAttachmentSize	Optional	Microsoft.Exchange.Data.Unlimited	The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the mobile phone. The default value is `Unlimited`.
MaxCalendarAgeFilter	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.CalendarAgeFilterType	The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to the device. Possible values are: `All` `TwoWeeks` `OneMonth` `ThreeMonths` `SixMonths`
MaxDevicePasswordFailedAttempts	Optional	Microsoft.Exchange.Data.Unlimited	The MaxDevicePasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct password for the device. You can enter any number from 4 through 16. The default value is 8.
MaxEmailAgeFilter	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.EmailAgeFilterType	The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the device. Possible values are: `All` `OneDay` `ThreeDays` `OneWeek` `TwoWeeks` `OneMonth` `ThreeMonths` `SixMonths`
MaxEmailBodyTruncationSize	Optional	Microsoft.Exchange.Data.Unlimited	The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated when synchronized to the device. The value is specified in kilobytes (KB).
MaxEmailHTMLBodyTruncationSize	Optional	Microsoft.Exchange.Data.Unlimited	The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML-formatted email messages are synchronized to the device. The value is specified in KB.
MaxInactivityTimeDeviceLock	Optional	Microsoft.Exchange.Data.Unlimited	The MaxInactivityTimeDeviceLock parameter specifies the length of time that the device can be inactive before the password is required to reactivate the device. You can enter any interval between 30 seconds and 1 hour. The default value is 15 minutes. The format of the parameter is hh.mm:ss, for example, 15:00 = 15 minutes.
MinDevicePasswordComplexCharacters	Optional	System.Int32	The MinDevicePasswordComplexCharacters parameter specifies the minimum number of complex characters required in a device password. A complex character isn't a letter.
MinDevicePasswordLength	Optional	System.Int32	The MinDevicePasswordLength parameter specifies the minimum number of characters in the device password. You can enter any number from 1 through 16. The maximum length a password can be is 16 characters. The default value is 4.
MobileOTAUpdateMode	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.MobileOTAUpdateModeType	The MobileOTAUpdateMode parameter specifies which updates can be seen by the devices that implemented support for this restricting functionality. It must be used in conjunction with the AllowMobileOTAUpdate parameter to function properly.
Organization	Optional	Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter	The Organization parameter specifies the organization in which you'll perform this action. This parameter doesn't accept wildcard characters, and you must use the exact name of the organization.
PasswordRecoveryEnabled	Optional	System.Boolean	The PasswordRecoveryEnabled parameter specifies whether you can store the recovery password for the device on an Exchange server. When set to `$true`, you can store the recovery password for the device on an Exchange server. The default value is `$false`. The recovery password can be viewed from either Microsoft Office Outlook Web App or the Exchange Administration Center.
RequireDeviceEncryption	Optional	System.Boolean	The RequireDeviceEncryption parameter specifies whether encryption is required on the device. The default value is `$false`.
RequireEncryptedSMIMEMessages	Optional	System.Boolean	The RequireEncryptedSMIMEMessages parameter specifies whether you must encrypt S/MIME messages. The default value is `$false`.
RequireEncryptionSMIMEAlgorithm	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.EncryptionSMIMEAlgorithmType	The RequireEncryptionSMIMEAlgorithm parameter specifies what required algorithm must be used when encrypting a message.
RequireManualSyncWhenRoaming	Optional	System.Boolean	The RequireManualSyncWhenRoaming parameter specifies whether the device must synchronize manually while roaming. The default value is `$false`.
RequireSignedSMIMEAlgorithm	Optional	Microsoft.Exchange.Data.Directory.SystemConfiguration.SignedSMIMEAlgorithmType	The RequireSignedSMIMEAlgorithm parameter specifies what required algorithm must be used when signing a message.
RequireSignedSMIMEMessages	Optional	System.Boolean	The RequireSignedSMIMEMessages parameter specifies whether the device must send signed S/MIME messages.
RequireStorageCardEncryption	Optional	System.Boolean	The RequireStorageCardEncryption parameter specifies whether encryption of a storage card is required. The default value is `$true`.
UnapprovedInROMApplicationList	Optional	Microsoft.Exchange.Data.MultiValuedProperty	The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM.
UNCAccessEnabled	Optional	System.Boolean	The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled. Access to specific shares is configured on the Microsoft Exchange ActiveSync virtual directory.
WhatIf	Optional	System.Management.Automation.SwitchParameter	The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.
WSSAccessEnabled	Optional	System.Boolean	The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled. Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.