Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-10-09
Microsoft Exchange Server 2010 lets you restrict access to
Exchange ActiveSync by using the device ID. This feature prevents
users from synchronizing unauthorized devices with Exchange 2010.
You can configure this restriction on each user's mailbox. By
default, if Microsoft Exchange ActiveSync is enabled for a
user, the user can synchronize their Exchange mailbox with any
device. To restrict a user to a specific device, populate the
ActiveSyncAllowedDeviceIDs parameter from the
Set-CASMailbox cmdlet. To prevent a single device or set of
devices, populate the
parameter from the Set-CASMailbox cmdlet.
The ActiveSyncBlockedDeviceIDs parameter accepts a list of device IDs that are restricted from synchronizing with the mailbox.
|When you use the set-ActiveSyncOrganizationSettings –DefaultAccessLevel cmdlet, devices can still be blocked if they do not comply with a specific Exchange ActiveSync policy, regardless of whether the device is allowed by the list that is provided to ActiveSyncAllowedDeviceIDs.|
For more information about the set-ActiveSyncOrganizationSettings –DefaultAccessLevel cmdlet, see Set-ActiveSyncOrganizationSettings.
If Exchange ActiveSync isn't enabled for the user, the user won't be able to synchronize any device with Exchange. You can prevent a specific device from synchronizing with Exchange, but only by using the Exchange Management Shell.
Looking for other management tasks related to Exchange ActiveSync? Check out Managing Exchange ActiveSync.
Exchange ActiveSync is enabled for the user.
Use the Shell to disable a device for Exchange ActiveSync
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync device settings" entry in the Client Access Permissions topic.
This example adds the device ID to the
ActiveSyncBlockedDeviceIDs parameter list to prevent
the device from synchronizing with Microsoft Exchange.
Set-CASMailbox -Identity: "EmailAlias" -ActiveSyncBlockedDeviceIDs: "<DeviceID_1>","<DeviceID_2>"
|There's no built-in functionality for retrieving the device ID before the user synchronizes with the Exchange server.|
This example retrieves the device ID after the user has synchronized the device with the Exchange server.
Get-ActiveSyncDeviceStatistics -Mailbox:"<EmailAlias>" |fl DeviceID
For more information about syntax and parameters, see Set-CASMailbox.
For more information about how to manage Windows Mobile phones, visit the Windows Mobile Center Web site.