New-MobileDeviceMailboxPolicy
This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.
Use the New-MobileDeviceMailboxPolicy cmdlet to create mobile device mailbox policies.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.
Syntax
New-MobileDeviceMailboxPolicy
[-Name] <String>
[-AllowApplePushNotifications <Boolean>]
[-AllowBluetooth <BluetoothType>]
[-AllowBrowser <Boolean>]
[-AllowCamera <Boolean>]
[-AllowConsumerEmail <Boolean>]
[-AllowDesktopSync <Boolean>]
[-AllowExternalDeviceManagement <Boolean>]
[-AllowGooglePushNotifications <Boolean>]
[-AllowHTMLEmail <Boolean>]
[-AllowInternetSharing <Boolean>]
[-AllowIrDA <Boolean>]
[-AllowMicrosoftPushNotifications <Boolean>]
[-AllowMobileOTAUpdate <Boolean>]
[-AllowNonProvisionableDevices <Boolean>]
[-AllowPOPIMAPEmail <Boolean>]
[-AllowRemoteDesktop <Boolean>]
[-AllowSimplePassword <Boolean>]
[-AllowSMIMEEncryptionAlgorithmNegotiation <SMIMEEncryptionAlgorithmNegotiationType>]
[-AllowSMIMESoftCerts <Boolean>]
[-AllowStorageCard <Boolean>]
[-AllowTextMessaging <Boolean>]
[-AllowUnsignedApplications <Boolean>]
[-AllowUnsignedInstallationPackages <Boolean>]
[-AllowWiFi <Boolean>]
[-AlphanumericPasswordRequired <Boolean>]
[-ApprovedApplicationList <ApprovedApplicationCollection>]
[-AttachmentsEnabled <Boolean>]
[-Confirm]
[-DeviceEncryptionEnabled <Boolean>]
[-DevicePolicyRefreshInterval <Unlimited>]
[-DomainController <Fqdn>]
[-IrmEnabled <Boolean>]
[-IsDefault <Boolean>]
[-MaxAttachmentSize <Unlimited>]
[-MaxCalendarAgeFilter <CalendarAgeFilterType>]
[-MaxEmailAgeFilter <EmailAgeFilterType>]
[-MaxEmailBodyTruncationSize <Unlimited>]
[-MaxEmailHTMLBodyTruncationSize <Unlimited>]
[-MaxInactivityTimeLock <Unlimited>]
[-MaxPasswordFailedAttempts <Unlimited>]
[-MinPasswordComplexCharacters <Int32>]
[-MinPasswordLength <Int32>]
[-PasswordEnabled <Boolean>]
[-PasswordExpiration <Unlimited>]
[-PasswordHistory <Int32>]
[-PasswordRecoveryEnabled <Boolean>]
[-RequireDeviceEncryption <Boolean>]
[-RequireEncryptedSMIMEMessages <Boolean>]
[-RequireEncryptionSMIMEAlgorithm <EncryptionSMIMEAlgorithmType>]
[-RequireManualSyncWhenRoaming <Boolean>]
[-RequireSignedSMIMEAlgorithm <SignedSMIMEAlgorithmType>]
[-RequireSignedSMIMEMessages <Boolean>]
[-RequireStorageCardEncryption <Boolean>]
[-UnapprovedInROMApplicationList <MultiValuedProperty>]
[-UNCAccessEnabled <Boolean>]
[-WhatIf]
[-WSSAccessEnabled <Boolean>]
[<CommonParameters>] Description
Mobile device mailbox policies define settings for mobile devices that are used to access mailboxes in your organization. The default mobile device mailbox policy is applied to all new mailboxes that you create. You can assign a mobile device mailbox policy to existing mailboxes by using the Set-CASMailbox cmdlet, or by editing the mailbox properties in the Exchange admin center (EAC).
Some mobile device mailbox policy settings require the mobile device to have certain built-in features that enforce these security and device management settings. If your organization allows all devices, you need to set the AllowNonProvisionableDevices parameter to $true. This allows devices that can't enforce all policy settings to synchronize with your server.
Some settings in this cmdlet are supported by Outlook for iOS and Android. For more information, see Leveraging Exchange Online mobile device policies.
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.
Examples
Example 1
New-MobileDeviceMailboxPolicy -Name "Sales Policy" -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordRecoveryEnabled $true -IsDefault $false -AttachmentsEnabled $false -AllowStorageCard $trueThis example creates the mobile device mailbox policy Sales Policy that has several preconfigured values.
Example 2
New-MobileDeviceMailboxPolicy -Name Management -AllowBluetooth $true -AllowBrowser $true -AllowCamera $true -AllowPOPIMAPEmail $false -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordRecoveryEnabled $true -MaxEmailAgeFilter TwoWeeks -AllowWiFi $true -AllowStorageCard $trueThis example creates the mobile device mailbox policy Management that has several preconfigured values. Users assigned to this policy should have an Enterprise client access license (CAL) to use many of these features.
Example 3
New-MobileDeviceMailboxPolicy -Name "Contoso Policy" -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordRecoveryEnabled $true -MinPasswordComplexCharacters 3 -IsDefault $true -PasswordHistory 10This example creates the mobile device mailbox policy Contoso Policy that has several preconfigured values. This policy is configured to be the default policy for the organization. The default policy is assigned to all new users.
Parameters
-AllowApplePushNotifications
This parameter is available only in the cloud-based service.
The AllowApplePushNotifications parameter specifies whether push notifications are allowed for Apple mobile devices. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online |
-AllowBluetooth
The AllowBluetooth parameter specifies whether the Bluetooth capabilities are allowed on the mobile device. Valid values are:
- Allow (this is the default value).
- Disable
- HandsfreeOnly
The values Allow or HandsfreeOnly allow synchronization between Outlook for Android and the Outlook for Android wearable app for the associated Microsoft account.
The value Disable disables synchronization between Outlook for Android and the Outlook for Android wearable app for the associated Microsoft account. Any previously synchronized data is deleted. This value does not disable Bluetooth on the Android device or the wearable device, nor does it affect other Android wearable apps.
| Type: | BluetoothType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowBrowser
The AllowBrowser parameter specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't affect third-party browsers.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowCamera
The AllowCamera parameter specifies whether the mobile device's camera is allowed. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowConsumerEmail
The AllowConsumerEmail parameter specifies whether the user can configure a personal email account on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't control access to email accounts using third-party mobile device email programs.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowDesktopSync
The AllowDesktopSync parameter specifies whether the mobile device can synchronize with a desktop computer through a cable. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowExternalDeviceManagement
The AllowExternalDeviceManagement parameter specifies whether an external device management program is allowed to manage the mobile device. Valid input for this parameter is $true or $false. The default value is $false.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowGooglePushNotifications
This parameter is available only in the cloud-based service.
The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for Outlook on the web for devices. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online, Exchange Online Protection |
-AllowHTMLEmail
The AllowHTMLEmail parameter specifies whether HTML-formatted email is enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. If set to $false, all email is converted to plain text before synchronization occurs.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowInternetSharing
The AllowInternetSharing parameter specifies whether the mobile device can be used as a modem to connect a computer to the Internet. This process is also known as tethering. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowIrDA
The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowMicrosoftPushNotifications
This parameter is available only in the cloud-based service.
The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Online, Exchange Online Protection |
-AllowMobileOTAUpdate
The AllowMobileOTAUpdate parameter specifies whether the policy can be sent to the mobile device over a cellular data connection. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowNonProvisionableDevices
The AllowNonProvisionableDevices parameter specifies whether all mobile devices can synchronize with Exchange. Valid input for this parameter is $true or $false. The default value is $true.
When set to $true, this parameter enables all mobile devices to synchronize with Exchange, regardless of whether the device can enforce all settings that are defined by the policy. This also includes mobile devices managed by a separate device management system. When set to $false, this parameter blocks mobile devices that aren't provisioned from synchronizing with Exchange.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowPOPIMAPEmail
The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't control access by third-party email programs.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowRemoteDesktop
The AllowRemoteDesktop parameter specifies whether the mobile device can initiate a remote desktop connection. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowSimplePassword
The AllowSimplePassword parameter specifies whether a simple password is allowed on the mobile device. A simple password is a password that has a specific pattern, such as 1111 or 1234. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowSMIMEEncryptionAlgorithmNegotiation
The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm. Valid values for this parameter are:
- AllowAnyAlgorithmNegotiation
- BlockNegotiation
- OnlyStrongAlgorithmNegotiation
The default value is AllowAnyAlgorithmNegotiation.
| Type: | SMIMEEncryptionAlgorithmNegotiationType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowSMIMESoftCerts
The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowStorageCard
The AllowStorageCard parameter specifies whether the mobile device can access information stored on a storage card. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowTextMessaging
The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowUnsignedApplications
The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowUnsignedInstallationPackages
The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages are allowed to run on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AllowWiFi
The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AlphanumericPasswordRequired
The AlphanumericPasswordRequired parameter specifies whether the password for the mobile device must be alphanumeric. Valid input for this parameter is $true or $false. The default value is $false.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-ApprovedApplicationList
The ApprovedApplicationList parameter specifies a configured list of approved applications for the device.
| Type: | ApprovedApplicationCollection |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-AttachmentsEnabled
The AttachmentsEnabled parameter specifies whether attachments can be downloaded on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
When set to $false, this parameter blocks the user from downloading attachments on the mobile device.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.
- Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax:
-Confirm:$false. - Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online, Exchange Online Protection |
-DeviceEncryptionEnabled
Note: This setting is supported by Outlook for iOS and Android.
The DeviceEncryptionEnabled parameter specifies whether encryption is enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.
When this parameter is set to $true, device encryption is enabled on the mobile device.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-DevicePolicyRefreshInterval
The DevicePolicyRefreshInterval parameter specifies how often the policy is sent to the mobile device.
To specify a value, enter it as a time span: dd.hh:mm:ss where dd = days, hh = hours, mm = minutes, and ss = seconds.
The default value is Unlimited.
| Type: | Unlimited |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-DomainController
This parameter is available only in on-premises Exchange.
The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.
| Type: | Fqdn |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019 |
-IrmEnabled
The IrmEnabled parameter specifies whether Information Rights Management (IRM) is enabled for the mobile device. Valid input for this parameter is $true or $false. The default value is $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-IsDefault
The IsDefault parameter specifies whether this policy is the default mobile device mailbox policy. Valid input for this parameter is $true or $false. The default value for the built-in mobile device mailbox policy named Default is $true. The default value for new mobile device mailbox policies that you create is $false.
There can be only one default policy. If another policy is currently set as the default, and you set this parameter to $true, this policy becomes the default policy. The value of this parameter on the other policy is automatically changed to $false, and that policy is no longer the default policy.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MaxAttachmentSize
The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the mobile device. Valid input for this parameter is a size value between 0 and 2147482624 bytes (approximately 2 GB), or the value Unlimited. The default value is Unlimited.
Unqualified values are treated as bytes. You can qualify the value with KB (kilobytes), MB (megabytes) or GB (gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4096 or 4KB.
The maximum value is 1024 bytes (one kilobyte) less than two gigabytes (2*1024^3), so these are the maximum qualified values you can use with this parameter.
- 2097151KB
- 2047.999024MB
- 1.999999047GB
| Type: | Unlimited |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MaxCalendarAgeFilter
The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to the mobile device. Valid values for this parameter are:
- All
- TwoWeeks
- OneMonth
- ThreeMonths
- SixMonths
The default value is All.
| Type: | CalendarAgeFilterType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MaxEmailAgeFilter
The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the mobile device. Valid values for this parameter are:
- All
- OneDay
- ThreeDays
- OneWeek
- TwoWeeks
- OneMonth
The default value is All.
| Type: | EmailAgeFilterType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MaxEmailBodyTruncationSize
The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated when synchronized to the mobile device. Valid input for this parameter is an integer between 0 and 2147483647 (Int32) or the value Unlimited. The default value is Unlimited.
Unqualified values are treated as bytes. You can qualify the value with KB (kilobytes), MB (megabytes) or GB (gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4KB or 4096.
| Type: | Unlimited |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MaxEmailHTMLBodyTruncationSize
The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML-formatted email messages are truncated when synchronized to the mobile device. Valid input for this parameter is an integer between 0 and 2147483647 (Int32) or the value Unlimited. The default value is Unlimited.
Unqualified values are treated as bytes. You can qualify the value with KB (kilobytes), MB (megabytes) or GB (gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4KB or 4096.
| Type: | Unlimited |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MaxInactivityTimeLock
The MaxInactivityTimeLock parameter specifies the length of time that the mobile device can be inactive before the password is required to reactivate it. Valid values are:
- A timespan: hh:mm:ss, where hh = hours, mm = minutes and ss= seconds. The valid input range is 00:01:00 to 01:00:00 (one minute to one hour).
- The value Unlimited. This is the default value.
| Type: | Unlimited |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MaxPasswordFailedAttempts
The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct password for the mobile device.
You can enter any number from 4 through 16 or the value Unlimited. The default value is Unlimited.
| Type: | Unlimited |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MinPasswordComplexCharacters
The MinPasswordComplexCharacters parameter specifies the character sets that are required in the password of the mobile device. The character sets are:
- Lower case letters.
- Upper case letters.
- Digits 0 through 9.
- Special characters (for example, exclamation marks).
A valid value for this parameter is an integer from 1 through 4. The default value is 1.
For Windows Phone 8 devices, the value specifies the number of character sets that are required in the password. For example, the value 3 requires at least one character from any three of the character sets.
For Windows Phone 10 devices, the value specifies the following password complexity requirements:
- Digits only.
- Digits and lower case letters.
- Digits, lower case letters, and upper case letters.
- Digits, lower case letters, upper case letters, and special characters.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-MinPasswordLength
Note: This setting is supported by Outlook for Android.
The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.
You can enter any number from 1 through 16 or the value $null. The default value is blank. The maximum password length is 16 characters.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-Name
The Name parameter specifies the name of the mobile device mailbox policy. You can use any value that uniquely identifies the policy. For example:
- Name
- Distinguished name (DN)
- GUID
The name of the built-in mobile device mailbox policy is Default.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-PasswordEnabled
The PasswordEnabled parameter specifies whether a password is required on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.
When set to $true, this parameter requires the user to set a password on the mobile device.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-PasswordExpiration
The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user is forced to change the password. Valid values are:
- A timespan: ddd.hh:mm:ss, where ddd = days, hh = hours, mm = minutes and ss= seconds. The valid input range is 1.00:00:00 to 730.00:00:00 (one day to two years).
- The value Unlimited. This is the default value
| Type: | Unlimited |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-PasswordHistory
The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.
You can enter any number from 0 through 50. The default value is 0.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-PasswordRecoveryEnabled
The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored in Exchange. Valid input for this parameter is $true or $false. The default value is $false.
When set to $true, this parameter enables you to store the recovery password for the mobile device in Exchange. The recovery password can be viewed from Outlook on the web or the Exchange admin center.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-RequireDeviceEncryption
The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-RequireEncryptedSMIMEMessages
The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted S/MIME messages. Valid input for this parameter is $true or $false. The default value is $false.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-RequireEncryptionSMIMEAlgorithm
The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that's required to encrypt S/MIME messages on a mobile device. The valid values for this parameter are:
- DES
- TripleDES
- RC240bit
- RC264bit
- RC2128bit
The default value is TripleDES.
| Type: | EncryptionSMIMEAlgorithmType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-RequireManualSyncWhenRoaming
The RequireManualSyncWhenRoaming parameter specifies whether the mobile device must synchronize manually while roaming. Valid input for this parameter is $true or $false. The default value is $false.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-RequireSignedSMIMEAlgorithm
The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.
Valid values for this parameter are SHA1 or MD5. The default value is SHA1.
| Type: | SignedSMIMEAlgorithmType |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-RequireSignedSMIMEMessages
The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME messages. Valid input for this parameter is $true or $false. The default value is $false.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-RequireStorageCardEncryption
The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.
Setting this parameter to $true also sets the DeviceEncryptionEnabled parameter to $true.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-UnapprovedInROMApplicationList
The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM on the mobile device.
| Type: | MultiValuedProperty |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-UNCAccessEnabled
The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the mobile device. In on-premises Exchange organizations, access to specific shares is configured on the Exchange ActiveSync virtual directory.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
-WhatIf
The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online, Exchange Online Protection |
-WSSAccessEnabled
The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device. In on-premises Exchange organizations, access to specific shares is configured on the Exchange ActiveSync virtual directory.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Exchange Online |
Inputs
Input types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.
Outputs
Output types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn't return data.