Powershell integration with office 365 for AirWatch

Create new group [AirWatch PowerShell Management] and assign roles

Mail Recipients
Organization Client Access
Recipient Policies

 

On AirWatch console, enable ExecutionPolicy RemoteSigned

Set-ExecutionPolicy RemoteSigned

Connect to 365 and query for ActiveSyncAllowedDeviceIDs

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

 

Configure Exchange to Block or Quarantine mobile devices

Get-ActiveSyncOrganizationSettings
Set-ActiveSyncOrganizationSettings -DefaultAccessLevel quarantine
or
Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Block

 

Query CASMailBox

Get-CASMailBox

 

Disable POP for a user

Get-Mailbox UserNameX | Set-CASMailbox -PopEnabled $false

 

Disable MAPI for all users (Do not disable if you are connecting via Exchange)

Get-Mailbox | Set-CASMailbox -MAPIEnabled $false

Disable OWA for all users

Get-Mailbox | Set-CASMailbox -OWAEnabled $false

Disable IMAP for all users

Get-Mailbox | Set-CASMailbox -ImapEnabled $false

Disable ActiveSync for all users

Get-Mailbox | Set-CASMailbox -ActiveSyncEnabled $false

 

Wipe

Get-MobileDevice -Mailbox Kim
Get-MobileDevice -Mailbox Kim | select Device*, Identity, FirstSyncTime
Clear-MobileDevice -Identity xyz123MobileDeviceIdentity123xyz

Remove the device association after wipe

Troubleshooting

Push Profile for iPhone users

DEVICES > Profiles & Resources > Profiles > Apple iOS > Add Version > Save & Publish
EMAIL > Compliance Policies > select Production > Run Compliance

Query for ActiveSyncAllowedDeviceIDs & ActiveSyncBlockedDeviceIDs

Get-CASMailbox -Identity Kim | select {$_.ActiveSyncAllowedDeviceIDs}
Get-CASMailbox -Identity Kim | select {$_.ActiveSyncBlockedDeviceIDs}

Get mobile devices belong to Kim

Get-MobileDevice -Mailbox Kim
Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Quarantined'}
Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Blocked'}
Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Allowed'}

 

Get all mobile mobile devices by DeviceAccessState

Get-MobileDevice -Filter {DeviceAccessState -eq 'Quarantined'}
Get-MobileDevice -Filter {DeviceAccessState -eq 'Blocked'}
Get-MobileDevice -Filter {DeviceAccessState -eq 'Allowed'}

 

Get mobile device statistics

Get-MobileDeviceStatistics -Mailbox kim | fl DeviceID 

 

Allow/Block ActiveSyncAlloweredDeviceID

Set-CASMailbox -Identity kim -ActiveSyncAllowedDeviceIDs "deviceID1", "deviceID2"
Get-CASMailbox -Identity Kim | select {$_.ActiveSyncAllowedDeviceIDs}

Set-CASMailbox -Identity kim -ActiveSyncBlockedDeviceIDs "deviceID1", "deviceID2"
Get-CASMailbox -Identity Kim | select {$_.ActiveSyncBlockedDeviceIDs}

#View both Allow & Block
Get-CASMailbox -Identity kim | fl activesync*
#Add Allowed
Set-CASMailbox -Identity kim -ActiveSyncAllowedDeviceIDs @{add='xyzxyzxyzxyz'}
#Remove Blocked
Set-CASMailbox -Identity kim -ActiveSyncBlockedDeviceIDs @{remove='xyzxyzxyzxyz'}

 

Get PowerShell version

$PSVersionTable

 

Requires renewal once a year (Apple Push Certificates Portal)

https://identity.apple.com/pushcert/

Check Office 365 (SMTP) port
smtp.office365.com (port 587)

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *