Export (0) Print
Expand All
Expand Minimize

New-MobileDeviceMailboxPolicy

Exchange Online
 

Applies to: Exchange Server 2013, Exchange Online

Topic Last Modified: 2014-05-16

This cmdlet is available in on-premises Exchange Server 2013 and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

Use the New-MobileDeviceMailboxPolicy cmdlet to create Microsoft mobile device mailbox policies.

For information about the parameter sets in the Syntax section below, see Syntax.

New-MobileDeviceMailboxPolicy -Name <String> [-AllowApplePushNotifications <$true | $false>] [-AllowBluetooth <Disable | HandsfreeOnly | Allow>] [-AllowBrowser <$true | $false>] [-AllowCamera <$true | $false>] [-AllowConsumerEmail <$true | $false>] [-AllowDesktopSync <$true | $false>] [-AllowExternalDeviceManagement <$true | $false>] [-AllowGooglePushNotifications <$true | $false>] [-AllowHTMLEmail <$true | $false>] [-AllowInternetSharing <$true | $false>] [-AllowIrDA <$true | $false>] [-AllowMicrosoftPushNotifications <$true | $false>] [-AllowMobileOTAUpdate <$true | $false>] [-AllowNonProvisionableDevices <$true | $false>] [-AllowPOPIMAPEmail <$true | $false>] [-AllowRemoteDesktop <$true | $false>] [-AllowSimplePassword <$true | $false>] [-AllowSMIMEEncryptionAlgorithmNegotiation <BlockNegotiation | OnlyStrongAlgorithmNegotiation | AllowAnyAlgorithmNegotiation>] [-AllowSMIMESoftCerts <$true | $false>] [-AllowStorageCard <$true | $false>] [-AllowTextMessaging <$true | $false>] [-AllowUnsignedApplications <$true | $false>] [-AllowUnsignedInstallationPackages <$true | $false>] [-AllowWiFi <$true | $false>] [-AlphanumericPasswordRequired <$true | $false>] [-ApprovedApplicationList <ApprovedApplicationCollection>] [-AttachmentsEnabled <$true | $false>] [-Confirm [<SwitchParameter>]] [-DeviceEncryptionEnabled <$true | $false>] [-DevicePolicyRefreshInterval <Unlimited>] [-DomainController <Fqdn>] [-IrmEnabled <$true | $false>] [-IsDefault <$true | $false>] [-MaxAttachmentSize <Unlimited>] [-MaxCalendarAgeFilter <All | TwoWeeks | OneMonth | ThreeMonths | SixMonths>] [-MaxEmailAgeFilter <All | OneDay | ThreeDays | OneWeek | TwoWeeks | OneMonth>] [-MaxEmailBodyTruncationSize <Unlimited>] [-MaxEmailHTMLBodyTruncationSize <Unlimited>] [-MaxInactivityTimeLock <Unlimited>] [-MaxPasswordFailedAttempts <Unlimited>] [-MinPasswordComplexCharacters <Int32>] [-MinPasswordLength <Int32>] [-MobileOTAUpdateMode <MajorVersionUpdates | MinorVersionUpdates | BetaVersionUpdates>] [-Organization <OrganizationIdParameter>] [-PasswordEnabled <$true | $false>] [-PasswordExpiration <Unlimited>] [-PasswordHistory <Int32>] [-PasswordRecoveryEnabled <$true | $false>] [-RequireDeviceEncryption <$true | $false>] [-RequireEncryptedSMIMEMessages <$true | $false>] [-RequireEncryptionSMIMEAlgorithm <TripleDES | DES | RC2128bit | RC264bit | RC240bit>] [-RequireManualSyncWhenRoaming <$true | $false>] [-RequireSignedSMIMEAlgorithm <SHA1 | MD5>] [-RequireSignedSMIMEMessages <$true | $false>] [-RequireStorageCardEncryption <$true | $false>] [-UnapprovedInROMApplicationList <MultiValuedProperty>] [-UNCAccessEnabled <$true | $false>] [-WhatIf [<SwitchParameter>]] [-WSSAccessEnabled <$true | $false>]

This example creates the mobile device mailbox policy Sales Policy that has several preconfigured values.

New-MobileDeviceMailboxPolicy -Name "Sales Policy" -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordRecoveryEnabled $true -IsDefault $false -AttachmentsEnabled $false -AllowStorageCard $true

This example creates the mobile device mailbox policy Management that has several preconfigured values. Users assigned to this policy should have an Enterprise client access license (CAL) to use many of these features.

New-MobileDeviceMailboxPolicy -Name Management -AllowBluetooth $true -AllowBrowser $true -AllowCamera $true -AllowPOPIMAPEmail $false -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordRecoveryEnabled $true -MaxEmailAgeFilter TwoWeeks -AllowWiFi $true -AllowStorageCard $true

This example creates the mobile device mailbox policy Contoso Policy that has several preconfigured values. This policy is configured to be the default policy for the organization. The default policy is assigned to all new users.

New-MobileDeviceMailboxPolicy -Name "Contoso Policy" -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordRecoveryEnabled $true -MinPasswordComplexCharacters 3 -IsDefault $true -PasswordHistory 10

Mobile device mailbox policies define settings for mobile devices that are used to access mailboxes in your organization. The default mobile device mailbox policy is applied to all new mailboxes that you create. You can assign a mobile device mailbox policy to existing mailboxes by using the Set-CASMailbox cmdlet, or by editing the mailbox properties in the Exchange admin center (EAC).

NoteNote:
Some mobile device mailbox policy settings require the mobile device to have certain built-in features that enforce these security and device management settings. If your organization allows all devices, you need to set the AllowNonProvisionableDevices parameter to $true. This allows devices that can't enforce all policy settings to synchronize with your server.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Mobile device mailbox policy settings" entry in the Clients and mobile devices permissions topic.

 

Parameter Required Type Description

Name

Required

System.String

The Name parameter specifies the name of the mobile device mailbox policy. You can use any value that uniquely identifies the policy. For example:

  • Name

  • Distinguished name (DN)

  • GUID

The name of the built-in mobile device mailbox policy is Default.

AllowApplePushNotifications

Optional

System.Boolean

This parameter is available only in the cloud-based service.

The AllowApplePushNotifications parameter specifies whether push notifications are allowed for Apple mobile devices. Valid input for this parameter is $true or $false. The default value is $true.

AllowBluetooth

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.BluetoothType

The AllowBluetooth parameter specifies whether the Bluetooth capabilities of the mobile device are allowed. The available options are Disable, HandsfreeOnly, and Allow. The default value is Allow.

AllowBrowser

Optional

System.Boolean

The AllowBrowser parameter specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't affect third-party browsers.

AllowCamera

Optional

System.Boolean

The AllowCamera parameter specifies whether the mobile device's camera is allowed. Valid input for this parameter is $true or $false. The default value is $true.

AllowConsumerEmail

Optional

System.Boolean

The AllowConsumerEmail parameter specifies whether the user can configure a personal email account on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't control access to email accounts using third-party mobile device email programs.

AllowDesktopSync

Optional

System.Boolean

The AllowDesktopSync parameter specifies whether the mobile device can synchronize with a desktop computer through a cable. Valid input for this parameter is $true or $false. The default value is $true.

AllowExternalDeviceManagement

Optional

System.Boolean

The AllowExternalDeviceManagement parameter specifies whether an external device management program is allowed to manage the mobile device. Valid input for this parameter is $true or $false. The default value is $false.

AllowGooglePushNotifications

Optional

System.Boolean

This parameter is available only in the cloud-based service.

The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for OWA for Devices. Valid input for this parameter is $true or $false. The default value is $true.

AllowHTMLEmail

Optional

System.Boolean

The AllowHTMLEmail parameter specifies whether HTML-formatted email is enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. If set to $false, all email is converted to plain text before synchronization occurs.

AllowInternetSharing

Optional

System.Boolean

The AllowInternetSharing parameter specifies whether the mobile device can be used as a modem to connect a computer to the Internet. This process is also known as tethering. Valid input for this parameter is $true or $false. The default value is $true.

AllowIrDA

Optional

System.Boolean

The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

AllowMicrosoftPushNotifications

Optional

System.Boolean

This parameter is available only in the cloud-based service.

The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

AllowMobileOTAUpdate

Optional

System.Boolean

The AllowMobileOTAUpdate parameter specifies whether the policy can be sent to the mobile device over a cellular data connection. Valid input for this parameter is $true or $false. The default value is $true.

AllowNonProvisionableDevices

Optional

System.Boolean

The AllowNonProvisionableDevices parameter specifies whether all mobile devices can synchronize with Exchange. Valid input for this parameter is $true or $false. The default value is $true.

When set to $true, this parameter enables all mobile devices to synchronize with Exchange, regardless of whether the device can enforce all settings that are defined by the policy. This also includes mobile devices managed by a separate device management system. When set to $false, this parameter blocks mobile devices that aren't provisioned from synchronizing with Exchange.

AllowPOPIMAPEmail

Optional

System.Boolean

The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't control access by third-party email programs.

AllowRemoteDesktop

Optional

System.Boolean

The AllowRemoteDesktop parameter specifies whether the mobile device can initiate a remote desktop connection. Valid input for this parameter is $true or $false. The default value is $true.

AllowSimplePassword

Optional

System.Boolean

The AllowSimplePassword parameter specifies whether a simple password is allowed on the mobile device. A simple password is a password that has a specific pattern, such as 1111 or 1234. Valid input for this parameter is $true or $false. The default value is $true.

AllowSMIMEEncryptionAlgorithmNegotiation

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.SMIMEEncryptionAlgorithmNegotiationType

The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm. Valid values for this parameter are:

  • AllowAnyAlgorithmNegotiation

  • BlockNegotiation

  • OnlyStrongAlgorithmNegotiation

The default value is AllowAnyAlgorithmNegotiation.

AllowSMIMESoftCerts

Optional

System.Boolean

The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

AllowStorageCard

Optional

System.Boolean

The AllowStorageCard parameter specifies whether the mobile device can access information stored on a storage card. Valid input for this parameter is $true or $false. The default value is $true.

AllowTextMessaging

Optional

System.Boolean

The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

AllowUnsignedApplications

Optional

System.Boolean

The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

AllowUnsignedInstallationPackages

Optional

System.Boolean

The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages are allowed to run on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

AllowWiFi

Optional

System.Boolean

The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

AlphanumericPasswordRequired

Optional

System.Boolean

The AlphanumericPasswordRequired parameter specifies whether the password for the mobile device must be alphanumeric. Valid input for this parameter is $true or $false. The default value is $false.

ApprovedApplicationList

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.ApprovedApplicationCollection

The ApprovedApplicationList parameter specifies a configured list of approved applications for the device.

AttachmentsEnabled

Optional

System.Boolean

The AttachmentsEnabled parameter specifies whether attachments can be downloaded on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

When set to $false, this parameter blocks the user from downloading attachments on the mobile device.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DeviceEncryptionEnabled

Optional

System.Boolean

The DeviceEncryptionEnabled parameter specifies whether encryption is enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.

When this parameter is set to $true, device encryption is enabled on the mobile device.

DevicePolicyRefreshInterval

Optional

Microsoft.Exchange.Data.Unlimited

The DevicePolicyRefreshInterval parameter specifies how often the policy is sent to the mobile device.

To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds.

The default value is Unlimited.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

This parameter is available only in on-premises Exchange 2013.

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

IrmEnabled

Optional

System.Boolean

The IrmEnabled parameter specifies whether Information Rights Management (IRM) is enabled for the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

IsDefault

Optional

System.Boolean

The IsDefault parameter specifies whether this policy is the default mobile device mailbox policy. Valid input for this parameter is $true or $false. The default value for the built-in mobile device mailbox policy named Default is $true. The default value for new mobile device mailbox policies that you create is $false.

There can be only one default policy. If another policy is currently set as the default, and you set this parameter to $true, this policy becomes the default policy. The value of this parameter on the other policy is automatically changed to $false, and that policy is no longer the default policy.

MaxAttachmentSize

Optional

Microsoft.Exchange.Data.Unlimited

The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the mobile device. Valid input for this parameter is a size value between 0 and 2147482624 bytes (approximately 2 GB), or the value Unlimited. The default value is Unlimited.

Unqualified values are treated as bytes. You can qualify the value with KB (kilobytes), MB (megabytes) or GB (gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4096 or 4KB.

The maximum value is 1024 bytes (one kilobyte) less than two gigabytes (2*1024^3), so these are the maximum qualified values you can use with this parameter.

  • 2097151KB

  • 2047.999024MB

  • 1.999999047GB

MaxCalendarAgeFilter

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.CalendarAgeFilterType

The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to the mobile device. Valid values for this parameter are:

  • All

  • TwoWeeks

  • OneMonth

  • ThreeMonths

  • SixMonths

The default value is All.

MaxEmailAgeFilter

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.EmailAgeFilterType

The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the mobile device. Valid values for this parameter are:

  • All

  • OneDay

  • ThreeDays

  • OneWeek

  • TwoWeeks

  • OneMonth

The default value is All.

MaxEmailBodyTruncationSize

Optional

Microsoft.Exchange.Data.Unlimited

The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated when synchronized to the mobile device. Valid input for this parameter is an integer between 0 and 2147483647 (Int32) or the value Unlimited. The default value is Unlimited.

Unqualified values are treated as bytes. You can qualify the value with KB (kilobytes), MB (megabytes) or GB (gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4KB or 4096.

MaxEmailHTMLBodyTruncationSize

Optional

Microsoft.Exchange.Data.Unlimited

The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML-formatted email messages are truncated when synchronized to the mobile device. Valid input for this parameter is an integer between 0 and 2147483647 (Int32) or the value Unlimited. The default value is Unlimited.

Unqualified values are treated as bytes. You can qualify the value with KB (kilobytes), MB (megabytes) or GB (gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4KB or 4096.

MaxInactivityTimeLock

Optional

Microsoft.Exchange.Data.Unlimited

The MaxInactivityTimeLock parameter specifies the length of time that the mobile device can be inactive before the password is required to reactivate it. This parameter accepts the following values:

  • Timespan   hh:mm:ss, where hh = hours, mm = minutes and ss= seconds. The valid input range is 00:01:00 to 01:00:00 (one minute to one hour).

  • The value Unlimited.

The default value is Unlimited.

MaxPasswordFailedAttempts

Optional

Microsoft.Exchange.Data.Unlimited

The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct password for the mobile device.

You can enter any number from 4 through 16 or the value Unlimited. The default value is Unlimited.

MinPasswordComplexCharacters

Optional

System.Int32

The MinPasswordComplexCharacters parameter specifies the minimum number of complex characters required in a mobile device password. A complex character isn't a letter.

You can enter any number from 1 through 4. The default value is 1.

MinPasswordLength

Optional

System.Int32

The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.

You can enter any number from 1 through 16 or the value $null. The default value is blank. The maximum password length is 16 characters.

MobileOTAUpdateMode

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.MobileOTAUpdateModeType

This parameter is reserved for internal Microsoft use.

Organization

Optional

Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter

This parameter is reserved for internal Microsoft use.

PasswordEnabled

Optional

System.Boolean

The PasswordEnabled parameter specifies whether a password is required on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.

When set to $true, this parameter requires the user to set a password on the mobile device.

PasswordExpiration

Optional

Microsoft.Exchange.Data.Unlimited

The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user is forced to change the password. This parameter accepts the following values:

  • Timespan   ddd.hh:mm:ss, where ddd = days, hh = hours, mm = minutes and ss= seconds. The valid input range is 1.00:00:00 to 730.00:00:00 (one day to two years).

  • The value Unlimited.

The default value is Unlimited.

PasswordHistory

Optional

System.Int32

The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.

You can enter any number from 0 through 50. The default value is 0.

PasswordRecoveryEnabled

Optional

System.Boolean

The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored in Exchange. Valid input for this parameter is $true or $false. The default value is $false.

When set to $true, this parameter enables you to store the recovery password for the mobile device in Exchange. The recovery password can be viewed from Microsoft Outlook Web App or the Exchange admin center.

RequireDeviceEncryption

Optional

System.Boolean

The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.

RequireEncryptedSMIMEMessages

Optional

System.Boolean

The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted S/MIME messages. Valid input for this parameter is $true or $false. The default value is $false.

RequireEncryptionSMIMEAlgorithm

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.EncryptionSMIMEAlgorithmType

The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that's required to encrypt S/MIME messages on a mobile device. The valid values for this parameter are:

  • DES

  • TripleDES

  • RC240bit

  • RC264bit

  • RC2128bit

The default value is TripleDES.

RequireManualSyncWhenRoaming

Optional

System.Boolean

The RequireManualSyncWhenRoaming parameter specifies whether the mobile device must synchronize manually while roaming. Valid input for this parameter is $true or $false. The default value is $false.

RequireSignedSMIMEAlgorithm

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.SignedSMIMEAlgorithmType

The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.

Valid values for this parameter are SHA1 or MD5. The default value is SHA1.

RequireSignedSMIMEMessages

Optional

System.Boolean

The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME messages. Valid input for this parameter is $true or $false. The default value is $false.

RequireStorageCardEncryption

Optional

System.Boolean

The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile device. Valid input for this parameter is $true or $false. The default value is $false.

Setting this parameter to $true also sets the DeviceEncryptionEnabled parameter to $true.

UnapprovedInROMApplicationList

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM on the mobile device.

UNCAccessEnabled

Optional

System.Boolean

The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the mobile device. In on-premises Exchange 2013 organizations, access to specific shares is configured on the Exchange ActiveSync virtual directory.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

WSSAccessEnabled

Optional

System.Boolean

The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device. In on-premises Exchange 2013 organizations, access to specific shares is configured on the Exchange ActiveSync virtual directory.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft