🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Get ActiveSync Enabled Mailboxes in Exchange Online

Managing email synchronization for mobile devices is essential for smooth business communication. Exchange Online ActiveSync (EAS) enables users to access emails, calendars, contacts, and tasks on mobile devices. EAS configuration and monitoring can be challenging for adminis, as unchecked settings may lead to security risks. This guide outlines the steps to identify all Microsoft 365 ActiveSync-enabled mailboxes and efficiently track them along with their connected mobile devices in your organization.

Native Solution

Microsoft 365 Permission Required

High
Least Privilege

View-Only Recipients Role

Highest Privilege

Global Admin

Option 1 Using Exchange Online Admin Center

  • Sign in to the Exchange Online admin center.
  • Navigate to Recipients»Mailboxes and select the respective user mailbox.
  • Under General»Email apps & mobile devices»Manage email apps settings, check whether the toggle for ‘Mobile (Exchange ActiveSync)’ is enabled in the flyout pane.
Using Exchange Online Admin Center

Unfortunately, the Exchange Online admin center doesn't allow you to view all devices connected via Exchange ActiveSync at once.

Option 2 Using Windows PowerShell

  • The most efficient native method to get a list of all Exchange ActiveSync-enabled mailboxes is to use PowerShell.
  • Connect to Exchange Online PowerShell module.
  • Windows PowerShell Windows PowerShell
     Connect-ExchangeOnline
  • Run the below cmdlets to list all the Exchange Online ActiveSync enabled mailboxes in your tenant.
  • Windows PowerShell Windows PowerShell
     Get-EXOCASMailbox -Filter "ActiveSyncEnabled -eq $true" | ft cmdlet 
Using Windows PowerShell
AdminDroid Solution
More than 150 reports are under the free edition.

AdminDroid Permission Required

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

ad
  • Open the AdminDroid Office 365 reporter.
  • Navigate to the ActiveSync Enabled Mailboxes report under Reports»Exchange»Active Sync.
Using AdminDroid

Get the complete list of all ActiveSync enabled mailboxes in Microsoft 365 with in-depth mailbox details like Primary SMTP Address, ActiveSync Allowed Device Ids, ActiveSync Mailbox Policy, ActiveSync Status, etc.

admindroid-active-sync-enabled-mailboxes-chart
  • Additionally, Exchange Online admins can generate graphical charts to view and list the mailboxes with allowed devices count to easily monitor device access & manage device compliance efficiently.

Get all the Exchange ActiveSync enabled mailboxes in a snap!

Monitoring Exchange ActiveSync mailboxes is essential for maintaining data security and compliance. Secure your Exchange Online by effectively managing EAS enabled mailboxes using AdminDroid.

Witness the report in action using the

Important Tips

Implement a strict ActiveSync password policy that requires strong and complex passwords on mobile devices, ensuring that only compliant devices are synced to your Exchange Online mailboxes.

Enforce multifactor authentication (MFA) using Conditional Access for Exchange ActiveSync connections to enhance security and minimize the risks of unauthorized access.

Protect your sensitive data and maintain compliance by implementing robust mobile device management (MDM) policies using Microsoft Intune.

Exchange OnlineEnhance Remote Email Security by Managing Exchange ActiveSync Access in Microsoft 365

Showing 1 of 4

How to enable or disable Exchange ActiveSync access to mailboxes in Microsoft 365?

Exchange ActiveSync (EAS) is a protocol that enables mobile devices to synchronize email, calendar, contacts, and tasks with Exchange Online. Managing Exchange ActiveSync access is essential for maintaining data security policies and ensuring users have appropriate mobile access.

Follow these steps to enable or disable Exchange ActiveSync access to a mailbox for a mobile device.

  • Sign in to the Exchange Online admin center and navigate to Recipients»Mailboxes »select the respective user mailbox.
  • Under General»Email apps & mobile devices, you will find the Mobile (Exchange ActiveSync). option. You can enable or disable it by clicking the toggle.

Enable or disable Exchange ActiveSync for a mailbox in EXO using PowerShell

You can utilize the following PowerShell cmdlets to efficiently enable or disable EAS for a mailbox in Exchange Online.

# Connect to Exchange Online PowerShell module.
Connect-ExchangeOnline
# To enable Exchange ActiveSync access to mailbox in Exchange Online.
Set-CASMailbox -Identity user@domain.com -ActiveSyncEnabled $true
# To disable Exchange ActiveSync access to mailbox in Exchange Online.
Set-CASMailbox -Identity user@domain.com -ActiveSyncEnabled $false

How to get the list of all Exchange ActiveSync users in Microsoft 365?

By identifying the number of devices connected via Exchange ActiveSync, admins can monitor for any unusual remote devices connected to the Microsoft 365 mailbox.

Find the list of all devices connected using Exchange ActiveSync using PowerShell

Run the below cmdlet in Exchange Online PowerShell to get list of all devices connected using Exchange ActiveSync.

Get-MobileDevice -ResultSize Unlimited

To proactively track list of all devices connected using Exchange ActiveSync, AdminDroid offers a robust solution!

With AdminDroid's ActiveSync Device Count report, you can effortlessly track the number of ActiveSync devices connected using EAS.

admindroid-active-sync-devices-count

How to assign mobile device mailbox policy in Microsoft 365?

Mobile device polices allow you to control access to mailboxes from various mobile devices, ensuring that sensitive information is protected.

Managing mobile device mailbox policies in Exchange Online (EXO) allows administrators to control the behavior and security of mobile devices that access organizational mailboxes through Exchange ActiveSync. Here's how you can manage these policies in EXO:

Create a new mobile device mailbox policy using Exchange Admin Center

  • Navigate to the Mobile»Mobile device mailbox policies in Exchange Online admin center.
  • Click + New to create a new policy.
  • Set the required parameters, such as password strength, device encryption, sign-in failure count before wiping a device, and synchronization settings.
  • After reviewing the policy inputs, click Create to complete the policy creation.
eac-mobile-device-mailbox-policy

Create a new mobile device mailbox policy using PowerShell

You can utilize the following PowerShell cmdlets to create a new mobile device mailbox policy in Exchange Online.

#Connect to the Exchange Online module. 
Connect-ExchangeOnline 

# To create a new mobile device mailbox policy in Exchange Online. 
New-MobileDeviceMailboxPolicy -Name "PolicyName" -AllowSimplePassword $false -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordExpirationDays 90 -MinPasswordLength 8

Using the New-MobileDeviceMailboxPolicy cmdlet, you can set a descriptive name for the policy and configure password requirements, such as allowing simple passwords, enabling password enforcement, requiring alphanumeric passwords, and defining password expiration & minimum length.

With AdminDroid, admins can monitor mobile device configuration changes and identify connected devices along with their applied mobile device policies.

  • Closely monitor all 'Mobile Device Configuration Changes' with detailed insights into iOS and Android devices, empowering admins to effectively manage and enforce Exchange mobile device policies.
admindroid-mobile-device-mailbox-policy-report

Pro tip: Utilize the Schedule option to receive the Mobile Device Configuration Changes report periodically to your mailbox.

How to manage Quarantined devices access rules in Exchange Online?

Quarantined devices in Exchange Online are mobile devices that have been temporarily blocked from accessing your organization's email data as they do not comply with your mobile device policies. This can happen for various reasons, such as:

  • Device enrollment failure: The device failed to enroll in Exchange Online using the required method.
  • Non-compliant device configuration: The device doesn't meet the specified requirements like having a minimum OS version or being encrypted.
  • Policy violations: The device has violated your organization's mobile device policies, such as accessing restricted data or failing to meet security requirements.

When a device is quarantined, the user will typically receive a notification indicating that their device is not allowed to access emails. They may need to take proper actions, such as updating their device settings or re-enrolling it, to regain access.

Managing Quarantined Devices in Exchange Online

You can manage quarantined devices in the Exchange Admin Center (EAC) under Mobile Device Management.

  • In the Exchange admin center, navigate to Quarantined Devices under Mobile»Mobile device access.
  • Under the ‘Quarantined Devices’ section, select the desired device.
  • Clicking on the device will allow you to view its details, including the reason for quarantine and any associated policies.
  • From the below available options, choose the desired action that you need to perform on quarantine quarantined devices.
    • Unquarantine - Remove the device from quarantine if the issue has been resolved.
    • Wipe Data- Remotely wipe the device if it's lost or stolen.
    • Modify Policies - Review and adjust your mobile device policies to prevent similar issues in the future.

Note: The specific actions available may vary depending on your organization's configuration and the reason for quarantine.

AdminDroid Exchange Online ReporterMonitoring all Microsoft 365 ActiveSync enabled mailboxes made easy!

The AdminDroid Exchange Online mobile device reporting tool offers a streamlined solution for managing ActiveSync devices. It provides comprehensive reports on ActiveSync, including enabled mailboxes, added devices, inactive devices, and more, to facilitate efficient device management in your Microsoft 365 environment.

A Quick Summary

Monitor Mobile Devices by Policy

Use the Mobile Device by Policy to track connected mailboxes with applied mobile device policies and ensure that security policies are properly enforced on connected devices to prevent data leaks.

Detailed Mobile Device Report by Client Type

The Mobile Devices by Client Type report provides a list of registered devices and their client types (Outlook, EAS, etc.) that helps admins improve mobile device management in their organizations.

List of All Connected Mobile Devices in EXO

Easily track whether the connected mobile devices are managed and compliant with your organization's security policies using the All Mobile Devices report.

Check Connected Mobile Devices by OS

Leverage the mobile device by OS report to visualize key stats like device OS versions, connected mailboxes, and M365 device types, helping admins identify devices that needs OS upgrades.

Get the list of all Inactive ActiveSync Devices

Identify all the inactive ActiveSync devices with details like inactive sync days and last sync time, helping admins identify and block devices no longer needed.

Recently Added Exchange ActiveSync Devices

Keep track of the recently added ActiveSync devices with details, such as mailbox name, mobile device name, sync time, device model, etc., to ensure the newly added devices comply with security policies.

Overall, AdminDroid’s Exchange Online management tool empowers you to effectively manage ActiveSync devices within your Microsoft 365 environment. By providing detailed reports on ActiveSync-enabled mailboxes, it helps you ensure that all mailboxes are properly configured and synced, thereby enhancing your ability to maintain device security and compliance.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Common Errors and Resolution Steps for Monitoring ActiveSync Enabled Mailboxes in Microsoft 365

The following are possible errors and troubleshooting hints while monitoring ActiveSync enabled mailboxes.

Error: Try Again later, or contact your IT admin. A mobile device can't connect to Exchange Online by using Exchange ActiveSync.

This error indicates that a mobile device is unable to connect to Exchange Online via Exchange ActiveSync.

Troubleshooting hint :Check the ActiveSync quarantine settings in the Exchange Online admin center. If the device is listed as blocked, remove it from the quarantine to restore access. Additionally, ensure that the device complies with your organization's security policies.

Error: ExADDDAF|Microsoft.Exchange.Management.Tasks.RecipientTaskException|This task does not support recipients of this type.

This error may occur in PowerShell when attempting to execute the ActiveSync enable or disable cmdlet for a user account that does not have a mailbox.

Troubleshooting hint :Always verify that the user has a mailbox before including their UPN in the command.

Error: G: Ex6F9304|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|The operation couldn't be performed because object 'X' couldn't be found on 'BM1P287A01DC003.INDP287A001.PROD.OUTLOOK.COM'.

This error occurs when you run the Get-CASMailbox cmdlet with the wrong user’s UPN in the Exchange Online PowerShell.

Troubleshooting hint :Check the spelling of the user’s UPN and re-run the cmdlet in Exchange Online Management Shell.

Error: Get-EXOCASMailbox : You must call Connect-ExchangeOnline before calling any other cmdlet.

This error will occur while you are running the ‘Get-EXOCASMailbox' cmdlet without connecting to the Exchange online.

Troubleshooting hint :To export list of ActiveSync enabled mailboxes in Microsoft 365. Make sure to connect to the Exchange Online module by using the following cmdlet.

Connect-ExchangeOnline