Exchange ActiveSync policies for managing devices in Office 365


Topic Last Modified: 2015-05-27

Using mobile devices like smartphones and tablets to access to work email, calendar, contacts, and tasks plays a big part in making sure that employees get their work done anytime, from anywhere. But it’s critical that you can manage and secure these devices when they’re connected to your Office 365 organization.

You have several options for managing mobile devices that use Office 365 services. If you want to manage access to both email and documents, you can choose between using Overview of Mobile Device Management for Office 365 or Microsoft Intune. Compare the features offered by each service so you can choose which one is best for your needs. Or, if you only need to manage Exchange services, you can set up Exchange ActiveSync policies, as described in this article.

Follow the guidance here to set up Exchange ActiveSync policies in Office 365 admin centers to perform common device management tasks, such as:

  • Set device access rules

  • Create mobile mailbox device policies

  • Allow, block, wipe, or delete mobile devices

  • View reports about devices

In this topic

What types of devices can you manage?

Setup steps for users

Device management tasks and where you’ll perform them

Advanced device management with Microsoft Intune

You can use policies you set up in Office 365 to manage any device that uses Exchange ActiveSync to synchronize with your organization’s email, calendar, contacts, and tasks. Exchange ActiveSync is offered on many mobile devices such as Windows Phone, Windows 8 tablets, Android, BlackBerry®, and iOS devices (iPhone and iPad). To learn more about Exchange ActiveSync, see Exchange ActiveSync in Exchange Online.

Exchange ActiveSync connects devices to Office 365
To manage the BlackBerry smartphones in your organization, you’ll need to enable BlackBerry® Business Cloud Services. To do this, in the Office 365 admin center, go to service settings > mobile and follow the instructions from there.

Exchange ActiveSync is enabled by default, so any user with an Exchange ActiveSync device just needs to run through a few steps to sync their device with your organization. For details, point your users to this topic: Set up and use Office 365 on your phone or tablet.

There are a few places you’ll go to manage the devices in your organization. This table shows some common device management tasks and where you'll go to perform them.


To do this… Go here For more information

Block, allow, wipe, or delete a device

Exchange admin center: recipients > mailboxes tab > select user > click View details under Mobile Devices.

Perform a Remote Wipe on a Mobile Phone

Configure access rules for specific device families and models

Exchange admin center: mobile > mobile device access tab > Device Access Rules.

The section “Creating a device (or a family of devices) rule” in Controlling Exchange ActiveSync device access

Configure device mailbox policies, such as mobile device password requirements and security settings

Exchange admin center: mobile > mobile device mailbox policies tab

Mobile Device Mailbox Policies in Exchange Online

Configure Exchange ActiveSync access settings (including Allow, Block, or Quarantine)

Exchange admin center: mobile > mobile device access tab> Exchange ActiveSync Access Settings > edit

Set up and manage mobile access for your users

Controlling Exchange ActiveSync device access using the Allow/Block/Quarantine list

Enable or disable Exchange ActiveSync

Exchange admin center: recipients > mailboxes tab > select user > click Enable Exchange ActiveSync or Disable Exchange ActiveSync under Mobile Devices.

Enable or Disable Exchange ActiveSync for a Mailbox

View device details

Exchange admin center: recipients > mailboxes tab > select user > click View details under Mobile Devices > select device > click Details.

View Mobile Device Information for Users

View detailed reports about the devices in your organization (Browser used and Operating system used reports)

Office 365 admin center: reports > devices

View browser or operating system usage reports for Office 365

Looking for more advanced mobile device management capabilities? Consider Microsoft Intune. Like Office 365, Microsoft Intune is a cloud-based service that can help you protect and manage the Exchange ActiveSync devices in your organization. But Intune not only lets you manage a wider range of devices (including computers that run Windows), but it also provides rich mobile device and computer management capabilities such as:

  • Monitoring

  • Encryption settings

  • Hardware and software inventory

  • Application settings

  • Much more…

To evaluate whether Intune is a good fit for your organization, check out the Evaluate Microsoft Intune guide.