Allowing mobile devices on Exchange Online with a bulk script

Hi guys,

In my last exchange migration to O365 my customer had the requirement to block all BYOD because for security reasons email department verify and manage all mobile devices. How? as always, asigning IMEI device ID to the user mailbox in O365.

Steps to acomplish that:

First of all you need to go to Exchange Online and there go to mobile section. Push on Edit.



On the window select Block access and push on save


After that action, you can use the below command to asign devices to usermailboxes:

Set-CASMailbox -ActiveSyncAllowedDeviceIDs “ID”

To check some user use:

Get-CasMailbox username | fl ActiveSyncAllowedDeviceIDs

If you have a large correlation of users – devices you can use my script. It’s very useful!!

  1.  You need a csv file with a list of users called migration.csv. Save it on C:\migration folder.


2. You need a file called Device_Info.csv where you have all device IMEI info exported from on-prem. Save it on C:\migration folder.


3. A csv file called LoteYYYYMMDD.csv where you have all users in O365.


4. The magic script:

[string]$Script:sourcefilename = “migration.csv”,
[System.Management.Automation.CredentialAttribute()]$cred = $null

Write-Host “This script must be run from a Powershell AD AZURE”
Write-Host “We load the list of users migrated from file $($Script:sourcefilename)”
$migrados = Import-Csv $Script:sourcefilename
if([String]::IsNullOrEmpty($cred)){$cred = Get-credential}

Write-Host “We load the list of devices.”
$Users = Import-Csv “C:\MIGRATION\Device_Info.csv” | Sort-Object PrimarySMTPAddress
$UserID = $null

Foreach ($user in $Users)
#Let’s see if the device line in the file contains a migrated user
$containsMailMigrado = $migrados | %{$_ -match $user.PrimarySMTPAddress}
If($containsMailMigrado -contains $true)
Write-Host ” Finded MailMigrado – $($user.PrimarySMTPAddress)”
$UserID = $user.PrimarySMTPAddress
$DeviceID = $user.DeviceID
Write-Host ” Adding device DeviceID = $($DeviceID)”
Set-CASMailbox -Identity $UserID -activesyncalloweddeviceid @{Add=$DeviceID}

Save that script as ScriptDevicesO365.PS1

Having all requisites showed above you can execute the line .\ScriptDevicesO365.PS1 LoteYYYMMDD.csv $UserCredential that will permit all your corporate devices be used with the assigned user on Office 365 – Exchange Online.





Mail Flow Statistics on Office 365


Today my customer request me about outbound mail flow statistics on Office 365 for his tenant.

I used the following syntax:

Get-MailTrafficReport -AggregateBy hour -StartDate 05/06/2016 -EndDate 06/01/2016 -EventType goodmail -Direction outbound | select date,messagecount > c:\temp\StatisticsO365.txt

This is the output:

Date MessageCount
—- ————

06/05/2016 6:00:00 6
06/05/2016 7:00:00 6
06/05/2016 8:00:00 11
06/05/2016 9:00:00 9
06/05/2016 10:00:00 8
06/05/2016 11:00:00 15
06/05/2016 12:00:00 12
06/05/2016 16:00:00 1
06/05/2016 18:00:00 1
08/05/2016 16:00:00 1
09/05/2016 6:00:00 12
09/05/2016 7:00:00 16
09/05/2016 8:00:00 13
09/05/2016 9:00:00 14
09/05/2016 10:00:00 11
09/05/2016 11:00:00 15


Requisites and commands to connect to O365 – Exchange Online

Hi guys,

To connect to Exchange Online thru powershell install:

Windows Azure Active Directory Module for Windows PowerShell

Microsoft Online Services Sign-In Assistant for IT Professionals RTW:

Once installed, execute powershell console and import Azure modules to your powershell session, after login to your tenant with:

  • $UserCredential = Get-Credential
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
  • Import-PSSession $Session

It’s all.


Diferences between basic and modern authentication with SSO on Outlook and O365


On the project where I’m working (staged migration to O365) the costumer asked me about secure authentication for ActiveSync devices (iPhone/iPAD) and  computers (outlook 2010 SP2). I have implemented ADFS 3.0.

If you use Office 2010, the first time you configure Outlook it promt for credentials and it saves this on the Windows Credentials Manager. After, Outlook go to autenticate to Office 365 using Basic Authentication and is Office 365 who go after to ADFS.


With Outlook 2013/2016 Outlook use Windows Authentication. It´s a real SSO because doesn’t save your user credentials on any place and it is who goes to ADFS and not O365. It is using Modern Authentication.


Summarizing: Use Outlook 2013 or 2016 to have a real Single Sign On.

Note 1: Outlook 2013 by default uses Basic Auth, you need to activate Modern Auth.

Note 2: iOS built in email client uses Basic Auth. Install and use Outlook 2016 App.


Modern Authentication:

Basic Authentication:


How to indicate a proxy to connect to Office 365 thru powershell


It’s possible that you can’t connect to O365 thru powershell directy because a Proxy in the middle between Inet and your corporate network so it is necessary to indicate it if we want to establish a session against Office365.

To do that execute the following lines:

  • $cred = Get-Credential
  • $proxysettings = New-PSSessionOption -ProxyAccessType IEConfig
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic –AllowRedirection  -SessionOption $proxysettings
  • Import-PSSession $Session

To close session:

  • Remove-PSSession $Session