We are receiving hundreds of alerts "A device that belongs to *Username* has been quarantined by Exchange Active Sync"

Potts S 6 Reputation points
2021-02-03T23:29:09.657+00:00

Without any changes (IT side), I've just seen hundreds of these alerts via our Helpdesk system. We are an ipad School, and have circa 1250 students\teachers. Randomly checking, the devices are all, IOS, Android etc. We use the Mail client for students iPads, and Outlook for teachers on theirs. I'm unsure without any change why at 9:30 this evening Exchange has gone nuts.....

Sample of the alert:

ser: | email of user |
Device model: | Outlook for iOS and Android |
Device type: | Outlook |
Device ID: | 6D8C66B059AA4F23BCEAF218ECCBB13* |
Device OS: | iOS 13.5.1 |
Device user agent: | Outlook-iOS/2.0 |
Device phone number: | |
Device IMEI: | |
Exchange ActiveSync version: | 1.0 |
Device policy applied: | our-domain.onmicrosoft.com\Default |
Device policies status: | AppliedInFull |
Device access state: | Quarantined |
Device access state reason: | Global |
Device access control rule: | |

Nothing has changes on Azure Conditional access or Exchange, so at a loss as to why these would start this evening....

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,700 questions
{count} vote

5 answers

Sort by: Most helpful
  1. Andy David - MVP 150.2K Reputation points MVP
    2021-02-04T02:42:48.98+00:00

    Exchange Online is having issues that sounds like its related:

    Incident information
    Title: Users may be unable to access Outlook Mobile as their mobile devices may be quarantined
    ID: EX237658
    Status
    Service Degradation
    Details
    Title: Users may be unable to access Outlook Mobile as their mobile devices may be quarantined
    User Impact: Users may be unable to access Outlook Mobile as their mobile devices may be quarantined.
    More info: Users are able to access their Exchange Online mailboxes through other connection methods, including Outlook desktop and Outlook on the web.
    Current status: We're analyzing service logs to help isolate the problem.
    Scope of impact: This could impact any user attempting to access their Exchange Online mailbox through using Outlook Mobile.

    1 person found this answer helpful.
    0 comments No comments

  2. Levi Jay 1 Reputation point
    2021-02-04T01:10:57.267+00:00

    We also experienced this and a number of our business partners did also.

    Nothing changed that we can see.

    0 comments No comments

  3. Yuki Sun-MSFT 41,166 Reputation points Microsoft Vendor
    2021-02-04T06:20:20.24+00:00

    Hi @Potts S ,

    Based on my research, a change on Exchange online that begins to roll out later in Q4 calendar year 2020 could lead to a similar situation.

    Nothing has changes on Azure Conditional access or Exchange

    While nothing has changed recently, may I know if Conditional Access policies are being used in your environment? If this is the case, please check whether your Conditional Access policies are configured with one or more of the following grant access controls:

    • Require device to be marked as compliant
    • Require approved client app
    • Require app protection policy

    If you are using Conditional Access policies that do not leverage the above grant access controls and you have configured the mobile device access level within Exchange Online to block or quarantine devices, when the change mentioned at the beginning is implemented, users using Outlook for iOS and Android in your organization will be blocked or quarantined by Exchange Online. For more information and the options to remediate this, please refer to the blog below:

    Upcoming Exchange Online Device Access and Conditional Access changes with Outlook mobile


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  4. cyprusboy-steve cyprusboy-steve 1 Reputation point
    2021-02-04T09:01:04+00:00

    Hello,

    Thanks for posting the info YukiSun and AndyDavid, this indeed looks like the issue.

    "If you are using Conditional Access policies that do not leverage the above grant access controls and you have configured the mobile device access level within Exchange Online to block or quarantine devices, when the change mentioned at the beginning is implemented, users using Outlook for iOS and Android in your organization will be blocked or quarantined "

    But we have our Exchange Rules to allow iPads, but they are still being quarantined.

    Yes we use conditional Access and the Exchange Mobile Device rules. We allow Outlook on IOS devices only, as we provide the iPads for work, we enforce MFA on staff devices. Students use Mail, which I believe may also be affected but still gathering information this morning.

    63973-image.png

    63848-image.png


  5. Andy David - MVP 150.2K Reputation points MVP
    2021-02-04T13:07:10.907+00:00

    Add this rule:

    New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Allow
    

    and see if that gets these to work

    If not, I would open a ticket with 365 support.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.