Controlling Activesync Access Exchange 2010 SP1

As smartphone become more and more popular with their ever increasing power to connect to various messaging services, the demand to have email access on phones is greater than ever before.  People expect to be connected at all times.  The Exchange Activesync technology continues to evolve as a product and it is an integral part of the Exchange 2010 SP1 infrastructure.  Knowing how to control and administer Activesynce is crucial if you are an Exchange admin.  We want to look at a few areas of administering the Activesync environment and how you can effectively manage user connections, phones, and privileges with Activesync.

There are several built-in tools in Exchange 2010 SP1 that allow administrators to control ActiveSync environments.  This includes:

  • Controlling the default behavior on accepting EAS connections
  • Control which Family of devices as well as models are able to connect to the ActiveSync Service
  • Control which users are able to connect via EAS
  • Remove devices from a user’s mailbox profile
  • Remotely wipe devices from the Exchange console

After logging into Outlook Web Access as an Exchange Administrator, you can “Manage the Organization” from within the Outlook Web Access Options.  This menu can be found on the right hand side by pulling down the menu underneath the username… See All Options


Then look for the Manage My Organization


After clicking the “My Organization” tab you have access to manage the EAS Access and Policy



Default Exchange ActiveSync Settings – defining what you want the default behavior to be when a device attempts to connect via EAS.  This can also be done via the EMS

Set-ActiveSyncOrganizationSettings –DefaultAccessLevel Quarantine –AdminMailRecipients AdminEmailAddress


Device rules allow you to control which Family of phones and models are able to connect via the EAS service.  An example of the EMS command also:

New-ActiveSyncDeviceAccessRule –AccessLevel Block –Characteristic DeviceType –QueryString PocketPC



The device Access Rules are really cool because you can specify which types (family, models, etc) are allowed to connect to EAS

Exchange builds a “memory” of phones that have been able to connect via the EAS policy and lists the devices under the “Family” of phones


Same goes for the model of phones….you can choose which models have access.

Removing and wiping a phone is very easy in the Exchange Management Console….simply right click on a user and choose “Manage Mobile Phone”


In the console you can see the agent that has connected to the EAS service.  You can choose to “Remove mobile phone partnership” or “Perform a remote wipe to clear mobile phone data”.


Final Thoughts

Exchange provides really powerful native tools to manage ActiveSync access which is becoming more of a concern for administrators these days.  Corporate policies are quickly changing and mandatory accepted devices are already in place for many organizations.  System Administrators and Messaging Administrators do well to become familiar with the capabilities of controlling the EAS access and policy and if a particular organization does not have those controls in place now, they are sure to come.


Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.