We want some control over who syncs their email with their phone and are trying to find the best way to do that. I have gone into the EAC (Office 365) and set the Exchange ActiveSync Access Settings to Quarantine so that all phones get quarantined when they connect. However, what I'd want do is have a specific set of people who can just get allowed automatically either by me creating a list or by pulling from a Group they are a member of or something like that.
I see that it mentions Rules or Personal Exemptions. Rules seem to be to allow or not allow based on the phone model which isn't what I want. And I'm not finding anything on what Personal Exemptions are or where I set them up.
The problem with the active sync policies is that work on the device level, not user. If you want to control it per user, it might be easier to just disable the corresponding protocols via Set-CASMailbox. Alternatively, you can keep the quarantine settings and schedule a PowerShell script that periodically whitelists any devices corresponding to a given user.