Heidi asks:
“I accidentally blocked a user and I need to allow them. How do I unblock them?”
When a mobile device is being blocked by Exchange ActiveSync, there are two ways that you can unblock it. The first is using the Exchange admin center for Exchange 2013/2016. Navigate to the mailboxes view, select the mailbox in question, and in the right-hand pane click the View details link under Mobile Devices. The list of mobile devices associated with at user will be displayed, and you can highlight the device you want to unblock and click the Allow button, then save the change.
This change will add the device to the user’s allowed devices list. If you’d prefer to just remove the device association, click the delete button instead.
The other method is to use the Exchange Management Shell. Run the Get-CASMailbox cmdlet to see the blocked device IDs for the user.
[PS] C:\>Get-CASMailbox -Identity AdamWally | fl activesync* ActiveSyncAllowedDeviceIDs : {P0NEI9C50L3N90MS7HPRMAESA8} ActiveSyncBlockedDeviceIDs : {F2BC03A83CCA6C98} ActiveSyncMailboxPolicy : Default ActiveSyncMailboxPolicyIsDefaulted : True ActiveSyncDebugLogging : False ActiveSyncEnabled : True
To add a blocked device ID to the allowed device ID list, use the Set-CASMailbox cmdlet.
[PS] C:\>Set-CASMailbox -Identity AdamWally -ActiveSyncAllowedDeviceIDs @{add='F2BC03A83CCA6C98'} [PS] C:\>Get-CASMailbox -Identity AdamWally | fl activesync* ActiveSyncAllowedDeviceIDs : {F2BC03A83CCA6C98, P0NEI9C50L3N90MS7HPRMAESA8} ActiveSyncBlockedDeviceIDs : {} ActiveSyncMailboxPolicy : Default ActiveSyncMailboxPolicyIsDefaulted : True ActiveSyncDebugLogging : False ActiveSyncEnabled : True
Alternatively, you can just remove it from the blocked device ID list.
[PS] C:\>Set-CASMailbox -Identity AdamWally -ActiveSyncBlockedDeviceIDs @{remove='F2BC03A83CCA6C98'}
Or, if you’d prefer to just remove the device association, use Remove-MobileDevice.
[PS] C:\>Get-MobileDevice -Mailbox AdamWally | fl identity,deviceid Identity : globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/TestActiveSyncConnectivity§819026446 DeviceId : 819026446 Identity : globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/Outlook§F2BC03A83CCA6C98 DeviceId : F2BC03A83CCA6C98 Identity : globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/iPhone§P0NEI9C50L3N90MS7HPRMAESA8 DeviceId : P0NEI9C50L3N90MS7HPRMAESA8 [PS] C:\>Remove-MobileDevice -Identity "globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/Outlook§F2BC 03A83CCA6C98" Confirm Are you sure you want to perform this action? Removing mobile device "globomantics.biz/Company/Users/Adam Wally/ExchangeActiveSyncDevices/Outlook§F2BC03A83CCA6C98". Note that this mobile device hasn't been wiped yet. [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
I understand that this is an older thread, however in case anyone is still monitoring it, here is my question.
What information is included in the EAS Block List when we set a device to BLOCK for a particular user’s mailbox?
The reason I ask. If an iPhone user setup their Exchange email account on the iPhone, however they also setup a second email account for another user on this same iPhone (for monitoring purposes). Then, this second user is terminated and we set that device as BLOCKED in that second user’s mailbox, will there be any negative impact for the first email account on that iPhone?
Does Exchange add the Device ID + Email Address/Mailbox information when blocking or just the Device ID?
Hello!
I tried to solve issue that some of devices are not set for Active Sync with your article.
However those devices are still blocked.
What kind of things may possbily occur this issue?
Information in this site helped me to unblock device ID’s and know more information
Thanks
What role does a user need in order to allow or block quarantined devices? And what is the cmdlet for adding a user membership to the role?
Is there an answer to this question?
Hi Paul,
Thanks Paul for the detailed article. Do we have a option to quarantine individual device by using power shell instead of quarantine all the devices or set of devices by using policy.. If yes please share the command would really helpful.
I am looking for the solution Exchange 2013…
I was able to unblock device ID’s by following this site. Thank you
Hello Paul,
Thanks for your great article.
Is there a way to block CloudMagic App connections in Exchange Active sync.
Even tried in adding in Device Access rule but that doesn’t work and also tried in blocking in using the following command and that too doesn’t work.
Set-casmailbox -identity “abc@abc.com” -EwsBlockList EWS/*, OWA/*
Since CloudMagic app is using EWS method and Active sync polices are not getting applied.
Could you help me out.
Regards,
Aravind.
Refer to this article:
https://www.practical365.com/controlling-microsoft-send-app-access-with-exchange-web-services/
https://www.practical365.com/managing-exchange-web-services-in-office-365/ (this also applies to Exchange on-premises)
You’ll need to know the user agent of the app to block, or you’ll need to block everything and use an EWS allow list.
Thanks Paul for the detailed article.
Will follow up as described in the article.
Regards,
Aravind