Exchange Online Turn off ActiveSync

For some company’s ActiveSync just doesn’t offer the compliancy requirements to fully wipe or track and inventory your phones. You might already have a Mobile Device Management solution in place and you want to reduce your attack footprint. One way to do this is to disable Active Sync. Active Sync is Microsoft technology that allows mobile phones to connect to Exchange Online to get email, contacts and free busy information. Pretty much every major phone manufacturer supports connecting to Exchange servers via Active Sync (Iphone, Android, Windows and even Blackberry).

Disabling Active Sync

You disable ActiveSync in the Exchange Online admin center, but the options here are very limited, you can do it per mailbox, but not all mailboxes. So if you have thousands of mailboxes to turn ActiveSync off using the admin center is not the way you are going to want to go.

Disable Active Sync Per Mailbox in admin center

From the Exchange admin center under recipients click on mailboxes

Recipients Mailbox

Click on the user mailbox you want to change and on the right click disable activesync

admin gui disable activesync

Doing it the PowerShell way

PowerShell gives you some additional scope options for disabling ActiveSync. The first thing to do is connect to Exchange Online with PowerShell.

Disable Active Sync for a single user

Set-CASMailbox -Identity <Mailbox ID> -ActiveSyncEnabled $False

Disable ActiveSync for a group of users

Get-User -RecipientTypeDetailsUserMailbox | where {$_.Department -eq "Sales"} | Set-CASMailbox -ActiveSyncEnabled $False

Here you are running 3 cmdlets and piping each into the next to get your end result.

Disable ActiveSync for Everyone

Finally where we want to be to achieve our compliancy scenario

Get-Mailbox | Set-CasMailbox -ActiveSyncEnabled $False

This is yet another good example of where you will want to use PowerShell to accomplish this exercise. It also should be mentioned that Microsoft offers a cloud based device management software that you might want to look at as an alternative to a third party called Microsoft Intune.

https://www.microsoft.com/en-ca/server-cloud/products/microsoft-intune/overview.aspx

 

 

 

1 Comments

  1. I would like to thnkx for the efforts you have put in writing this blog. I’m hoping the same high-grade web site post from you in the upcoming as well. In fact your creative writing skills has inspired me to get my own blog now. Really the blogging is spreading its wings quickly. Your write up is a good example of it.

Leave a comment

Your email address will not be published.


*