In Exchange Server 2013 and 2010 end users are able to manage their own ActiveSync mobile devices via the Exchange Control Panel. This allows them to perform tasks such as remote wiping a mobile device that is associated with their mailbox.
For some organizations this is not desirable and they need to disable this functionality for their end users.
You can disable ActiveSync management for end users by using OWA Mailbox Policies.
A default OWA Mailbox Policy is set up for Exchange organizations but it is not applied to mailboxes automatically. For example, here we can see my organization’s default policy, and that the user Vik Kirby has no policy assigned.
[PS] C:>Get-OwaMailboxPolicy | select name Name ---- Default [PS] C:>Get-CASMailbox vik.kirby | select OWAMailboxPolicy OwaMailboxPolicy ----------------
The first thing I need to do is disable the ActiveSync features in the OWA Mailbox Policy (or create a new policy if you don’t want to mess with the default one). Then, assign the OWA Mailbox Policy to the user.
[PS] C:>Set-OwaMailboxPolicy "Default" -ActiveSyncIntegrationEnabled:$false [PS] C:>Set-CASMailbox vik.kirby -OwaMailboxPolicy "Default"
The next time the user logs in to OWA the policy should take effect and block those features.