Forum Discussion

Stephen Bell's avatar
Stephen Bell
Iron Contributor
Jun 11, 2018

Quarantined Mobile Devices - Powershell

Hey Everyone --

 

I am trying to put together a Powershell script to approve a device that has been quarantined.  By default, we quarantine everything and allow only what we want.

$MobileDevice = Get-MobileDevice -Mailbox jdoe -Filter {DeviceAccessState -eq 'Quarantined'}
# allow the device
Set-CASMailbox -Identity jdoe -ActiveSyncAlloweDeviceIDs $MobileDevice.DeviceId

 

By doing this - mail is now working on that mobile device, however, it still shows up in the list of quarantined devices.   Furthermore - It is still returned as a quarntined device in the Get-MobileDevice cmdlet.

 

Using powershell - how do you get it so it is no longer in the quarantined list?

 

Thanks

Steve

exchange online

12 Replies

Sort By
  • VasilMichev's avatar
    VasilMichev
    MVP
    Jun 11, 2018

    The cmdlet you are using overrides the list of allowed devices, instead you should be adding to it:

     

    Set-CASMailbox -Identity jdoe -ActiveSyncAlloweDeviceIDs @{add=$MobileDevice.DeviceId}

    • Stephen Bell's avatar
      Stephen Bell
      Iron Contributor
      Jun 11, 2018
      Thank you - in this particular case, overriding was exactly what I was looking to do. I am still stuck as to why is shows up under my list of Quarantined Devices in the ECP portal. Any idea why that is?
      • ThomasStensitzki-MVP's avatar
        ThomasStensitzki-MVP
        MVP
        Jun 16, 2018

        Have you checked the ActiveSyncOrganizationSettings for your tenant using Get-ActiveSyncOrganizationSettings?

        What's the DefaultAccessLevel?

        Are there any Intune policies in use?

        Cheers,
        Thomas

Resources