by butsch
12. January 2011 20:37
Starting with Exchange 2007 SPX you can use the Set-CASMailbox with the ActiveSyncAllowedDeviceIDs parameter to lock down a certiain user to a specific device ID.
http://technet.microsoft.com/en-us/library/bb125264(EXCHG.80).aspx
Not that it helps you immediately, but Exch 2010 has included automatic quarantining/blocking of devices based on Device Model and Type with ActiveSyncDeviceAccessRule
http://howdouc.blogspot.com/2010/09/activesync-device-access-rules-in.html
set-CASMailbox [-ActiveSyncAllowedDeviceIDs <MultiValuedProperty>] [-ActiveSyncDebugLogging <Nullable>] [-ActiveSyncEnabled <$true | $false>] [-ActiveSyncMailboxPolicy <MailboxPolicyIdParameter>]
ActiveSyncAllowedDeviceIDs
* Optional
* Microsoft.Exchange.Data.MultiValuedProperty
* This parameter accepts a list of device IDs that are allowed to synchronize with the mailbox.
Here you can see a sample user:
[PS] C:\>get-casmailbox -Identity scr | fl
ActiveSyncAllowedDeviceIDs : {} < Array if devices which are allwoded.
ActiveSyncMailboxPolicy : Default
ActiveSyncMailboxPolicyIsDefaulted : True
ActiveSyncDebugLogging :
ActiveSyncEnabled : True
HasActiveSyncDevicePartnership : False
Also read this Post in Germand about a good overview on how to block certain Activesync Handys:
http://www.butsch.ch/post/Absicherung-von-ActiveSync-Devices-mit-Exchange-2007-und-Exchange-2010.aspx
Disabel Activesync for all Exchange Users on Exchange 2007/2010:
get-Mailbox | set-CASMailbox -ActiveSyncEnabled:$False