An Exchange Server organization can have multiple mobile device mailbox policies, but only one can be the default policy.

The default policy is automatically assigned to new mailbox users, and also to those mailboxes that have not been manually reassigned to a non-default policy.

Confusingly, the policy that Exchange Server 2010 and 2013 create automatically during setup is called “Default”. However the name “Default” is not the true indication of which policy is the default.

Instead it is the IsDefaultPolicy (for Exchange 2010) or IsDefault (for Exchange 2013) property that actually determines which one is the default policy. You can see which policy is the default by using the Get-ActiveSyncMailboxPolicy or Get-MobileDeviceMailboxPolicy cmdlet.

Exchange 2010:

[PS] C:\>Get-ActiveSyncMailboxPolicy | Select Name,IsDefaultPolicy

Name                           IsDefaultPolicy
----                           ---------------
Default                                   True
International Users EAS Policy           False
Connectivity Test Only                   False
High Security Mobile Device Policy       False

Exchange 2013:

[PS] C:\>Get-MobileDeviceMailboxPolicy | Select Name,IsDefault

Name                                     IsDefault
----                                     ---------
Default                                       True
International Users Mobile Device Policy     False
High Security Mobile Device Policy           False

Note: you can use Get-ActiveSyncMailboxPolicy in Exchange 2013 as well, however if you do you will see a (harmless) warning “The Get-ActiveSyncMailboxPolicy cmdlet will be removed in a future version of Exchange.” For more info see Changes to Mobile Device Management Cmdlets in Exchange Server 2013.

You may have a business requirement to choose another policy as the default, such as a desire to set the most common policy as default, or a desire to set the most secure policy as default.

However before you proceed let’s take a look at how Exchange applies the default mobile device mailbox policy.

Here we can see that Paul Cunningham is assigned the policy named “Default”, which happens to also be the default policy at that moment. We can also see that the ActiveSyncMailboxPolicyIsDefaulted property is set to True for Paul’s mailbox.

[PS] C:\>Get-CASMailbox paul.cunningham | Select Name,ActiveSyncMailboxPolicy*

Name                               : Paul Cunningham
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : True

This means that if we change the default mobile device mailbox policy to a different policy, that change will also take effect for Paul Cunningham.

In comparison, we can see that Alan Reid is configured for a different mobile device policy. When that change was made the ActiveSyncMailboxPolicyIsDefaulted property of his mailbox was automatically set by Exchange to False.

[PS] C:\>Get-CASMailbox alan.reid | Select Name,ActiveSyncMailboxPolicy*

Name                               : Alan.Reid
ActiveSyncMailboxPolicy            : International Users Mobile Device Policy
ActiveSyncMailboxPolicyIsDefaulted : False

This means that if we change the default mobile device mailbox policy to a different policy, that change will not take effect for Alan Reid, and he will remain on the same policy.

Let’s say that Alan was assigned the “International Users Mobile Device Policy” for an overseas trip. He has returned from overseas and you want to reassign the “Default” policy to his mailbox.

[PS] C:\>Set-CASMailbox alan.reid -ActiveSyncMailboxPolicy "Default"

[PS] C:\>Get-CASMailbox alan.reid | Select Name,ActiveSyncMailboxPolicy*

Name                               : Alan.Reid
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : False

Alan is now assigned to the “Default” policy again, but the ActiveSyncMailboxPolicyIsEnabled property is still set to False.

This means that Alan Reid will remain configured with the policy named “Default” even if the default is changed to a different policy.

So before you change the default mobile device mailbox policy you just need to be aware that all mailboxes where the ActiveSyncMailboxPolicyIsDefaulted is set to True will be re-assigned to the new default policy, and those set to False will not.

To see a list of mailboxes that will not be re-assigned when the default mailbox policy changes you can run the following commands to find the name of the default policy, then filter the results of Get-CASMailbox for those that are assigned that policy but have ActiveSyncMailboxPolicyIsDefaulted set to False.

Exchange 2010:

[PS] C:\>$default = (Get-ActiveSyncMailboxPolicy | Where {$_.IsDefaultPolicy}).Name

[PS] C:\>Get-CASMailbox -ResultSize Unlimited | Where {$_.ActiveSyncMailboxPolicy -eq $default -and $_.ActiveSyncMailboxPolicyIsDefaulted -eq $false}

Exchange 2013:

[PS] C:\>$default = (Get-MobileDeviceMailboxPolicy | Where IsDefault).Name

[PS] C:\>Get-CASMailbox -ResultSize Unlimited | Where {$_.ActiveSyncMailboxPolicy -eq $default -and $_.ActiveSyncMailboxPolicyIsDefaulted -eq $false}

In my example I discover the Alan Reid fits that criteria, and I want to reconfigure his mailbox so that it is included when the default mailbox policy is changed.

Strangely there is no parameter for modifying the ActiveSyncMailboxPolicyIsDefaulted property with Set-CASMailbox. However, if we “null” the ActiveSyncMailboxPolicy property it will have the same effect.

[PS] C:\>Set-CASMailbox Alan.Reid -ActiveSyncMailboxPolicy $null

[PS] C:\>Get-CASMailbox Alan.Reid | Select Name,ActiveSyncMailboxPolicy*

Name                               : Alan.Reid
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : True

Finally, when you are ready to change the default mobile device mailbox policy to a different policy that suits your business needs, you can use the Set-ActiveSyncMailboxPolicy cmdlet in Exchange 2010, or the Set-MobileDeviceMailboxPolicy cmdlet in Exchange 2013.

Exchange 2010:

[PS] C:\>Set-ActiveSyncMailboxPolicy "High Security Mobile Device Policy" -IsDefaultPolicy $true

Exchange 2013:

[PS] C:\>Set-MobileDeviceMailboxPolicy "High Security Mobile Device Policy" -IsDefault $true

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Natalie Frith

    Comments for this blog post are now closed; please contact team@practical365.com for any additional questions and comments, thank you.

  2. Peter Do

    I’d like to share how I understand about the ActiveSyncMailboxPolicyIsDefaulted property.

    1/ The ActiveSyncMailboxPolicy property of a user’s mailbox indicates what mobile device mailbox policy is assigned to them, regardless the ActiveSyncMailboxPolicyIsDefaulted property.

    2/ The ActiveSyncMailboxPolicyIsDefaulted property (true|false) determines whether a mailbox’s mobile device policy is subject to change to a policy which is set as default.
    -If it’s True, a mailbox’s mobile device policy will be set or changed to the policy which is set to be the default.

    -If it’s False, there are 2 scenarios
    a) if a mailbox already has a mobile device policy (i.e. ActiveSyncMailboxPolicy property is not $null), the mailbox’s mobile device policy won’t change. It means that no matter what a policy is set as default, the mailbox’s current mobile device policy won’t change. The ActiveSyncMailboxPolicyIsDefaulted property won’t change and remains False.

    b) if a mailbox currently doesn’t have a policy assigned to it (i.e. ActiveSyncMailboxPolicy property is $null), then the mailbox’s mobile device policy will be set to the one which is set as default (by running the cmdlet “set-mobileDeviceMailboxPolicy -Identity any_policy -IsDefault $true”) AND the ActiveSyncMailboxPolicyIsDefaulted property will be automatically changed to True.

  3. Sai Prasad

    In order to change the IsDefaulted property, simply assign the same policy again to the user.
    Set-CASMailbox -ActiveSyncMailboxPolicy “current default policy”

  4. Sai Prasad

    I have the other way around requirement, I need to set a bulk of users to NOT have ActiveSyncMailboxPolicyIsDefaulted; from True to False.

    When setting up to $Null, it works from False to True but not other way..
    Any hint is much appreciated…

Comments are closed.