This week I had a customer who received an error while connecting a mobile device to office 365.
The device continuously get blocked. Deleting the device, and reconnecting it again did not work.
The status was every time : Access Denied
After some disconnections, and re connections there was an error :
The mobile device XXXXXXXXX cannot be found
Solution 1
First you have to find the identity of the device:
Get-MobileDeviceStatistics -Mailbox username@domain.nl
Search for the Identity of the device in the listing
Use the value of this identity :
Remove-MobileDevice -Identity "EURPR03A002.prod.outlook.com/Microsoft Exchange Hosted Organizations/Tenant.onmicrosoft.com/User/ExchangeActiveSyncDevices/REST§Outlook§3a7fef6794b90b835961xxxxxxxxxxxx"
In my case the error persists.
Solution 2
I’ve found this perfect solution :
https://practical365.com/exchange-server/unblock-mobile-device-exchange-server/
First find the ActiveSyncBlockedDeviceIDs of the device
C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*
ActiveSyncAllowedDeviceIDs : {}
ActiveSyncBlockedDeviceIDs : {6fd1e8fe4d5061c09b3a3437a6ef8862, 3a7fef6794b90b8359610a398d51be82}
ActiveSyncMailboxPolicy : CONNECT-Mobile-devices
ActiveSyncMailboxPolicyIsDefaulted : False
ActiveSyncDebugLogging : False
ActiveSyncEnabled : True
ActiveSyncSuppressReadReceipt : False
Remove the ActiveSyncBlockedDeviceIDs
C:\Scripts> Set-CASMailbox -Identity username@domain.nl -ActiveSyncBlockedDeviceIDs @{remove='6fd1e8fe4d5061c09b3a3437a6ef8862'}
Check the device again, and the ActiveSyncBlockedDeviceIDs is gone.
C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*
ActiveSyncAllowedDeviceIDs : {}
ActiveSyncBlockedDeviceIDs : {3a7fef6794b90b8359610a398d51be82}
ActiveSyncMailboxPolicy : CONNECT-Mobile-devices
ActiveSyncMailboxPolicyIsDefaulted : False
ActiveSyncDebugLogging : False
ActiveSyncEnabled : True
ActiveSyncSuppressReadReceipt : False
Also delete any other device
C:\Scripts> Set-CASMailbox -Identity username@domain.nl -ActiveSyncBlockedDeviceIDs @{remove='3a7fef6794b90b8359610a398d51be82'}
Check is again
C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*
ActiveSyncAllowedDeviceIDs : {}
ActiveSyncBlockedDeviceIDs : {}
ActiveSyncMailboxPolicy : CONNECT-Mobile-devices
ActiveSyncMailboxPolicyIsDefaulted : False
ActiveSyncDebugLogging : False
ActiveSyncEnabled : True
ActiveSyncSuppressReadReceipt : False
After reconnecting the device to office 365, you can check is again, and the ActiveSyncBlockedDeviceIDs is empty.
C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*
ActiveSyncAllowedDeviceIDs : {Q5F72FQH4P1E50FV00393J5R3K, 5HLNOG0DJL1RT3M076V6NL80TO, ae14fb52ae7b5462f8392e9aa33054c4}
ActiveSyncBlockedDeviceIDs : {}
ActiveSyncMailboxPolicy : CONNECT-Mobile-devices
ActiveSyncMailboxPolicyIsDefaulted : False
ActiveSyncDebugLogging : False
ActiveSyncEnabled : True
ActiveSyncSuppressReadReceipt : False
Blocking a device
When you want to block a device, use the ADD option:
This will block the device 3a7fef6794b90b8359610a398d51be82
C:\Scripts> Set-CASMailbox -Identity username@domain.nl -ActiveSyncBlockedDeviceIDs @{add='3a7fef6794b90b8359610a398d51be82'}
C:\Scripts> Get-CASMailbox -Identity username@domain.nl | fl activesync*
ActiveSyncAllowedDeviceIDs : {Q5F72FQH4P1E50FV00393J5R3K, 5HLNOG0DJL1RT3M076V6NL80TO, ae14fb52ae7b5462f8392e9aa33054c4}
ActiveSyncBlockedDeviceIDs : {3a7fef6794b90b8359610a398d51be82}
ActiveSyncMailboxPolicy : CONNECT-Mobile-devices
ActiveSyncMailboxPolicyIsDefaulted : False
ActiveSyncDebugLogging : False
ActiveSyncEnabled : True
ActiveSyncSuppressReadReceipt : False
