Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Symptoms
The Exchange ActiveSync settings for your organization are set to block access to all devices. However, you can still access mailboxes by using the Windows Mail app. This occurs even though the mobile device details indicate that mailbox connections that are made by using Windows Mail will be blocked.
Use the following methods to verify that Exchange ActiveSync is configured correctly.
To check your organization's ActiveSync settings:
Get-ActiveSyncOrganizationSettings | ft DefaultAccessLevel
If ActiveSync is set to block devices, this command returns the following output:
DefaultAccessLevel : Block
To check devices that are configured to sync with a specific mailbox:
Get-MobileDeviceStatistics -Mailbox <MailboxID> | fl DeviceUserAgent,DeviceType,deviceos,deviceaccessstate
This command returns the following output:
DeviceType : UniversalOutlook DeviceOS : WINDOWS DeviceAccessState : Unknown
To check devices that are associated with a specific mailbox:
Get-MobileDevice -Mailbox <MailboxID> | fl DeviceUserAgent,DeviceType,deviceos,deviceaccessstate
This command returns the following output:
DeviceUserAgent : microsoft.windowscommunicationsapps DeviceType : UniversalOutlook DeviceOS : WINDOWS DeviceAccessState : Blocked
Cause
The Windows Mail app uses a native Microsoft sync technology that isn't blocked by ActiveSync device access rules. Your organization's ActiveSync settings and device access rules are used to manage Microsoft Outlook for mobile and ActiveSync connections only.
Resolution
To block the Windows Mail app from accessing mailboxes, use Client Access Rules or the UniversalOutlookEnabled parameter of the Set-CASMailbox cmdlet.