Forum Discussion
Stephen Bell
Jun 11, 2018Iron Contributor
Quarantined Mobile Devices - Powershell
Hey Everyone -- I am trying to put together a Powershell script to approve a device that has been quarantined. By default, we quarantine everything and allow only what we want. $MobileDevice = ...
Stephen Bell
Jun 21, 2018Iron Contributor
So here is what I just found out -- here is what I was running, and the device was still in the quarantined list.
$MobileDevice = Get-MobileDevice -Mailbox jdoe -Filter {DeviceAccessState -eq 'Quarantined'}
# allow the device
Set-CASMailbox -Identity jdoe -ActiveSyncAlloweDeviceIDs $MobileDevice.DeviceId
If I then run:
$MobileDevice.DeviceAccessState = 'Allowed'
$MobileDevice.DeviceAccessStateReason = 'Individual'
The device is no longer shown in the mobile device list as quarantined.
-Steve
Que Dang
Mar 26, 2019Copper Contributor
Nearly perfect. A small typo on this line:
Set-CASMailbox -Identity jdoe -ActiveSyncAlloweDeviceIDs $MobileDevice.DeviceId
Throws an error. This should work:
Set-CASMailbox -Identity jdoe -ActiveSyncAllowedDeviceIDs $MobileDevice.DeviceId
Que
- taoxul2006gmailcomOct 27, 2022Copper ContributorCholsonic
Unable to the parameter ActiveSyncAllowedDeviceIDs binding to the target. Exception occurs when set "ActiveSyncAllowedDeviceIDs" : "this attribute length is too long. The maximum length is 256 and the length of the supplied value is 557."
Location C:\Users\xuliang.tao\AppData\Local\Temp\tmp_350par2z.3gp\ tMP_350PAR2Z.3Gp.pSM1:70471 characters: 9
+ $steppablePipeline.End()
+ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
+ CategoryInfo : WriteError: (:) [Set-CASMailbox], ParameterBindingException
+ FullyQualifiedErrorId : ParameterBindingFailed,Microsoft.Exchange.Management.RecipientTasks.SetCASMailbox
There are too maney devices,show this error - CholsonicApr 10, 2019Copper Contributor
We were rolling out Android devices and wanted a way to allow all these whilst the roll out was happening. With help from this thread I wrote this;
$BlockedDevices = @(Get-MobileDevice -Filter 'DeviceAccessState -eq "Blocked"')
$BlockedDevices.Foreach({
Get-CASMailbox -Filter "ActiveSyncBlockedDeviceIDs -eq `'$($_.DeviceId)`'" | Set-CASMailbox -ActiveSyncAllowedDeviceIDs @{add=$($_.DeviceId)}
})You would probably want to narrow down the Get-MobileDevice filter so BlockedDevices only contains the Devices you want allowing (DeviceModel for example if you are rolling out same hardware)
We ran it on a schedule during the rollout.
Hope this helps someone