Forum Discussion
Disable exchange mobile devices from viewing and downloading attachments.
Hi
The company required that you can view and download attachments on outlook on the computer, but refused to view and download attachments on mobile devices, only the body of the email. How to do this, exhcange 2016 CU23
- kyazaferrIron Contributor
Use Mobile Device Mailbox Policies in Exchange ActiveSync
Exchange ActiveSync (EAS) allows you to create policies that control mobile devices' access to email and data. You can configure a policy that disables attachments on mobile devices.
Steps to Restrict Attachments on Mobile Devices:
- Create a new Mobile Device Mailbox Policy:
- Open the Exchange Management Shell (EMS).
- Run the following command to create a new policy
If users are accessing emails from Outlook Web Access (OWA) and should be able to view and download attachments, you don’t need to restrict that functionality, but ensure it works for Outlook desktop and OWA users as expected.
You can manage access to OWA through Exchange policies, but by default, attachments are allowed for OWA users.
3. Configure Device Access for Mobile Devices
You might want to manage which devices are allowed to sync and enforce the policy further:
- You can restrict the types of devices allowed to sync by configuring the Mobile Device Access Rules:
- Go to Exchange Admin Center (EAC).
- Navigate to Mobile > Mobile Device Access.
- You can set device access to Blocked for some device types or configure access rules based on device characteristics.
4. Testing and Validation
After applying these policies, you should verify the behavior on both desktop Outlook and mobile devices:
- On Outlook desktop, users should still be able to view and download attachments.
- On mobile devices, attachments should be blocked while they can still view the email body.
Checking the Policy Status:
To check which policy is applied to a user, use:
- You can restrict the types of devices allowed to sync by configuring the Mobile Device Access Rules:
- TonyMuCopper Contributor
Is it OK to run the command for all mobile device restriction policies? Step 3 Check whether the command does not need to be executed. In addition, is the text viewed on the mobile devices not affected?
- kyazaferrIron Contributor
- Review Before Execution: Step 3, which mentions checking if the command needs to be executed, is crucial. Always verify if the existing policies meet your requirements before running any new command. Running a command unnecessarily could result in duplicate or conflicting policies.
- Command Testing: It's a good practice to test commands in a controlled environment or on a small set of devices before applying them organization-wide. This ensures that you can confirm the behavior without disrupting all users.
- Impact on Mobile Devices: Commands affecting mobile device policies can potentially modify user experience, such as restricting features, enforcing passcodes, or managing data access. Verify that the specific command you're using won't interfere with existing policy settings that your users rely on.
- Text Display: If the policy affects display or access (e.g., restricting clipboard use, preventing screenshots, or altering content display permissions), confirm that user-facing text or information is not negatively impacted. This is especially important for productivity apps or communication tools.
- Monitoring Changes: After deploying any command, monitor the devices to ensure the policies apply as expected and that no unintended issues arise
- Create a new Mobile Device Mailbox Policy: