How to Disable a Device for Exchange ActiveSync

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

Topic Last Modified: 2016-11-10

Microsoft Exchange Server 2007 enables you to restrict access to Exchange ActiveSync by using the device ID. This feature prevents users from synchronizing unauthorized devices with Exchange 2007. You can configure this restriction on each user's mailbox. By default, if Exchange ActiveSync is enabled for a user, the user can synchronize their Exchange mailbox with any device. To restrict a user to a specific device, populate the ActiveSyncAllowedDeviceIDs parameter from the Set-CASMailbox task. If Exchange ActiveSync is not enabled for the user, they will be unable to synchronize any device with Exchange. This topic provides instructions for how to prevent a specific device from synchronizing with Microsoft Exchange. This task can be completed only by using the Exchange Management Shell.

To perform the following procedure, the account you use must be delegated the following:

  • Exchange Recipient Administrator role

  • Membership in the local Administrators group

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Also, before you perform this procedure, make sure that Exchange ActiveSync is enabled for the user.

  • To prevent a device from synchronizing with Microsoft Exchange, you must remove its device ID from the ActiveSyncAllowedDeviceIDs parameter list. To do this, run the following command:

    Set-CASMailbox -Identity: "EmailAlias" -ActiveSyncAllowedDeviceIDs: "<DeviceID_1>","<DeviceID_2>"
    There is no built-in functionality for retrieving the device ID before the user synchronizes with the Exchange server. After the user has synchronized the device with the Exchange server, you can run the following command to retrieve the device ID:
    Get-ActiveSyncDeviceStatistics -Mailbox:"<EmailAlias>" |fl DeviceID 

For more information about syntax and parameters, see Set-CASMailbox.

For more information about how to manage Windows Mobile powered devices, visit the Windows Mobile Center Web site.