Controlling ActiveSync device access on Exchange 2013

I previously blogged about controlling ActiveSync device access on Exchange 2010 and Exchange Online and thought I would follow-up with quick post on how to accomplish the same results on Exchange 2013. For this post, I will create the same policy as before..  a device policy to quarantine any iPad devices. The use case for this scenario is that an organisation may for example allow users to choose whatever mobile phone they would like to use but block the use of iPads because these are not devices issued by the company. By quarantining a device, we can easily see who is attempting to use such a device, how many are out there and even decide to create a new policy specific to these devices.

To create a device policy, we need to access the “Mobile Device Access” option under the “Mobile” menu item in EAC. It should look something like this:

blog1

Clicking the “Edit” button will allow you to edit various settings. As you can see, I have decided to be permissive and allow all devices unless they are managed by a rule. You can select a distribution group or administrative account that will receive quarantine notification emails. You also have the option to add any custom or organisation specific text that will be included in the email notification sent to users when their device is blocked or quarantined.

blog2

We then click “+” under “Device Access Rules” at the bottom of the page to define our new rule. Here we can browse a list of all the devices and device families that have recently connected to our Exchange environment. Device family is a grouping of similar devices, in our case for example if we choose a Device family of “iPad” we can then decide to only apply this rule to iPad2 models or “All models” by selecting the appropriate device type. Lastly, we select our ABQ action:

blog3

Once we have clicked “Save” we should see the new device access rule listed under “Device Access Rules”

blog4

Once we have created the access rule, if any users attempt to connect using an iPad, they will be listed under “Quarantines Devices”

blog5

Users will receive a notification email similar to the following if they try to connect using an iPad:

photo