Issue with security defaults - activesync clients get quarantined

Question

&nbsp;We are seeing issues after enabling Security Defaults where activesync clients get quarantined in Exchange Online and cannot be approved. O365 Support have been unable to tell us why or fix it.&nbsp;&nbsp;Has anyone seen this or know how to resolve? Problem clients are all iOS using the native mail app.&nbsp;&nbsp;In EXO PS using&nbsp;get-mobiledevice I can see:DeviceAccessState : QuarantinedDeviceAccessStateReason : AadBlockDueToAccessPolicy&nbsp;We have no activesync policy to quarantine devices. Some work fine, some get blocked.

vasilmichev · Answer

Security defaults block legacy auth, which is the most likely reason here.

cloudhal · Answer

iOS mail has supported modern auth since version 12. I try and persuade them to use Outlook but some VIPs can be tricky.

cloudhal · Answer

Many iOS mail app clients work fine with Security defaults enabled. iOS mail supports modern auth, and I don’t think activesync is a legacy protocol?

bglr440 · Answer

Hi,We have the same issue. How do you solved it?

cloudhal · Answer

Yes, remove the account from the device, approve in exchange quarantine, add again in the device.

Forum Discussion

Issue with security defaults - activesync clients get quarantined

5 Replies

Resources