Powershell integration with office 365 for AirWatch

Create new group [AirWatch PowerShell Management] and assign roles

Mail Recipients
Organization Client Access
Recipient Policies


On AirWatch console, enable ExecutionPolicy RemoteSigned

Set-ExecutionPolicy RemoteSigned

Connect to 365 and query for ActiveSyncAllowedDeviceIDs

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session


Configure Exchange to Block or Quarantine mobile devices

Set-ActiveSyncOrganizationSettings -DefaultAccessLevel quarantine
Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Block


Query CASMailBox



Disable POP for a user

Get-Mailbox UserNameX | Set-CASMailbox -PopEnabled $false


Disable MAPI for all users (Do not disable if you are connecting via Exchange)

Get-Mailbox | Set-CASMailbox -MAPIEnabled $false

Disable OWA for all users

Get-Mailbox | Set-CASMailbox -OWAEnabled $false

Disable IMAP for all users

Get-Mailbox | Set-CASMailbox -ImapEnabled $false

Disable ActiveSync for all users

Get-Mailbox | Set-CASMailbox -ActiveSyncEnabled $false



Get-MobileDevice -Mailbox Kim
Get-MobileDevice -Mailbox Kim | select Device*, Identity, FirstSyncTime
Clear-MobileDevice -Identity xyz123MobileDeviceIdentity123xyz

Remove the device association after wipe


Push Profile for iPhone users

DEVICES > Profiles & Resources > Profiles > Apple iOS > Add Version > Save & Publish
EMAIL > Compliance Policies > select Production > Run Compliance

Query for ActiveSyncAllowedDeviceIDs & ActiveSyncBlockedDeviceIDs

Get-CASMailbox -Identity Kim | select {$_.ActiveSyncAllowedDeviceIDs}
Get-CASMailbox -Identity Kim | select {$_.ActiveSyncBlockedDeviceIDs}

Get mobile devices belong to Kim

Get-MobileDevice -Mailbox Kim
Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Quarantined'}
Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Blocked'}
Get-MobileDevice -Mailbox Kim -Filter {DeviceAccessState -eq 'Allowed'}


Get all mobile mobile devices by DeviceAccessState

Get-MobileDevice -Filter {DeviceAccessState -eq 'Quarantined'}
Get-MobileDevice -Filter {DeviceAccessState -eq 'Blocked'}
Get-MobileDevice -Filter {DeviceAccessState -eq 'Allowed'}


Get mobile device statistics

Get-MobileDeviceStatistics -Mailbox kim | fl DeviceID 


Allow/Block ActiveSyncAlloweredDeviceID

Set-CASMailbox -Identity kim -ActiveSyncAllowedDeviceIDs "deviceID1", "deviceID2"
Get-CASMailbox -Identity Kim | select {$_.ActiveSyncAllowedDeviceIDs}

Set-CASMailbox -Identity kim -ActiveSyncBlockedDeviceIDs "deviceID1", "deviceID2"
Get-CASMailbox -Identity Kim | select {$_.ActiveSyncBlockedDeviceIDs}

#View both Allow & Block
Get-CASMailbox -Identity kim | fl activesync*
#Add Allowed
Set-CASMailbox -Identity kim -ActiveSyncAllowedDeviceIDs @{add='xyzxyzxyzxyz'}
#Remove Blocked
Set-CASMailbox -Identity kim -ActiveSyncBlockedDeviceIDs @{remove='xyzxyzxyzxyz'}


Get PowerShell version



Requires renewal once a year (Apple Push Certificates Portal)


Check Office 365 (SMTP) port
smtp.office365.com (port 587)



Leave a Comment

Your email address will not be published. Required fields are marked *