Microsoft has released the Outlook for iOS and Android app, which is intended to replace the OWA for Devices mobile client on Apple iOS and Google Android smartphones and tablets.

The Outlook for iOS and Android app is essentially another ActiveSync client for connecting mobile devices to Exchange and Office 365. It also supports other mail services like Outlook.com.

For some organizations there are a number of security and compliance concerns with the way the new Outlook for iOS and Android app functions that will mean those organizations will want to block or quarantine the app from connecting to their Exchange or Office 365 mailboxes until it can be further evaluated.

You can read more about the new app and some of the technical concerns people have with it here:

In the meantime, here’s how to block or quarantine Outlook for iOS and Android app. First let’s look at how it appears as a mobile device association in Exchange.

[PS] C:>Get-MobileDevice -Mailbox alex.heyne | fl FriendlName,Device*,Client*,Is*

FriendlyName            : Outlook for iOS and Android
DeviceId                : 94B42B2A37D109AE
DeviceImei              :
DeviceMobileOperator    :
DeviceOS                : Outlook for iOS and Android 1.0
DeviceOSLanguage        :
DeviceTelephoneNumber   :
DeviceType              : Outlook
DeviceUserAgent         : Outlook-iOS-Android/1.0
DeviceModel             : Outlook for iOS and Android
DeviceAccessState       : Allowed
DeviceAccessStateReason : Global
DeviceAccessControlRule :
ClientVersion           : 14.1
ClientType              : EAS
IsManaged               : False
IsCompliant             : False
IsDisabled              : False

For Exchange Server 2010 use Get-ActiveSyncDevice instead of Get-MobileDevice.

ActiveSync device access rules can be based on a few different device criteria. From the information above it looks like the DeviceModel will be the simplest approach here, as others such as UserAgent may change with later versions of the Outlook for iOS and Android app.

To block the Outlook for iOS and Android app in Office 365, Exchange Server 2010 or 2013 with a device access rule:

[PS] C:>New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Block

To quarantine instead:

[PS] C:>New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Quarantine

Devices should now appear as blocked or quarantined with the reason of “DeviceRule”.

[PS] C:>Get-MobileDevice -Mailbox alex.heyne | fl FriendlName,Device*,Client*,Is*


DeviceId                : 94B42B2A37D109AE
DeviceImei              :
DeviceMobileOperator    :
DeviceOS                : Outlook for iOS and Android 1.0
DeviceOSLanguage        :
DeviceTelephoneNumber   :
DeviceType              : Outlook
DeviceUserAgent         : Outlook-iOS-Android/1.0
DeviceModel             : Outlook for iOS and Android
DeviceAccessState       : Blocked
DeviceAccessStateReason : DeviceRule
DeviceAccessControlRule : Outlook for iOS and Android (DeviceModel)
ClientVersion           : 14.1
ClientType              : EAS
IsManaged               : False
IsCompliant             : False
IsDisabled              : False

Additional info: Outlook for iOS/Android Still Able to Connect After Disabling ActiveSync

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Alex

    Hello, if I block UniversalOutlook, will it also block MS Outlook on that device? Right now it’s using Outlook connected to office365.

    1. Avatar photo
      Tony Redmond

      I believe that UniversalOutlook refers to the default Mail and Calendar app shipped with Windows 10 and 11. This is an ActiveSync client. What version of Outlook are you trying to block?

  2. clarence alixes

    Sir,
    Recently we have migrated to outlook 365 and from that time we are facing lot of issues. Now terminated one employee she was using app for office 365 now I changed that password but it is not getting updated still she is able to use our mail id there is no security and privacy in 365. Kindly advice how to update password so that she can’t use our mail id there is a security breech in our mails we are not satisfied with the product. Kindly do the needful because it is very urgent. It is happening in one mail id. How to mointor 365 app and restrict certain user for security reason
    Thanks and Regards
    Clarence

  3. Hassan

    Hi Paul

    How long does this usually take to take effect? I ran this yesterday around 3:00pm and its 7:00 AM now but I can still see Outlook app connecting to Exchange Online.

  4. ramkumara

    Hi Paul,

    how do i check if outlook for ios app is allowed in our exchange environment?
    We are using o365

    I wanna check the access control rules

  5. Daniel

    Hi Paul,

    We have the O365 Exchange Admin Center in the “quarantine mode” in place. Since about 3 weeks we do face some issues with the Outlook app. After users are fully enroll to Intune they do install Outlook and should end up in the quarantine at least the first time however it seems that some Outlook intallations do no longer find their way into quarantine and keep that blocking message forvever in Outlook. We have a device access policy also for Outlook in Exchange. Any diea why this happens?

    Thanks
    Daniel

  6. Daniel Berger

    Hi Paul,

    We have the O365 Exchange Admin Center in the “quarantine mode” in place. Since about 3 weeks we do face some issues with the Outlook app. After users are fully enroll to Intune they do install Outlook and should end up in the quarantine at least the first time however it seems that some Outlook intallations do no longer find their way into quarantine and keep that blocking message forvever in Outlook. We have a device access policy also for Outlook in Exchange. Any diea why this happens?

    Thanks
    Daniel Berger

  7. Kaush

    Hello Paul,

    I just tested the said commands and it looks like the entire tenant is blocked and are are unable to use the Outlook app on their phones!

    Am I getting it all wrong here?

    Also is there a way to block the app only for a specific user?

  8. Ben

    You can set exemptions for specific user:

    1. Select Manage My Organization and then click on Users & Groups;
    2. Search the user for whom you want to create the exemption for, and then select Details;
    3. Under Phone & Voice Features, select Exchange ActiveSync and then select Edit;
    4. Under Mobile Devices, select the device that you want to exempt and then click either Allow;
    5. Click Save to create the exemption.

  9. Devaud

    Hello,

    I redid the test is it works, Thanks

  10. bonesleon

    So if I want to disable OWA for android and iOS mobile devices on say, Exchange 2016, it would essentially be the same process?

    New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString “Outlook for iOS and Android” -AccessLevel Block

      1. William

        This link suggests that the New-ActiveSyncDeviceaccessRule method won’t work, but suggests a “Set-CASMailbox -OWAforDevicesEnabled” method:

        (removed)

        1. Avatar photo
          Paul Cunningham

          That article was from 2013 and refers to a completely different app.

          1. Devaud

            Hello Paul,
            The New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString command “Outlook for iOS and Android” -AccessLevel Block no longer works with Office 365.

            Error message :
            New-ActiveSyncDeviceAccessRule: The term “New-ActiveSyncDeviceAccessRule” is not recognized as a cmdlet name,

          2. Avatar photo
            Paul Cunningham

            That cmdlet works fine for me. Do you have PowerShell connected to Exchange Online?

  11. Brent Braun

    Hi Paul,

    How can you restrict OWA access for a whole domain? We are currently controlling ActiveSync access with Quarantine, but if someone download the OWA app, they can get around our quarantine restrictions and automatically access email.

    1. Brent Braun

      We are using Office 365.

    2. Avatar photo
      Paul Cunningham

      You can disable the app per-mailbox. Look at Set-CASMailbox and the OWAforDevicesEnabled property.

  12. Lou Gerritse

    Is this still the case for the outlook apps provided for IOS and ANDROID?

      1. Naushad Ambar

        HI Paul,

        how can we restrict IOS and android native email client or only outlook, kindly share the command for Exchange server 2013 and we need to allow only for certain user.

  13. Fidel Quintela

    Paul, nice article. Any experience with blocking Windows 8 and 10 default mail app. It seems to connect via ActiveSync. That is a definite hole if only allowing external access through OWA with TFA and passcode protected ActiveSync devices.

  14. TLN

    How to customize the email send to user when the block policy is enabled.

    1. Avatar photo
      Paul Cunningham

      You can only customize the quarantine message, not the block message.

  15. Megan Sheppard

    Any way to make an exception for 1 or 2 users? I need to let some security people to install it and connect for testing, but I don’t want to open it for everyone to make this happen.

  16. Manoj Kumar

    Hi Paul,

    I got to know this article from one of post in MobileIron community and I read all article related to Blocking Active sync on 2010 and these are very simple and interesting.

    Hope you can help me out this.

    We have Exchange 2010 and integrated with MobileIron MDM. We have following setup:
    1) using Native Client & Email+ app on Android devices to fetch Mail, Contact, Calendar etc.
    2) Using only Native Client on iOS device to fetch Mail, Contact, Calendar etc.

    We want to Allow Only Native Client & Email+ app on Android devices and Native Client on iOS devices and Block else (It can be any apps) since on Play Stores and App Stores there are number of apps that can access exchange data and we can’t find all these app and block them.

    I know there are some other ways to achieve this and we implemented those as well but couldn’t fully block Active sync.

    Any help will be highly appreciated.

    Thanks,
    Manoj

    1. Avatar photo
      Paul Cunningham

      If you’re using MobileIron you should be controlling it all through MobileIron.

  17. Marinko

    Hi Paul,

    Is it possible to create restriction based on device GUID?

    For example: Have a list of company distributed devices (GUID’s) allowed and all other devices quarantined.

    Thanks,
    Marinko

  18. Hoa Nguyen

    Hi Paul,
    On the same mobile device, suppose that we have setuped 3 email client apps connecting to Exchange server, such as: Native email app, Outlook-iOS app, Touchdown app
    By using cmdlets as your post above, is it possible to quarantine and block: Native email app and Outlook-iOS app, but only allow Touchdown app on the device to access exchange server? Could you help me some quickly guideline for that case?
    Any help will highly appriciated!

    Many Thanks

    1. Rosario

      I think you could have a look at my if-clause in my post here. The filtering is done on a string basis, so, knowing the string with which the eMail-Client-App will connect to the Exchange server should be enough to quarantine or block it. Unless Exchange can only see the mobile device and not the eMail-App’s signature.

  19. Rino Mardo

    how to do the above in ECP? there is no query string to be modified.

  20. Russ

    What about blocking Gmail app from Android 5.0 and up and new Inbox app?

  21. Oscar

    Paul, we only allow a certain group of people to use ActiveSync, Is ActiveSync required in order for Outlook for iOS to work? I want to make sure this is not going to let just anyone connect to Exchange on their phones without approval.

    Thank You.

      1. Lim

        Hi Paul,

        You mentioned that Outlook App for iOS and Android is using ActiveSync. So can I assume that Outlook for iOS and Android are ONLY using ActiveSync?

        Hope to hear from you soon.

        Regards,
        Lim

  22. John

    How to block users from using “mail+ for outlook” app to access their mailbox? since its using OWA, firewall rule will help ?

  23. Pari Desai

    Can this be accomplished in Exchange 2007?

    Thanks,
    Pari

    1. Avatar photo
      Paul Cunningham

      Exchange 2007 doesn’t have the same capabilities as 2010/2013/O365. You’ll need to look at blocking it with IIS rules or at your reverse proxy.

  24. tonydiesel

    do you know if you run the script to block “Outlook for iOS and Android”, will the user be able to still use the native email client to connect? (native being iOS)

    I would test this on my own, but i don’t want to upgrade to iOS8, :(.

    I can tell you running the script to block “Outlook for iOS and Android”. I can still use the native email client. But i want to know if a device gets blocked for attempting to use Outlook APP, can the same device then connect via EAS using the native client?

    you have to have iOS8 to install the Outlook App. Thx

    1. Avatar photo
      Paul Cunningham

      Blocking the Outlook app doesn’t block the native mail app on the same device.

  25. John

    How do you setup the opposite policy? How do you allow access to Exchange from the Outlook app only? I don’t want connections from any other mail apps except from the Outlook app. Please do not rail against this question. I just want to know how to do this. Thanks.

  26. Chris

    What about using the “Blocked Application” option under the ActiveSync properties using the Exchange GUI?
    Wouldn’t it better to block just the APP instead the device itself. Blocking devices may create issues for IT in case the CEO has decided to test this app in the middle of the night.
    If this option works, what should be the Application name to use?

    Thanks,
    Chris

  27. Marc

    By default we quarentine all devices and only allow the ones we want, so in a way we are ok on that front.
    We have a very strict password Policy, so having credentials on a 3rd party server is a big issue with us. I can see that a number of users have tried to connect using Outlook for IOS, so my question is, given that they have tried to connect but were quarentined, does it mean that the passwords are still stored in the cloud?
    I may have to force a password change on them.

    Thanks

    1. Avatar photo
      Paul Cunningham

      Possibly. If it is a concern then force a password reset. Frankly that would be what I would do, if my org policies were explicitly against it.

      1. Joey Peloquin

        In other words, as was just described to me by our messaging architects – this does nothing to solve the problem of _registering_ the app and providing it the creds required to manage mail, it only blocks access once the app tries to sync.

        So, my enterprise users that have unfortunately already installed Outlook and started using it have already exposed their creds to a third party server. Further, absent a fully configured and deployed MAM solution that can prevent mobile application installation, I also cannot prevent additional users from installing and configuring the app.

        It looks like I’d better get that email security bulletin and out the door. How ironic that some of our users will be reading it from the app it warns them not to use!

        Thanks for the timely post and information, Paul.

  28. Arjen

    Hy Paul,

    We have a multitenant Exchange 2010 environment (Multitenancy by ABP’s). Can I apply an ActiveSyncDeviceAccessRule to (all users of) only one customer?

    1. Arjen

      All users of this customer have one common value in a custom attribute (ABP is applied by that value) and are in a common Security and Distribution Group.

  29. Rosario Carcò

    Thanks a lot Paul, we just blocked it on Exchange 2010.

    We would like to monitor the users using it despite being blocked, so as to be able to inform them that they should delete their account in the cloud and change their password.

    Will your Get-EASDeviceReport.ps1 still be able to track those users or should we only quarantine instead of blocking it, to be able to see who is attempting to use it?

    Rosario

    1. Avatar photo
      Paul Cunningham

      Why not try it yourself and see the results first hand? You’ve put the block rule in place, grab a test device and install the app and try to connect.

      1. Rosario Carcò

        YES! I scheduled your Script to run every night and I can see new users having made an attempt. SyncAge displays NEVER and LastSyncAttemptTime and LastSuccessSync are empty.

        GREAT, that is what we need.

        I modified the if clause in your script to filter out only the new iOS-Android users/devices and inverted to show SyncAge LESS than the given 30 days to get only users/devices who connected in the last few days, like this:

        if ($EASDevice.DeviceModel -like ‘*Outlook for iOS and Android*’ -and ($syncAge -le $Age -or $syncAge -eq “Never”))

        Of course you could omit the whole syncAge part if you are only intrested in tracking the iOS-Android users that started only recently as the app was released.

        Yours, Rosario

  30. Ste Mc

    Hi Paul

    We need to block this on exchange 2007 but the cmdlet above doesnt seem to work, could you advise?

    The error i get is :

    [PS] C:Windowssystem32>New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString “Outlook for iOS and Android” -AccessLevel Block
    The term ‘New-ActiveSyncDeviceAccessRule’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify th
    the path is correct and try again.
    At line:1 char:31
    + New-ActiveSyncDeviceAccessRule <<<< -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Block
    + CategoryInfo : ObjectNotFound: (New-ActiveSyncDeviceAccessRule:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    Many thanks, great article

    1. Avatar photo
      Paul Cunningham

      Exchange 2007 doesn’t have that feature. You’ll need to look at other ways to block it, such as blocking the user agent in IIS or on your reverse proxy.

      1. Art Alexion

        We have a mixed 2007 & 2013 environment. Will blocking it on the 2013 CAS servers also effectively block it for the 2007 mailboxes. That is, I assume the EAS rule is applied to the CAS piece.

        1. Avatar photo
          Paul Cunningham

          Not sure, but I would assume so. Only way to know for sure is to test it.

  31. David

    Hi Paul !

    Great info ! We are on exchange 2007 and outlook for IOS violates our policies – can you advise options for exchange 2007 ?

    We use Isa as a reverse proxy as an option too ?

    1. Avatar photo
      Paul Cunningham

      Look at using ISA to block the user agent or some other identifier such as the source IPs. I couldn’t tell any specifics though, haven’t touched ISA in a long time.

  32. David Knudson

    Paul, in your example you had a specific client used in the get-mobile…statement. is there way to see if anyone in the store has enabled this without knowing a specific user? I use 2010 exchange.

    1. Ian

      David, I don’t have any results to verify but try the following:
      Get-ActiveSyncDevice | where-object {$_.DeviceModel -like ‘*Outlook for iOS and Android*’}
      or
      Get-ActiveSyncDevice | where-object {$_.DeviceAccessStateReason -like ‘*DeviceRule*’}

      1. David Knudson

        Paul,
        i am a little confused about the output of this report when using the -age 30. I was thinking that would setup for seeing all done in the last thirty days. apparently its for any sync’s beyond 30 days??

        In one instance, i see under lastsyncattempttime and lastsuccesssync it shows a return value of april 2014 . i know this person gets their email on the phone currently and has all along.

        In the case of my phone (have three listings for different phones associated with my name)the last one has me way back to 12/8/2013. (that might have been when i got my current phone)

        What does that LSAT and LSS fields really tell us? What are they really recording?? is this recording the last time they interacted with the sync process or the last time they “registered” with the system?? is there a way to see ongoing sync’s so we can see who is communicating currently?

        thanks
        dave

        1. Avatar photo
          Paul Cunningham

          The -Age parameter specifies “Devices that have not synced in more than X days”. So it is a way to only report on old/stale devices that haven’t recently synced.

  33. Sahin Boluk

    One last question, if I only have the default organization setting, is the indiviual access state coming from Mass360?

    1. Avatar photo
      Paul Cunningham

      Not all MDMs operate the same way and I haven’t worked with Mass360 so I couldn’t say either way.

  34. Sahin Boluk

    Thank you Paul! You’ve been a great help.

  35. Sahin Boluk

    Hi Paul, below is the output. At first I used powershell to create the rules, then i deleted those and used to gui to create it. I put the output of that at the end of this comment as well. Also, I just did an IISReset on all of our CAS servers, and it still looks like it didn’t help. Thanks in advance for all your help!

    [PS] C:SCRIPTS>Get-ActiveSyncDeviceStatistics -Mailbox bolukrsw | fl FriendlName,Device*,Client*,Is*

    DeviceType : Outlook
    DeviceID : C62DDA89E034BB93
    DeviceUserAgent : Outlook-iOS-Android/1.0
    DeviceWipeSentTime :
    DeviceWipeRequestTime :
    DeviceWipeAckTime :
    DeviceModel : Outlook for iOS and Android
    DeviceImei :
    DeviceFriendlyName : Outlook for iOS and Android
    DeviceOS : Outlook for iOS and Android 1.0
    DeviceOSLanguage :
    DevicePhoneNumber :
    DeviceEnableOutboundSMS : False
    DeviceMobileOperator :
    DeviceAccessState : Allowed
    DeviceAccessStateReason : Individual
    DeviceAccessControlRule :
    DevicePolicyApplied : WindowsPhoneNoPassword
    DevicePolicyApplicationStatus : AppliedInFull
    DeviceActiveSyncVersion : 14.1
    IsRemoteWipeSupported : True

    DeviceType : Toggle
    DeviceID : d36a7cc005f99e9d7124337829c55fc5
    DeviceUserAgent : Toggle/3.0
    DeviceWipeSentTime :
    DeviceWipeRequestTime :
    DeviceWipeAckTime :
    DeviceModel : SM-T800
    DeviceImei :
    DeviceFriendlyName : SM-T800
    DeviceOS : Android 4.4.2
    DeviceOSLanguage :
    DevicePhoneNumber :
    DeviceEnableOutboundSMS : False
    DeviceMobileOperator :
    DeviceAccessState : Allowed
    DeviceAccessStateReason : Individual
    DeviceAccessControlRule :
    DevicePolicyApplied : WindowsPhoneNoPassword
    DevicePolicyApplicationStatus : AppliedInFull
    DeviceActiveSyncVersion : 14.1
    IsRemoteWipeSupported : True

    DeviceType : Touchdown
    DeviceID : 3939303030343437363831383835
    DeviceUserAgent : TouchDown(MSRPC)/8.4.00086/
    DeviceWipeSentTime :
    DeviceWipeRequestTime :
    DeviceWipeAckTime :
    DeviceModel : SM-G900P
    DeviceImei : 99000447681885
    DeviceFriendlyName : Android_ynhh_bolukrsw
    DeviceOS : Android 4.4.4
    DeviceOSLanguage : English
    DevicePhoneNumber : ******0820
    DeviceEnableOutboundSMS : False
    DeviceMobileOperator :
    DeviceAccessState : Allowed
    DeviceAccessStateReason : Individual
    DeviceAccessControlRule :
    DevicePolicyApplied : WindowsPhoneNoPassword
    DevicePolicyApplicationStatus : AppliedInFull
    DeviceActiveSyncVersion : 14.1
    IsRemoteWipeSupported : True

    [PS] C:SCRIPTS>Get-ActiveSyncDeviceAccessRule

    RunspaceId : f30cf520-9f0e-441f-974d-4ac0d6895665
    QueryString : Outlook for iOS and Android
    Characteristic : DeviceModel
    AccessLevel : Block
    Name : Outlook for iOS and Android (DeviceModel)
    AdminDisplayName :
    ExchangeVersion : 0.10 (14.0.100.0)
    DistinguishedName : CN=Outlook for iOS and Android (DeviceModel),CN=Mobile Mailbox Settings,CN=xxxxxxxCN=Microsoft Exchange,CN=Services,CN=Configuration,DC=YNHHSC,DC=ORG
    Identity : Outlook for iOS and Android (DeviceModel)
    Guid : 3bab0fa7-8659-4280-9d35-99c78c126745
    ObjectCategory : xxxxxxx/Configuration/Schema/ms-Exch-Device-Access-Rule
    ObjectClass : {top, msExchDeviceAccessRule}
    WhenChanged : 2/2/2015 4:45:01 PM
    WhenCreated : 2/2/2015 4:44:09 PM
    WhenChangedUTC : 2/2/2015 9:45:01 PM
    WhenCreatedUTC : 2/2/2015 9:44:09 PM
    OrganizationId :
    OriginatingServer : xxxxx
    IsValid : True

    1. Avatar photo
      Paul Cunningham

      DeviceAccessState : Allowed
      DeviceAccessStateReason : Individual

      That means the device has been allowed as a personal exemption for your mailbox.

      Run this:

      Get-CASMailbox yourmailboxname | fl

      You’ll see an ActiveSyncAlloweDeviceIDs attribute. There will be one or more device IDs in there. You need to remove the one for Outlook for iOS and Android.

      Once it is removed as a personal exemption it will be caught be the device access rule instead.

      You can learn more about that here:
      https://www.practical365.com/existing-activesync-device-associations-when-changing-organization-default-access-level/

      If you want to learn more about how ActiveSync works please consider this ebook:
      https://www.practical365.com/ebooks/the-beginners-guide-to-exchange-server-2010-activesync/

  36. Sahin Boluk

    Hi Paul, I posted a comment on your other article, https://www.practical365.com/creating-activesync-device-access-rules-exchange-server-2010/#comment-154032 about this same thing, then came accross this article as this is what I am looking for.

    I created the rule, but the devices or application is not getting blocked. I do have another mail application, Touchdown, on the same device, not sure if that is the issue. We do use Mass360 as well to enforce policy’s to devices, maybe that is the issue.

    any thoughts?

    1. Avatar photo
      Paul Cunningham

      You’ll need to show me the output of this command:

      Get-MobileDevice -Mailbox yourmailboxname | fl FriendlName,Device*,Client*,Is*

      And then show me exactly what command you ran to create the device access rule.

  37. Tim

    Thanks for getting this out there. I bet a lot of enterprise customers will be scrambling to block due the caching of email and passwords to the cloud. Not particularly happy with how MS handled this acquisition.

    1. Avatar photo
      Paul Cunningham

      Giving customers the choice to allow or block the app (which we have) is the most important thing. Microsoft is already committed to making the app more enterprise-friendly and I expect we’ll see a lot of updates over the next 12 months to get us there.

      1. Ahmed

        Dear paul,

        if i want to go back to after blocking “Outlook for iOS and Android App”. should i have to delete these new created rule form EMS, if yes can u please provide me command

        Thz

        1. Avatar photo
          Paul Cunningham

          Use Remove-ActiveSyncDeviceAccessRule or do it via the Exchange Admin Center/Console.

        2. Ahmed

          where can i find ActivesyncDeviceRule via EMC, i unable to find the newly created rule.

          I’m using exchange 2010 SP3

          thz

        3. Ahmed

          Thz paul i got it

Leave a Reply