Search

Search for words used in entries on this website

Enter the words[s] to search for here:

Sponsors

Allowing Exchange Activesync by Device ID in Exchange 2007

Here is how to limit access to Exchange Activesync service to a specific device denoted by the DEVICE ID.

This feature allows the IT Professional to restrict access by Device ID to a particular user.  This feature would prevent devices to be transferred to another user if that device was not specifically added to that new user's allowable device ID list.

The basic model how restriction is done is:

· If a user is disabled for sync they can’t sync with any device

· If a user is enabled for sync…

o If the deviceID restriction is null, the user can sync with any device

o If the deviceID restriction is populated using the task, the user can only sync with that device

To configure this feature you use the Exchange Management Shell and run the Set-CASMailbox task.  See example below:

Set-CASMailbox -identity:<user> -ActiveSynAllowedDeviceIDs:"<deviceID_1>", "<deviceID_2>"

Retrieving the Device ID

There is currently no built in functionality for retrieving the device ID in advance before the user syncs with Exchange.  You will need to use System Management Server or other solution to get the device ID.  For testing purposes, you can quickly retrieve the device ID by running this command.

Get-ActiveSyncDeviceStatistics –mailbox:<username> |fl DeviceID

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		Emoticons / Textile
Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots. What are the first four letters of Techlog?     ( Register your username / Log in )
Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.