How to enable Quarantine for Mobile devices in Exchange Server 2013

Share this:

In this Tutorial we are going over the process to enable quarantine for mobile devices in Exchange Server 2013.

This is really nice feature where a specific mailbox can review the devices that are trying to connect in the exchange organization and manage such devices by approving or denying their access. If you have a written policy to support BYOD (Bring Your Own Device) in place the Quarantine can be a handy feature where you only approve those device/users that have signed the policy.

How to configure Quarantine…

The first step is to be logged in Exchange Admin Center, from there click on mobile, and on the page displayed on the right side we will have a glance of the existent quarantined devices (if any) and device access rules that can deal with exceptions (we are going over this in specific Tutorial later on here at

By default, the organization accepts all clients to connect and start synchronizing their mailboxes. Let’s click on Edit


In the new page we can configure the default behaviour for Exchange, let’s click on Quarantine and from now on any new mobile will be quarantined. In the same page let’s configure an administrator to receive e-mail messages when a new device is quarantined, and last but not least we can configure a message to the end-user to set his/her expectations about the Quarantine, after all we don’t want them thinking that they have a connection issue, right? After setting up all those 3 items, hit save.


Testing the Quarantine…

When a new user configures ActiveSync a new message will arrive on his Inbox containing the text that we provided in the last step and in the message the user will be aware that his device is quarantined.


Managing the Quarantined devices…

As soon as we have a new Quarantined device a message will be triggered to the mailbox that we defined previously. The message will be similar to the one shown below.


The administrator can go to the same place on Exchange Admin Center that we went to configure Quarantine and now we will have the new device listed. Click on it and we will have buttons in the toolbox to allow or deny the access of that specific device. Click on Approve (second button from left to right).


The administrator can double click the specific mobile device and from the new page we can have an idea about the device and the user itself.


End-user experience after approving the device…

After approving the device the end-user will start synchronizing their mailbox with the new device just fine.


Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

Managing DAG: Creating a DAG object When creating a new DAG on top of Windows Server 2012 the new DAG object must be created before running the wizard/cmdlet using either Exchange Admin ...
How to enable permissions for in-place eDiscovery ... In order to use the in-place eDiscovery and administrator has to assign admin roles permission to an user or a group before such user/group can use th...
Managing DAG in Exchange Server 2013 – The Series... In this series we are going over the entire process to create a DAG environment in Exchange Server 2013. At the end of the series we will have built ...
Creating multiple mailboxes using Exchange Managem... In Today’s Tutorial we are going over a simple task which is to create several mailboxes using Exchange Management Shell. This Tutorial may be useful ...