Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.13
  3. Administration
  4. Email, calendar, and contacts
  5. Controlling which devices can access Exchange ActiveSync
  6. Allow only authorized devices to access Exchange ActiveSync
  7. Configure Microsoft Exchange to allow only authorized devices to access Exchange ActiveSync

Configure 
Microsoft Exchange
 to allow only authorized devices to access 
Exchange ActiveSync

You must configure 
Microsoft Exchange Server
 2010 or later to allow only authorized devices to access 
Exchange ActiveSync
. Devices for existing users that are not explicitly added to the allowed list in 
Microsoft Exchange
 must be quarantined until 
BlackBerry UEM
 allows them access.
Only one email client can be whitelisted for each device. The priority for email application whitelisting is as follows:
  1. Email applications with App config that contains Exchange Server whitelisting data (only for Android Enterprise or Samsung KNOX Play for Work
  2. BlackBerry Work
  3. Email client in which EAS ID is sent during enrollment 
To perform this task, you must be a 
Microsoft Exchange
 administrator with the appropriate permissions to configure the Set-ActiveSyncOrganizationSettings. For information about how to allow only authorized devices to access 
Exchange ActiveSync
, visit technet.microsoft.com to read article 
Enable a Device for 
Exchange ActiveSync
.
  • Verify with your 
    Microsoft Exchange
     administrator whether or not there are any users currently using 
    Exchange ActiveSync
    .
  • If your organization’s default access level for 
    Exchange ActiveSync
     is set to allow, and you have users setup and successfully synchronizing their devices, you must make sure that these users have a personal exemption or device rule associated to their user account or device before you set the default access level to quarantine. If they do not, then they are quarantined and their devices do not synchronize until they are allowed by 
    BlackBerry UEM
    . For more information about setting the default access level for 
    Exchange ActiveSync
     to quarantine, visit support.blackberry.com/community to read article 36800.
  1. On a computer that hosts the 
    Microsoft Exchange Management Shell
    , open the 
    Microsoft Exchange Management Shell
    .
  2. Type 
    Set-ActiveSyncOrganizationSettings –DefaultAccessLevel Quarantine
    . Press ENTER.