Windows Mail app not blocked despite ActiveSync organization settings
Symptoms
The Exchange ActiveSync settings for your organization are set to block access to all devices. However, you can still access mailboxes by using the Windows Mail app. This occurs even though the mobile device details indicate that mailbox connections that are made by using Windows Mail will be blocked.
Use the following methods to verify that Exchange ActiveSync is configured correctly.
To check your organization's ActiveSync settings:
Get-ActiveSyncOrganizationSettings | ft DefaultAccessLevelIf ActiveSync is set to block devices, this command returns the following output:
DefaultAccessLevel : BlockTo check devices that are configured to sync with a specific mailbox:
Get-MobileDeviceStatistics -Mailbox <MailboxID> | fl DeviceUserAgent,DeviceType,deviceos,deviceaccessstateThis command returns the following output:
DeviceType : UniversalOutlook DeviceOS : WINDOWS DeviceAccessState : UnknownTo check devices that are associated with a specific mailbox:
Get-MobileDevice -Mailbox <MailboxID> | fl DeviceUserAgent,DeviceType,deviceos,deviceaccessstateThis command returns the following output:
DeviceUserAgent : microsoft.windowscommunicationsapps DeviceType : UniversalOutlook DeviceOS : WINDOWS DeviceAccessState : Blocked
Cause
The Windows Mail app uses a native Microsoft sync technology that isn't blocked by ActiveSync device access rules. Your organization's ActiveSync settings and device access rules are used to manage Microsoft Outlook for mobile and ActiveSync connections only.
Resolution
To block the Windows Mail app from accessing mailboxes, use Client Access Rules or the UniversalOutlookEnabled parameter of the Set-CASMailbox cmdlet.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for