Hi guys,
In my last exchange migration to O365 my customer had the requirement to block all BYOD because for security reasons email department verify and manage all mobile devices. How? as always, asigning IMEI device ID to the user mailbox in O365.
Steps to acomplish that:
First of all you need to go to Exchange Online and there go to mobile section. Push on Edit.
On the window select Block access and push on save
After that action, you can use the below command to asign devices to usermailboxes:
Set-CASMailbox user@domain.com -ActiveSyncAllowedDeviceIDs «ID»
To check some user use:
Get-CasMailbox username | fl ActiveSyncAllowedDeviceIDs
If you have a large correlation of users – devices you can use my script. It’s very useful!!
- You need a csv file with a list of users called migration.csv. Save it on C:\migration folder.
2. You need a file called Device_Info.csv where you have all device IMEI info exported from on-prem. Save it on C:\migration folder.
3. A csv file called LoteYYYYMMDD.csv where you have all users in O365.
4. The magic script:
param(
[string]$Script:sourcefilename = «migration.csv»,
[System.Management.Automation.CredentialAttribute()]$cred = $null
)
Write-Host «This script must be run from a Powershell AD AZURE»
Write-Host «We load the list of users migrated from file $($Script:sourcefilename)»
$migrados = Import-Csv $Script:sourcefilename
if([String]::IsNullOrEmpty($cred)){$cred = Get-credential}
Write-Host «We load the list of devices.»
$Users = Import-Csv “C:\MIGRATION\Device_Info.csv” | Sort-Object PrimarySMTPAddress
$UserID = $null
Foreach ($user in $Users)
{
#Let’s see if the device line in the file contains a migrated user
$containsMailMigrado = $migrados | %{$_ -match $user.PrimarySMTPAddress}
If($containsMailMigrado -contains $true)
{
Write-Host » Finded MailMigrado – $($user.PrimarySMTPAddress)»
$UserID = $user.PrimarySMTPAddress
$DeviceID = $user.DeviceID
Write-Host » Adding device DeviceID = $($DeviceID)»
Set-CASMailbox -Identity $UserID -activesyncalloweddeviceid @{Add=$DeviceID}
}
}
Save that script as ScriptDevicesO365.PS1
Having all requisites showed above you can execute the line .\ScriptDevicesO365.PS1 LoteYYYMMDD.csv $UserCredential that will permit all your corporate devices be used with the assigned user on Office 365 – Exchange Online.
References:
https://technet.microsoft.com/en-us/library/jj218706(v=exchg.160).aspx
https://technet.microsoft.com/en-us/library/bb125264(v=exchg.160).aspx
Regards!