How to unblock an ActiveSync Mobile device in Exchange Online?

Computers and Internet 2 Minutes

If the user’s ActiveSync device is blocked (Quarantined), User might be getting this email:

Subject: Your device is temporarily blocked from synchronizing using Exchange ActiveSync until your administrator grants it access.

Your device is temporarily blocked from accessing content via Exchange ActiveSync because the device has been quarantined. You don’t need to take any action. Content will automatically be downloaded as soon as access is granted by your administrator.

There are 3 ways to unblock the mobile device in Exchange On-Prem and Exchange Online. I will show you here all 3 ways. I personally use PowerShell. So, the PowerShell way first.

Unblock the ActiveSync Device using PowerShell

  1. Open PowerShell and connect to Exchange server Or Exchange Online
  2. Run Get-CASMailbox command and NOTE Down the “blocked ActiveSync device id”. E.g., See Below. Notice the blocked device id: androidc274977591
PS E:\> Get-CASMailbox -Identity anandTheAwersome | Select-Object "*ActiveSync*"
ActiveSyncAllowedDeviceIDs         : {4E6F74657361613733653433336533}
ActiveSyncBlockedDeviceIDs         : {androidc274977591}
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : True
ActiveSyncDebugLogging             : False
ActiveSyncEnabled                  : True
HasActiveSyncDevicePartnership     : True
ActiveSyncSuppressReadReceipt      : False

3. Add the noted blocked device id into Allowed Devices in CAS Mailbox Properties. 

Set-CASMailbox -Identity anandTheAwersome -ActiveSyncAllowedDeviceIDs @{Add='androidc274977591'}

4. To verify, Run the Get-CASMailbox again to see the device id is in ActiveSyncAllowedDeviceIds list. 

PS E:\> Get-CASMailbox -Identity anandTheAwersome | Select-Object "*ActiveSync*"
ActiveSyncAllowedDeviceIDs         : {4E6F74657361613733653433336533,androidc274977591}
ActiveSyncBlockedDeviceIDs         : {}
ActiveSyncMailboxPolicy            : Default
ActiveSyncMailboxPolicyIsDefaulted : True
ActiveSyncDebugLogging             : False
ActiveSyncEnabled                  : True
HasActiveSyncDevicePartnership     : True
ActiveSyncSuppressReadReceipt      : False

That’s It. Give it a minute or two. The Mail/Calendar client App in the device will start synchronizing. Now, for the underlings who gets scared of PowerShell, I will show how to do this in Exchange Admin Console.

(Way 1) Unblock the Active Sync Device in “Mobile Device Details”

  1. Open ECP console in your favorite browser
  2. Go to Mailboxes and find and select the user’s mailbox.
  3. On the right-side pane, click on “View Details” under “Mobile Devices
  4. Select the blocked device (Status says “Access Denied”). Click on the Second Icon to “Allow” the device.
  1. Click “Save” button.

(Way 2) Unblock the Active Sync Device in “Mobile Device Details”

  1. In Exchange Console Panel, Select Mobile
  2. In “Mobile device access” tab, find the user and blocked device in “Quarantined Devices
  3. After you find and select the device, click on the second button to “Allow” the device
  1. Give it a minute or two, client app will start synchronizing.

Hope that was easy. If you like this blog, leave me a “holla”.

Published by --Anand--

Being in Silicon Valley for years, I became a IT Infrastructure Geek by experience and surrounded by other Geeks everywhere. I try to help others by the solutions I found on odd occasions.

Published

5 thoughts on “How to unblock an ActiveSync Mobile device in Exchange Online?

  2. This is a great write-up Anand. Is there a way to tell WHEN a device was unblocked? For example, I could swear I unblocked a device the other day through powershell, but today it was still blocked. Is that logged anywhere? Thanks!

    Reply

  3. So today I realize my phone was blocked from accessing our email via Outlook. Got the same error as up above in this email. This has worked fine for the last six months no problem. I am still able to access email through the OWA URL link. Given that is there some other way or other app I can use to check my email on my iPhone?

    Reply

  4. Hi there I get this error – A parameter cannot be found that matches parameter name ‘ActiveSyncAllowedDeviceIDs’.

    + CategoryInfo : InvalidArgument: (:) [Set-CASMailbox], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Set-CASMailbox
    + PSComputerName : outlook.office365.com

    Set-CASMailbox -Identity peter.nicholls@company.com -ActiveSyncAllowedDeviceIDs @{Add=’B4685F67411B3EC992B3752A438342BD’}

    Reply

  5. Hi Anand,
    I had a device which was quarantined. It started working on its own after a month.
    Now, I am trying to register another device and it is quarantined now.

    Can you think of what happened that it started working on its own.

    Reply

Leave a comment