Home » Exchange Server » Exchange Best Practices: Non-Provisionable Mobile Devices

Exchange Best Practices: Non-Provisionable Mobile Devices

In on-premises Exchange and Exchange Online the default mobile device mailbox policy (previously referred to as an ActiveSync mailbox policy) allows non-provisionable devices.


This default configuration creates the least friction with onboarding mobile device users for Exchange and Exchange Online. However, Microsoft TechNet states:

This setting specifies whether mobile devices that may not support application of all policy settings are allowed to connect to Exchange by using Exchange ActiveSync. Allowing non-provisionable mobile devices has security implications. For example, some non-provisionable devices may not be able to implement an organization’s password requirements.

The recommended practice is to not allow non-provisionable mobile devices in your default mobile device mailbox policy.

If you do have specific devices or applications that you want to allow as exceptions to that rule, create a second mobile device mailbox policy that is not the default policy, and assign that to approved users on a case by case basis.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *