Issue with security defaults - activesync clients get quarantined

Iron Contributor


We are seeing issues after enabling Security Defaults where activesync clients get quarantined in Exchange Online and cannot be approved. O365 Support have been unable to tell us why or fix it. 


Has anyone seen this or know how to resolve? Problem clients are all iOS using the native mail app. 


In EXO PS using get-mobiledevice I can see:

DeviceAccessState : Quarantined
DeviceAccessStateReason : AadBlockDueToAccessPolicy


We have no activesync policy to quarantine devices. Some work fine, some get blocked.

5 Replies

Security defaults block legacy auth, which is the most likely reason here.

iOS mail has supported modern auth since version 12. I try and persuade them to use Outlook but some VIPs can be tricky.
Many iOS mail app clients work fine with Security defaults enabled. iOS mail supports modern auth, and I don’t think activesync is a legacy protocol?
We have the same issue. How do you solved it?
Yes, remove the account from the device, approve in exchange quarantine, add again in the device.