Forum Discussion

Iron Contributor

Jun 11, 2018

Quarantined Mobile Devices - Powershell

Hey Everyone -- I am trying to put together a Powershell script to approve a device that has been quarantined. By default, we quarantine everything and allow only what we want. $MobileDevice = ...

exchange online

MVP

Jun 11, 2018

The cmdlet you are using overrides the list of allowed devices, instead you should be adding to it:

Set-CASMailbox -Identity jdoe -ActiveSyncAlloweDeviceIDs @{add=$MobileDevice.DeviceId}

Iron Contributor

Jun 11, 2018

Thank you - in this particular case, overriding was exactly what I was looking to do. I am still stuck as to why is shows up under my list of Quarantined Devices in the ECP portal. Any idea why that is?

ThomasStensitzki-MVP
MVP
Jun 16, 2018
Have you checked the ActiveSyncOrganizationSettings for your tenant using Get-ActiveSyncOrganizationSettings?
What's the DefaultAccessLevel?
Are there any Intune policies in use?
Cheers,
Thomas
- Stephen Bell
  Iron Contributor
  Jun 17, 2018
  Default Access Level = Quarantine.
  
  We moved to Exchange Online in 2016. From day 1, we have had this policy - all mobile devices get Quarantined until approved by administrator. All of the mobile devices that we have allowed have been allowed manually. When we approve a device manaually (from the Mobile page) - the device is approved and removed from that list.
  
  I am just looking to do the same thing - but with Powershell. Should involve less clicks, pages, and waiting for things to load.
  
  We don't currently have any intune policies in place.
  - ThomasStensitzki-MVP
    MVP
    Jun 18, 2018
    The device state is stored in an Active Directory attribute which needs to be replicated across all domain controllers until the state is properly returned when queried by a Get-MobileDevice cmdlet.
    
    Is the device shown in the list of quarantined devices still? Even after some hours after the device has been allowed?

Resources