Enable or disable Exchange ActiveSync access to mailboxes in Exchange Server

ActiveSync is a client protocol that lets users synchronize their Exchange mailbox with a mobile device. By default, ActiveSync is enabled on new user mailboxes. Disabling ActiveSync on a mailbox prevents the user from synchronizing their mailbox with a mobile device (by using ActiveSync).

Administrators can use the Exchange admin center (EAC) or the Exchange Management Shell to enable or disable Exchange ActiveSync access to a mailbox.

For more information about ActiveSync, see Exchange ActiveSync.

For information about setting up email on your mobile device, see these topics:

• Set up Office apps and email on iOS devices

• Set up Office apps and email on Android

For additional management tasks related to user access to mailboxes, see these topics:

• Enable or disable Outlook on the web access to mailboxes in Exchange Server

• Enable or disable POP3 or IMAP4 access to mailboxes in Exchange Server

• Enable or disable MAPI access to mailboxes in Exchange Server

What do you need to know before you begin?

• Estimated time to complete: 5 minutes.

• For more information about accessing and using the EAC, see Exchange admin center in Exchange Server.

• To learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

• You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Exchange ActiveSync settings" entry in the Clients and mobile devices permissions topic.

• For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

Enable or disable Exchange ActiveSync access to a single mailbox

Use the EAC to enable or disable Exchange ActiveSync access to a mailbox

1. In the EAC, go to Recipients > Mailboxes.

2. In the list of mailboxes, find the mailbox that you want to modify. You can:

   • Scroll through the list of mailboxes.

   • Click Search and enter part of the user's name, email address, or alias.

   • Click More options > Advanced search to find the mailbox.

     Once you've found the mailbox that you want to modify, select it, and then click Edit .

3. On the mailbox properties page that opens, click Mailbox features.

4. In the Mobile Devices section, configure one of these settings:

   • If ActiveSync is enabled on the mailbox, you'll see a Disable Exchange ActiveSync link. Click the link to disable ActiveSync, and then click Yes in the warning message that appears.

   • If ActiveSync is disabled on the mailbox, you'll see a Enable Exchange ActiveSync link. Click the link to enable ActiveSync.

     

     When you're finished, click Save.

Use the Exchange Management Shell to enable or disable Exchange ActiveSync access to a mailbox

To enable or disable ActiveSync access to a single mailbox, use this syntax:

Set-CasMailbox -Identity <MailboxIdentity> -ActiveSyncEnabled <$true | $false>

This example disables ActiveSync access to the mailbox named Yan Li.

Set-CasMailbox -Identity "Yan Li" -ActiveSyncEnabled $false

This example enables ActiveSync access to the mailbox named Elly Nkya.

Set-CasMailbox -Identity "Elly Nkya" -ActiveSyncEnabled $true

For detailed syntax and parameter information, see Set-CASMailbox.

Enable or disable Exchange ActiveSync access to multiple mailboxes

Use the EAC to enable or disable Exchange ActiveSync access to multiple mailboxes

1. In the EAC, go to Recipients > Mailboxes.

2. In the list of mailboxes, find the mailboxes that you want to modify. You can:

   • Scroll through the list of mailboxes.

   • Click Search and enter part of the user's name, email address, or alias.

   • Click More options > Advanced search to find the mailbox.

3. In the list of mailboxes, select multiple mailboxes of the same type (for example, User) from the list. For example:

   • Select a mailbox, hold down the Shift key, and select another mailbox that's farther down in the list.

   • Hold down the CTRL key as you select each mailbox.

   After you select multiple mailboxes of the same type, the title of the details pane changes to Bulk Edit.

4. In the details pane, scroll down to Exchange ActiveSync, click Enable or Disable, and then click OK in the warning message that appears.

   Bulk select mailboxes in the EAC to enable or disable Exchange ActiveSync

Use the Exchange Management Shell to enable or disable Exchange ActiveSync access to multiple mailboxes

You can use the Get-Mailbox, Get-User or Get-Content cmdlets to identify the mailboxes that you want to modify. For example:

• Use the OrganizationalUnit parameter to filter the mailboxes by organizational unit (OU).

• Use the Filter parameter to create OPATH filters that identify the mailboxes. For more information, see Filterable Properties for the -Filter Parameter.

• Use a text file to specify the mailboxes. The text file contains one mailbox (email address, name, or other unique identifier) on each line like this:

  ebrunner@tailspintoys.com
  fapodaca@tailspintoys.com
  glaureano@tailspintoys.com
  hrim@tailspintoys.com

This example disables ActiveSync access to all user mailboxes in the North America\Finance OU.

$NAFinance = Get-Mailbox -OrganizationalUnit "OU=Marketing,OU=North America,DC=contoso,DC=com" -Filter "RecipientTypeDetails -eq 'UserMailbox'" -ResultSize Unlimited; $NAFinance | foreach {Set-CasMailbox $_.Identity -ActiveSyncEnabled $false}

This example disables ActiveSync access to all user mailboxes in the Engineering department in Washington state.

Get-User -Filter "RecipientType -eq 'UserMailbox' -and Department -like 'Engineering*' -and StateOrProvince -eq 'WA'" | Set-CasMailbox -ActiveSyncEnabled $false

This example uses the text file C:\My Documents\Accounts.txt to disable ActiveSync access to the specified mailboxes.

Get-Content "C:\My Documents\Accounts.txt" | foreach {Set-CasMailbox $_ -ActiveSyncEnabled $false}

For detailed syntax and parameter information, see Get-Mailbox and Get-User.

How do you know this worked?

To verify that you've successfully enabled or disabled Exchange ActiveSync access to a mailbox, do any of these steps:

• In the EAC, go to Recipients > Mailboxes > select the mailbox > click Edit > Mailbox features > and verify the Exchange ActiveSync value in the Mobile Devices section.

  • If ActiveSync access is enabled for the mailbox, you'll see Disable Exchange ActiveSync.

  • If ActiveSync access is disabled for the mailbox, you'll see Enable Exchange ActiveSync.

  

• In the Exchange Management Shell, replace <MailboxIdentity> with the identity of the mailbox (for example, name, alias, or email address), and run this command:

  Get-CasMailbox -Identity "<MailboxIdentity>"
  

• Use the same filter that you used to identify the mailboxes, but use the Get-CasMailbox cmdlet instead of Set-CasMailbox. For example:

  Get-User -Filter "RecipientType -eq 'UserMailbox' -and Department -like 'Engineering*' -and StateOrProvince -eq 'WA'" | Get-CasMailbox
  

• In the Exchange Management Shell, run this command to show all mailboxes where ActiveSync access is disabled:

  Get-CasMailbox -ResultSize unlimited -Filter "ActiveSyncEnabled -eq `$false"