Module 11

Exchange Online
Mobile Devices
Presenter name
Presenter role

Conditions and Terms of Use

Microsoft Confidential

This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided
to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in
such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or
implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond
to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Copyright and Trademarks

2014 Microsoft Corporation. All rights reserved.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of
this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means
(electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft, Internet Explorer, Outlook, SkyDrive, Windows Vista, Zune, Xbox 360, DirectX, Windows Server and
Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries. All other trademarks are property of their respective owners.
2

Overview

This module introduces the mobile device management features

of Exchange Online

Objectives

After completing this module, you will be able to:

Manage and administer mobile devices
Quarantine or block specific devices
Understand the Exchange ActiveSync connection process
Troubleshoot ActiveSync issues through logging

Overview of
Exchange
ActiveSync

Exchange ActiveSync is a synchronization protocol that is

optimized to work together with high-latency and lowbandwidth networks
Protocol based on HTTP and XML
Exchange ActiveSync is supported by a wide range of mobile
devices, including Windows Phone, Apple, and Android phones

Mobile
Device
Access

The default mobile device policy in Exchange Online is to

allow all ActiveSync capable devices to connect

As an administrator, you need to choose which devices you

wish to either permit or deny

This can be achieved through a feature called

Allow/Block/Quarantine whereby administrators can:
Quarantine or block devices for specific users
Quarantine or block devices based on a devices family,
model or operating system

Mobile
Device
Mailbox
Policy

Controls how users use and synchronize their mobile devices,

such as enforce a pin, or require device encryption

When you change a Mobile Device Mailbox Policy, it affects all

users whose mailbox are associated with that policy

The policy you set as the default automatically affects all

users in the organization, except those you have explicitly
assigned to different device policies

Allow Block
Quarantine

To block a particular mobile operating system:

New-ActiveSyncDeviceAccessRule -querystring "iOS 6.1"
-characteristic DeviceOS -accesslevel Block
To quarantine a particular device:
New-ActiveSyncDeviceAccessRule -QueryString iPhone
-Characteristic DeviceModel -AccessLevel Quarantine
A device placed in quarantine will receive a notification stating it
has been quarantined:
o Although the device is in quarantine, we send this one
message to the device so the user does not call the help
desk because their device is not syncing
o Quarantine messages can also be sent to other users or a DL
o This message can be customized
o Devices placed in quarantine can be selectively approved by
the administrator and allowed to sync
8

OWA
Options For
Phone

OWA provides a Phone page where users can see a list of

devices that are syncing against their mailbox
Users can perform certain actions against a device from the
Mobile Devices tab, such as:
Remove a phone from list
Access Recovery Password
Remote Device Wipe
Block Phone
Text Messaging tab
Users can send text message notifications to their phone

10

ActiveSync
Logging

Device specific logging can be turned on and off by the user

under the Options/Phone page in OWA
This can also be enabled by the administrator using
PowerShell by running Set-CASMailbox UserName
ActiveSyncDebugLogging:$true
An email containing a file called EasMailboxLog.txt is then
placed in the users Inbox which can then be forwarded on for
analysis

11

View Mobile
Device
Information
for Users

You can use the EAC or the PowerShell to view a list of mobile devices that are
associated with a specific user
The EAC displays a list of mobile devices that are currently synchronizing with a
users mailbox. You can view mobile devices by family, model, phone number,
or status
You can use the Get-MobileDevice cmdlet to view a list of mobile devices for
a specific user Get-MobileDevice -Mailbox useralias

12

NonActiveSync
mobile
phone
options

Blackberry Cloud Service may be used for legacy RIM devices

13

Lab: Configure a
Mobile Device
Policy to Quarantine
a Device

14

Module
Review

To selectively allow an administrator to control what devices

are allowed to sync should you block or quarantine a device?
Can an administrator enable per mailbox ActiveSync logging?

15

Module
Summary

In this module you learnt how to block or quarantine a device

though mobile device mailbox policies, as well as enable logging
to assist with troubleshooting ActiveSync related issues.

17

 2013
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of
this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION