In this Tutorial we are going over the process to enable quarantine for mobile devices in Exchange Server 2013.
This is really nice feature where a specific mailbox can review the devices that are trying to connect in the exchange organization and manage such devices by approving or denying their access. If you have a written policy to support BYOD (Bring Your Own Device) in place the Quarantine can be a handy feature where you only approve those device/users that have signed the policy.
How to configure Quarantine…
The first step is to be logged in Exchange Admin Center, from there click on mobile, and on the page displayed on the right side we will have a glance of the existent quarantined devices (if any) and device access rules that can deal with exceptions (we are going over this in specific Tutorial later on here at AndersonPatricio.ca)
By default, the organization accepts all clients to connect and start synchronizing their mailboxes. Let’s click on Edit
In the new page we can configure the default behaviour for Exchange, let’s click on Quarantine and from now on any new mobile will be quarantined. In the same page let’s configure an administrator to receive e-mail messages when a new device is quarantined, and last but not least we can configure a message to the end-user to set his/her expectations about the Quarantine, after all we don’t want them thinking that they have a connection issue, right? After setting up all those 3 items, hit save.
Testing the Quarantine…
When a new user configures ActiveSync a new message will arrive on his Inbox containing the text that we provided in the last step and in the message the user will be aware that his device is quarantined.
Managing the Quarantined devices…
As soon as we have a new Quarantined device a message will be triggered to the mailbox that we defined previously. The message will be similar to the one shown below.
The administrator can go to the same place on Exchange Admin Center that we went to configure Quarantine and now we will have the new device listed. Click on it and we will have buttons in the toolbox to allow or deny the access of that specific device. Click on Approve (second button from left to right).
The administrator can double click the specific mobile device and from the new page we can have an idea about the device and the user itself.
End-user experience after approving the device…
After approving the device the end-user will start synchronizing their mailbox with the new device just fine.