Create new group [AirWatch PowerShell Management] and assign roles
Mail Recipients Organization Client Access Recipient Policies
On AirWatch console, enable ExecutionPolicy RemoteSigned
Set-ExecutionPolicy RemoteSigned
Connect to 365 and query for ActiveSyncAllowedDeviceIDs
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Configure Exchange to Block or Quarantine mobile devices
Get-ActiveSyncOrganizationSettings Set-ActiveSyncOrganizationSettings -DefaultAccessLevel quarantine or Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Block
Query CASMailBox
Get-CASMailBox
Disable POP for a user
Get-Mailbox UserNameX | Set-CASMailbox -PopEnabled $false
Disable MAPI for all users (Do not disable if you are connecting via Exchange)
Get-Mailbox | Set-CASMailbox -MAPIEnabled $false
Disable OWA for all users
Get-Mailbox | Set-CASMailbox -OWAEnabled $false
Disable IMAP for all users
Get-Mailbox | Set-CASMailbox -ImapEnabled $false
Disable ActiveSync for all users
Get-Mailbox | Set-CASMailbox -ActiveSyncEnabled $false
Wipe
Get-MobileDevice -Mailbox Kim Get-MobileDevice -Mailbox Kim | select Device*, Identity, FirstSyncTime Clear-MobileDevice -Identity xyz123MobileDeviceIdentity123xyz Remove the device association after wipe
Troubleshooting
Push Profile for iPhone users
DEVICES > Profiles & Resources > Profiles > Apple iOS > Add Version > Save & Publish EMAIL > Compliance Policies > select Production > Run Compliance
Query for ActiveSyncAllowedDeviceIDs & ActiveSyncBlockedDeviceIDs
Get-CASMailbox -Identity Kim | select {$_.ActiveSyncAllowedDeviceIDs} Get-CASMailbox -Identity Kim | select {$_.ActiveSyncBlockedDeviceIDs}
Get mobile devices belong to Kim
Get-MobileDevice -Mailbox Kim Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Quarantined'} Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Blocked'} Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Allowed'}
Get all mobile mobile devices by DeviceAccessState
Get-MobileDevice -Filter {DeviceAccessState -eq 'Quarantined'} Get-MobileDevice -Filter {DeviceAccessState -eq 'Blocked'} Get-MobileDevice -Filter {DeviceAccessState -eq 'Allowed'}
Get mobile device statistics
Get-MobileDeviceStatistics -Mailbox kim | fl DeviceID
Allow/Block ActiveSyncAlloweredDeviceID
Set-CASMailbox -Identity kim -ActiveSyncAllowedDeviceIDs "deviceID1", "deviceID2" Get-CASMailbox -Identity Kim | select {$_.ActiveSyncAllowedDeviceIDs} Set-CASMailbox -Identity kim -ActiveSyncBlockedDeviceIDs "deviceID1", "deviceID2" Get-CASMailbox -Identity Kim | select {$_.ActiveSyncBlockedDeviceIDs} #View both Allow & Block Get-CASMailbox -Identity kim | fl activesync* #Add Allowed Set-CASMailbox -Identity kim -ActiveSyncAllowedDeviceIDs @{add='xyzxyzxyzxyz'} #Remove Blocked Set-CASMailbox -Identity kim -ActiveSyncBlockedDeviceIDs @{remove='xyzxyzxyzxyz'}
Get PowerShell version
$PSVersionTable
Requires renewal once a year (Apple Push Certificates Portal)
https://identity.apple.com/pushcert/
Check Office 365 (SMTP) port
smtp.office365.com (port 587)