With the recent release of the Apple iPad, the new iPhone, not to mention the numerous Google Android phones available, there has been a dramatic increase in interest in using Exchange ActiveSync along with Exchange Server 2010 or Exchange Server 2007.
Along with using these devices, comes certain questions regarding security. One of those topics, covered by this post, is how to restrict end users to a specific ActiveSync device. Some ActiveSync devices do not support certain features, that Exchange Admins may want to ensure don’t connect to their systems.
For this example, we’ll run the Get-ActiveSyncDeviceStatistics –Mailbox pponzeka command to determine the DeviceID of the users current ActiveSync device:
Note the DeviceID listed, 413030303030313542354533744. This is akin to a serial number for this particular active sync device, its unique per device. We can lock down this use, so that he can only use THIS device to connect to his mailbox via activesync.
To do so, we simple run the command Set-CasMailbox pponzeka –ActiveSyncAllowedDeviceIDs number1,number2
If we had multiple devices, you would just list both numbers separated by a comma.
If you ever want to remove the restriction, simply enter the null value:
Set-CasMailbox pponzeka –ActiveSyncAllowedDeviceIDs:$null
This will set this users mailbox back to the default of allowing all activesync device’s to connect!