Heidi asks:

“I accidentally blocked a user and I need to allow them. How do I unblock them?”

When a mobile device is being blocked by Exchange ActiveSync, there are two ways that you can unblock it. The first is using the Exchange admin center for Exchange 2013/2016. Navigate to the mailboxes view, select the mailbox in question, and in the right-hand pane click the View details link under Mobile Devices. The list of mobile devices associated with at user will be displayed, and you can highlight the device you want to unblock and click the Allow button, then save the change.

exchange-activesync-unblock-device

This change will add the device to the user’s allowed devices list. If you’d prefer to just remove the device association, click the delete button instead.

The other method is to use the Exchange Management Shell. Run the Get-CASMailbox cmdlet to see the blocked device IDs for the user.

[PS] C:\>Get-CASMailbox -Identity AdamWally | fl activesync*


ActiveSyncAllowedDeviceIDs         : {P0NEI9C50L3N90MS7HPRMAESA8}
ActiveSyncBlockedDeviceIDs         : {F2BC03A83CCA6C98}
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : True
ActiveSyncDebugLogging             : False
ActiveSyncEnabled                  : True

To add a blocked device ID to the allowed device ID list, use the Set-CASMailbox cmdlet.

[PS] C:\>Set-CASMailbox -Identity AdamWally -ActiveSyncAllowedDeviceIDs @{add='F2BC03A83CCA6C98'}

[PS] C:\>Get-CASMailbox -Identity AdamWally | fl activesync*


ActiveSyncAllowedDeviceIDs         : {F2BC03A83CCA6C98, P0NEI9C50L3N90MS7HPRMAESA8}
ActiveSyncBlockedDeviceIDs         : {}
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : True
ActiveSyncDebugLogging             : False
ActiveSyncEnabled                  : True

Alternatively, you can just remove it from the blocked device ID list.

[PS] C:\>Set-CASMailbox -Identity AdamWally -ActiveSyncBlockedDeviceIDs @{remove='F2BC03A83CCA6C98'}

Or, if you’d prefer to just remove the device association, use Remove-MobileDevice.

[PS] C:\>Get-MobileDevice -Mailbox AdamWally | fl identity,deviceid

Identity : globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/TestActiveSyncConnectivity§819026446
DeviceId : 819026446

Identity : globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/Outlook§F2BC03A83CCA6C98
DeviceId : F2BC03A83CCA6C98

Identity : globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/iPhone§P0NEI9C50L3N90MS7HPRMAESA8
DeviceId : P0NEI9C50L3N90MS7HPRMAESA8

[PS] C:\>Remove-MobileDevice -Identity "globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/Outlook§F2BC
03A83CCA6C98"

Confirm
Are you sure you want to perform this action?
Removing mobile device "globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/Outlook§F2BC03A83CCA6C98".
Note that this mobile device hasn't been wiped yet.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Joe L

    I understand that this is an older thread, however in case anyone is still monitoring it, here is my question.

    What information is included in the EAS Block List when we set a device to BLOCK for a particular user’s mailbox?

    The reason I ask. If an iPhone user setup their Exchange email account on the iPhone, however they also setup a second email account for another user on this same iPhone (for monitoring purposes). Then, this second user is terminated and we set that device as BLOCKED in that second user’s mailbox, will there be any negative impact for the first email account on that iPhone?

    Does Exchange add the Device ID + Email Address/Mailbox information when blocking or just the Device ID?

  2. aner9812

    Hello!

    I tried to solve issue that some of devices are not set for Active Sync with your article.
    However those devices are still blocked.

    What kind of things may possbily occur this issue?

  3. Kiran

    Information in this site helped me to unblock device ID’s and know more information
    Thanks

  4. Patrick

    What role does a user need in order to allow or block quarantined devices? And what is the cmdlet for adding a user membership to the role?

    1. kent

      Is there an answer to this question?

  5. Sivakumar

    Hi Paul,

    Thanks Paul for the detailed article. Do we have a option to quarantine individual device by using power shell instead of quarantine all the devices or set of devices by using policy.. If yes please share the command would really helpful.

    1. Sivakumar

      I am looking for the solution Exchange 2013…

  6. Kiran

    I was able to unblock device ID’s by following this site. Thank you

  7. Aravind

    Hello Paul,

    Thanks for your great article.

    Is there a way to block CloudMagic App connections in Exchange Active sync.

    Even tried in adding in Device Access rule but that doesn’t work and also tried in blocking in using the following command and that too doesn’t work.

    Set-casmailbox -identity “abc@abc.com” -EwsBlockList EWS/*, OWA/*

    Since CloudMagic app is using EWS method and Active sync polices are not getting applied.

    Could you help me out.

    Regards,
    Aravind.

      1. Aravind

        Thanks Paul for the detailed article.

        Will follow up as described in the article.

        Regards,
        Aravind

Leave a Reply