Get ActiveSync Enabled Mailboxes in Exchange

Managing email synchronization for mobile devices is essential for smooth business communication. Exchange Online ActiveSync (EAS) enables users to access emails, calendars, contacts, and tasks on mobile devices. EAS configuration and monitoring can be challenging for adminis, as unchecked settings may lead to security risks. This guide outlines the steps to identify all Microsoft 365 ActiveSync-enabled mailboxes and efficiently track them along with their connected mobile devices in your organization.

Native Solution

Microsoft 365 Permission Required

High

Least Privilege

View-Only Recipients Role

Most Privilege

Global Admin

Option 1 Using Exchange Online Admin Center

Sign in to the Exchange Online admin center.
Navigate to Recipients»Mailboxes and select the respective user mailbox.
Under General»Email apps & mobile devices»Manage email apps settings, check whether the toggle for ‘Mobile (Exchange ActiveSync)’ is enabled in the flyout pane.

Unfortunately, the Exchange Online admin center doesn't allow you to view all devices connected via Exchange ActiveSync at once.

Option 2 Using Windows PowerShell

The most efficient native method to get a list of all Exchange ActiveSync-enabled mailboxes is to use PowerShell.
Connect to Exchange Online PowerShell module.
Windows PowerShell
```
 Connect-ExchangeOnline
```
Run the below cmdlets to list all the Exchange Online ActiveSync enabled mailboxes in your tenant.

Windows PowerShell

 Get-EXOCASMailbox -Filter "ActiveSyncEnabled -eq $true" | ft cmdlet

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Open the AdminDroid Office 365 reporter.
Navigate to the ActiveSync Enabled Mailboxes report under Reports»Exchange»Active Sync.

Get the complete list of all ActiveSync enabled mailboxes in Microsoft 365 with in-depth mailbox details like Primary SMTP Address, ActiveSync Allowed Device Ids, ActiveSync Mailbox Policy, ActiveSync Status, etc.

admindroid-active-sync-enabled-mailboxes-chart

Additionally, Exchange Online admins can generate graphical charts to view and list the mailboxes with allowed devices count to easily monitor device access & manage device compliance efficiently.

Explore a full range of reporting options

Get all the Exchange ActiveSync enabled mailboxes in a snap!

Monitoring Exchange ActiveSync mailboxes is essential for maintaining data security and compliance. Secure your Exchange Online by effectively managing EAS enabled mailboxes using AdminDroid.

Witness the report in action using the

Live Demo

Important Tips

Implement a strict ActiveSync password policy that requires strong and complex passwords on mobile devices, ensuring that only compliant devices are synced to your Exchange Online mailboxes.

Enforce multifactor authentication (MFA) using Conditional Access for Exchange ActiveSync connections to enhance security and minimize the risks of unauthorized access.

Protect your sensitive data and maintain compliance by implementing robust mobile device management (MDM) policies using Microsoft Intune.

Exchange OnlineEnhance Remote Email Security by Managing Exchange ActiveSync Access in Microsoft 365

Showing 1 of 4

How to enable or disable Exchange ActiveSync access to mailboxes in Microsoft 365? How to get the list of all Exchange ActiveSync users in Microsoft 365? How to assign mobile device mailbox policy in Microsoft 365? How to manage Quarantined devices access rules in Exchange Online?

How to enable or disable Exchange ActiveSync access to mailboxes in Microsoft 365?

Exchange ActiveSync (EAS) is a protocol that enables mobile devices to synchronize email, calendar, contacts, and tasks with Exchange Online. Managing Exchange ActiveSync access is essential for maintaining data security policies and ensuring users have appropriate mobile access.

Follow these steps to enable or disable Exchange ActiveSync access to a mailbox for a mobile device.

Sign in to the Exchange Online admin center and navigate to Recipients»Mailboxes »select the respective user mailbox.
Under General»Email apps & mobile devices, you will find the Mobile (Exchange ActiveSync). option. You can enable or disable it by clicking the toggle.

Enable or disable Exchange ActiveSync for a mailbox in EXO using PowerShell

You can utilize the following PowerShell cmdlets to efficiently enable or disable EAS for a mailbox in Exchange Online.

# Connect to Exchange Online PowerShell module.
Connect-ExchangeOnline
# To enable Exchange ActiveSync access to mailbox in Exchange Online.
Set-CASMailbox -Identity user@domain.com -ActiveSyncEnabled $true
# To disable Exchange ActiveSync access to mailbox in Exchange Online.
Set-CASMailbox -Identity user@domain.com -ActiveSyncEnabled $false

How to get the list of all Exchange ActiveSync users in Microsoft 365?

By identifying the number of devices connected via Exchange ActiveSync, admins can monitor for any unusual remote devices connected to the Microsoft 365 mailbox.

Find the list of all devices connected using Exchange ActiveSync using PowerShell

Run the below cmdlet in Exchange Online PowerShell to get list of all devices connected using Exchange ActiveSync.

Get-MobileDevice -ResultSize Unlimited

To proactively track list of all devices connected using Exchange ActiveSync, AdminDroid offers a robust solution!

With AdminDroid's ActiveSync Device Count report, you can effortlessly track the number of ActiveSync devices connected using EAS.

How to assign mobile device mailbox policy in Microsoft 365?

Mobile device polices allow you to control access to mailboxes from various mobile devices, ensuring that sensitive information is protected.

Managing mobile device mailbox policies in Exchange Online (EXO) allows administrators to control the behavior and security of mobile devices that access organizational mailboxes through Exchange ActiveSync. Here's how you can manage these policies in EXO:

Create a new mobile device mailbox policy using Exchange Admin Center

Navigate to the Mobile»Mobile device mailbox policies in Exchange Online admin center.
Click + New to create a new policy.
Set the required parameters, such as password strength, device encryption, sign-in failure count before wiping a device, and synchronization settings.
After reviewing the policy inputs, click Create to complete the policy creation.

Create a new mobile device mailbox policy using PowerShell

You can utilize the following PowerShell cmdlets to create a new mobile device mailbox policy in Exchange Online.

#Connect to the Exchange Online module. 
Connect-ExchangeOnline 

# To create a new mobile device mailbox policy in Exchange Online. 
New-MobileDeviceMailboxPolicy -Name "PolicyName" -AllowSimplePassword $false -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordExpirationDays 90 -MinPasswordLength 8

Using the New-MobileDeviceMailboxPolicy cmdlet, you can set a descriptive name for the policy and configure password requirements, such as allowing simple passwords, enabling password enforcement, requiring alphanumeric passwords, and defining password expiration & minimum length.

With AdminDroid, admins can monitor mobile device configuration changes and identify connected devices along with their applied mobile device policies.

Closely monitor all 'Mobile Device Configuration Changes' with detailed insights into iOS and Android devices, empowering admins to effectively manage and enforce Exchange mobile device policies.

admindroid-mobile-device-mailbox-policy-report

Pro tip: Utilize the Schedule option to receive the Mobile Device Configuration Changes report periodically to your mailbox.

How to manage Quarantined devices access rules in Exchange Online?

Quarantined devices in Exchange Online are mobile devices that have been temporarily blocked from accessing your organization's email data as they do not comply with your mobile device policies. This can happen for various reasons, such as:

Device enrollment failure: The device failed to enroll in Exchange Online using the required method.
Non-compliant device configuration: The device doesn't meet the specified requirements like having a minimum OS version or being encrypted.
Policy violations: The device has violated your organization's mobile device policies, such as accessing restricted data or failing to meet security requirements.

When a device is quarantined, the user will typically receive a notification indicating that their device is not allowed to access emails. They may need to take proper actions, such as updating their device settings or re-enrolling it, to regain access.

Managing Quarantined Devices in Exchange Online

You can manage quarantined devices in the Exchange Admin Center (EAC) under Mobile Device Management.

In the Exchange admin center, navigate to Quarantined Devices under Mobile»Mobile device access.
Under the ‘Quarantined Devices’ section, select the desired device.
Clicking on the device will allow you to view its details, including the reason for quarantine and any associated policies.
From the below available options, choose the desired action that you need to perform on quarantine quarantined devices.
- Unquarantine - Remove the device from quarantine if the issue has been resolved.
- Wipe Data- Remotely wipe the device if it's lost or stolen.
- Modify Policies - Review and adjust your mobile device policies to prevent similar issues in the future.

Note: The specific actions available may vary depending on your organization's configuration and the reason for quarantine.

AdminDroid Exchange Online ReporterMonitoring all Microsoft 365 ActiveSync enabled mailboxes made easy!

The AdminDroid Exchange Online mobile device reporting tool offers a streamlined solution for managing ActiveSync devices. It provides comprehensive reports on ActiveSync, including enabled mailboxes, added devices, inactive devices, and more, to facilitate efficient device management in your Microsoft 365 environment.

A Quick Summary

Monitor Mobile Devices by Policy

Use the Mobile Device by Policy to track connected mailboxes with applied mobile device policies and ensure that security policies are properly enforced on connected devices to prevent data leaks.

Detailed Mobile Device Report by Client Type

The Mobile Devices by Client Type report provides a list of registered devices and their client types (Outlook, EAS, etc.) that helps admins improve mobile device management in their organizations.

List of All Connected Mobile Devices in EXO

Easily track whether the connected mobile devices are managed and compliant with your organization's security policies using the All Mobile Devices report.

Check Connected Mobile Devices by OS

Leverage the mobile device by OS report to visualize key stats like device OS versions, connected mailboxes, and M365 device types, helping admins identify devices that needs OS upgrades.

Get the list of all Inactive ActiveSync Devices

Identify all the inactive ActiveSync devices with details like inactive sync days and last sync time, helping admins identify and block devices no longer needed.

Recently Added Exchange ActiveSync Devices

Keep track of the recently added ActiveSync devices with details, such as mailbox name, mobile device name, sync time, device model, etc., to ensure the newly added devices comply with security policies.

Overall, AdminDroid’s Exchange Online management tool empowers you to effectively manage ActiveSync devices within your Microsoft 365 environment. By providing detailed reports on ActiveSync-enabled mailboxes, it helps you ensure that all mailboxes are properly configured and synced, thereby enhancing your ability to maintain device security and compliance.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for Monitoring ActiveSync Enabled Mailboxes in Microsoft 365

The following are possible errors and troubleshooting hints while monitoring ActiveSync enabled mailboxes.

Error: Try Again later, or contact your IT admin. A mobile device can't connect to Exchange Online by using Exchange ActiveSync.

This error indicates that a mobile device is unable to connect to Exchange Online via Exchange ActiveSync.

Troubleshooting hint :Check the ActiveSync quarantine settings in the Exchange Online admin center. If the device is listed as blocked, remove it from the quarantine to restore access. Additionally, ensure that the device complies with your organization's security policies.

Error: ExADDDAF|Microsoft.Exchange.Management.Tasks.RecipientTaskException|This task does not support recipients of this type.

This error may occur in PowerShell when attempting to execute the ActiveSync enable or disable cmdlet for a user account that does not have a mailbox.

Troubleshooting hint :Always verify that the user has a mailbox before including their UPN in the command.

Error: G: Ex6F9304|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|The operation couldn't be performed because object 'X' couldn't be found on 'BM1P287A01DC003.INDP287A001.PROD.OUTLOOK.COM'.

This error occurs when you run the Get-CASMailbox cmdlet with the wrong user’s UPN in the Exchange Online PowerShell.

Troubleshooting hint :Check the spelling of the user’s UPN and re-run the cmdlet in Exchange Online Management Shell.

Error: Get-EXOCASMailbox : You must call Connect-ExchangeOnline before calling any other cmdlet.

This error will occur while you are running the ‘Get-EXOCASMailbox' cmdlet without connecting to the Exchange online.

Troubleshooting hint :To export list of ActiveSync enabled mailboxes in Microsoft 365. Make sure to connect to the Exchange Online module by using the following cmdlet.

Connect-ExchangeOnline

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Get ActiveSync Enabled Mailboxes in Exchange Online