Forum Discussion
How can I disable a phone from getting email if it's already authorized?
Disabling ActiveSync should not have any effect, as the Outlook app now uses a new protocol. OWA doesn't relate to the mobile Outlook app. The -OutlookMobileEnabled parameter is what you should use.
Removing the device should work however, perhaps with some delay due to token expiration and stuff (you can try revoking tokens to speed it up). Other than that, you can use device access rule or blacklist the client for EWS.
All this and more is summarized here: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#blocking-outlook-for-ios-and-android
VasilMichevI set my own account to OutlookMobileEnabled: False but am still able to send and receive from my phone. Maybe it takes a bit to take effect so I'll try again in a bit.
The reason we are doing this is we have an internal Mobile Device Policy that everyone has to agree to if they want to sync their email to their phone. We want to disable the ability to get email on their phones by default and then we can enable it for people as they sign the policy form. Is there a good way to do that? I thought I saw something you could set so all device go into quarantine as soon as they try to connect and then we could Allow the device for people once they've agreed to the policy.
Thanks.
Ok so here's the update.
After a while, my Outlook app did come up and tell me I was blocked so it appears that setting the OutlookMobileEnabled setting does prevent people from getting into Outlook.
I also found these instructions that will push every phone into Quarantine when it connects:
If I use the OutlookMobileEnabled setting, I can set that to False for all users and then set it to True once someone signs our policy document. Pro is that it's on the user's account and not phone specific. Con is that it has to be done through Powershell and I don't know if there's a way to make False be the default for all new users that get created.
If I use the Quarantine method, I can make this the default so all phones get blocked by default. Pro is that it's automatic, it can send an email when a phone goes in quarantine, and it can be released through the GUI. Con is that it's per device so any time a user gets a new phone, we'll have to release it.
Is there any setting that applies at the user lever, can be made defaulted to off for all users, and can be turned on/off from within the Admin portal?
Thanks.
There isn't one. The OutlookMobileEnabled is client-specific, it will not block clients other than Outlook, so you might want to combine that with the additional ActiveSync controls. It's very easy to automate via PowerShell, so you can just provide a script instead of the UI option.
