To be A CyberMan: The Exchange Mobile Access Rules Troubleshooting - not able to see device on Quarantined Devices list

 

To be A CyberMan: The Exchange Mobile Access Rules Troubleshooting

0X00: Preview Knowlege

The company deceived only allows certain employees can have access to their email through mobile. 

we created the Device Access Rules on the Exchange admin center. We put all Andriod and iPhone Device into Quarantined that we can decide to block or allow. 

So when mobile devices try to connect to email, the user account will go to the Quarantined Devices list on the Exchange admin center, the IT department will grant access to certain employees.






0X01: Issue

Some employees were not able to log into Mobile email, got the notification from exchange says:

-------------------

Your device is temporarily blocked from synchronizing using Exchange ActiveSync until your administrator grants it access.

Your request is currently pending. Thank You,  IT Department

Your device is temporarily blocked from accessing content via Exchange ActiveSync because the device has been quarantined. You don't need to take any action. Content will automatically be downloaded as soon as access is granted by your administrator.

Information about your device:

Device model:

iPhonexxxx

Device type:

iPhone

Device ID:

xxxxxxxxxxxxxxxxxxxxxxxxxx

Device OS:

iOS xxx xxx

Device user agent:

Apple-iPhonexxxxxxxxxxx

Device IMEI:

Exchange ActiveSync version:

16.1

Device access state:

Quarantined

Device access state reason:

DeviceRul

----------------------

But we could not find these user accounts on the Quarantined Devices list.


0X02: Resolution

1. Run PowerShell as Administrator

2. Run the following commands:

    >Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

    >Install-Module -Name ExchangeOnlineManagement

    >Import-Module ExchangeOnlineManagement








3. Run the following command to enter your 0365 admin credential:

    >Connect-ExchangeOnline -ShowBanner:$false










4. Run the following command to get users MobileDevice details

    >Get-MobileDevice -Mailbox "The User Account"

    E.X. >Get-MobileDevice -Mailbox "Test Test"
            >Get-MobileDevice -Mailbox "test.test"

















We will see the all device details under the account. we need to find the blocked devices, copy the deviceID.

5. Run the following command to get enable the blocked device.

    >Set-CASMailbox –Identity test.test@test.com –ActiveSyncAllowedDeviceIDs {XXXXXXXXXXXXXXXXX}









Comments

Post a Comment

Popular posts from this blog

To Be A CyberMan: Installing PfSense on a WatchGuard Firebox

Image
OX01 Preface My company recently upgraded its firewall to FortiGate Firewall.  They eliminated 3 of the licenses expired WatchGuard Firebox Firewalls. The WatchGuard FireBox models are XTM5 Series, M400, and M470. I was wondering if I can install the opensource Firewall application such as PfSense on FireBox to use as Testing Lab Environment. 0X02 Information      XTM5 Series comes with a 1GB CF card, free space is not enough for the lastest Pfsense,  need to add additional Hard Disk as PfSense system booting drive.     M400 comes with a 4 GB CF card, can use CF card as a PfSense system booting drive.     M470 comes with mSTAT SSD.  can SSD as a PfSense system booting drive. 0X03 Installing PfSense on M400 1. Preparation:           WatchGuard Firebox M400 Appliance          A USB Flash Drive          A CF Card USB reader          A co...
Read more

How I passed the CSX Fundamentals within one month

Image
  How I passed the CSX Fundamentals within one month Hi Guys, My name is Trevor Shi. I just passed the CSX within one month. I would like to share some experience maybe it will help you guys to prepare the exam. One of the funny things was, I used one month to learn it. But I spent the other one month to book the exam. I re-booked 5 times of exam as ISACA PSI online exam application has lots of issues.  I met every situation you can imagine. The first-time ISACA website down, the second-time they canceled my booked without excuse, the third-time application couldn't open, and the Fourth time was my fault, I just missed the exam. Finally, I got this certificate. We had a small group named CyberRookie, It just like an unorganized cyber knowledge self-studying group, we are trying to be more organized. So t he purpose of this article is as a guideline of the CyberRookie Project CSX certification learning method . A. The Cybersecurity Fundamentals Certific...
Read more

To Be A CyberMan: Set Up SFTP Server On Azure VM behind FortiGate Firewall

Image
1. Business request     S et up a file transfer server with public internet access.  2. security concern      The common ways are FTP, FTPS, or SFTP:     The FTPS requires applying the certificates to the FTP service,  So I deceived to go for SFTP.       SolarWinds SFTP & SCP Server is a Free SFTP server App. 3. Deployment     3.1  Set up SFTP on VM          Download the software to Server and install it                https://www.solarwinds.com/free-tools/free-sftp-server          Redirect the Root Directory           Create user to login           verify the SFTP service is running on localhost     3.2 Config Host firewall and  Azure NSG to allow SFTP service           Add Port 22 TCP into host firewall ...
Read more