Microsoft has released the Outlook for iOS and Android app, which is intended to replace the OWA for Devices mobile client on Apple iOS and Google Android smartphones and tablets.

The Outlook for iOS and Android app is essentially another ActiveSync client for connecting mobile devices to Exchange and Office 365. It also supports other mail services like Outlook.com.

For some organizations there are a number of security and compliance concerns with the way the new Outlook for iOS and Android app functions that will mean those organizations will want to block or quarantine the app from connecting to their Exchange or Office 365 mailboxes until it can be further evaluated.

You can read more about the new app and some of the technical concerns people have with it here:

In the meantime, here’s how to block or quarantine Outlook for iOS and Android app. First let’s look at how it appears as a mobile device association in Exchange.

[PS] C:>Get-MobileDevice -Mailbox alex.heyne | fl FriendlName,Device*,Client*,Is* FriendlyName : Outlook for iOS and Android DeviceId : 94B42B2A37D109AE DeviceImei : DeviceMobileOperator : DeviceOS : Outlook for iOS and Android 1.0 DeviceOSLanguage : DeviceTelephoneNumber : DeviceType : Outlook DeviceUserAgent : Outlook-iOS-Android/1.0 DeviceModel : Outlook for iOS and Android DeviceAccessState : Allowed DeviceAccessStateReason : Global DeviceAccessControlRule : ClientVersion : 14.1 ClientType : EAS IsManaged : False IsCompliant : False IsDisabled : False 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [ PS ] C : > Get - MobileDevice - Mailbox alex . heyne | fl FriendlName , Device* , Client* , Is * FriendlyName : Outlook for iOS and Android DeviceId : 94B42B2A37D109AE DeviceImei : DeviceMobileOperator : DeviceOS : Outlook for iOS and Android 1.0 DeviceOSLanguage : DeviceTelephoneNumber : DeviceType : Outlook DeviceUserAgent : Outlook - iOS - Android / 1.0 DeviceModel : Outlook for iOS and Android DeviceAccessState : Allowed DeviceAccessStateReason : Global DeviceAccessControlRule : ClientVersion : 14.1 ClientType : EAS IsManaged : False IsCompliant : False IsDisabled : False

For Exchange Server 2010 use Get-ActiveSyncDevice instead of Get-MobileDevice.

ActiveSync device access rules can be based on a few different device criteria. From the information above it looks like the DeviceModel will be the simplest approach here, as others such as UserAgent may change with later versions of the Outlook for iOS and Android app.

To block the Outlook for iOS and Android app in Office 365, Exchange Server 2010 or 2013 with a device access rule:

[PS] C:>New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Block 1 [ PS ] C : > New - ActiveSyncDeviceAccessRule - Characteristic DeviceModel - QueryString "Outlook for iOS and Android" - AccessLevel Block

To quarantine instead:

[PS] C:>New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Quarantine 1 [ PS ] C : > New - ActiveSyncDeviceAccessRule - Characteristic DeviceModel - QueryString "Outlook for iOS and Android" - AccessLevel Quarantine

Devices should now appear as blocked or quarantined with the reason of “DeviceRule”.

[PS] C:>Get-MobileDevice -Mailbox alex.heyne | fl FriendlName,Device*,Client*,Is* DeviceId : 94B42B2A37D109AE DeviceImei : DeviceMobileOperator : DeviceOS : Outlook for iOS and Android 1.0 DeviceOSLanguage : DeviceTelephoneNumber : DeviceType : Outlook DeviceUserAgent : Outlook-iOS-Android/1.0 DeviceModel : Outlook for iOS and Android DeviceAccessState : Blocked DeviceAccessStateReason : DeviceRule DeviceAccessControlRule : Outlook for iOS and Android (DeviceModel) ClientVersion : 14.1 ClientType : EAS IsManaged : False IsCompliant : False IsDisabled : False 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [ PS ] C : > Get - MobileDevice - Mailbox alex . heyne | fl FriendlName , Device* , Client* , Is * DeviceId : 94B42B2A37D109AE DeviceImei : DeviceMobileOperator : DeviceOS : Outlook for iOS and Android 1.0 DeviceOSLanguage : DeviceTelephoneNumber : DeviceType : Outlook DeviceUserAgent : Outlook - iOS - Android / 1.0 DeviceModel : Outlook for iOS and Android DeviceAccessState : Blocked DeviceAccessStateReason : DeviceRule DeviceAccessControlRule : Outlook for iOS and Android ( DeviceModel ) ClientVersion : 14.1 ClientType : EAS IsManaged : False IsCompliant : False IsDisabled : False

Additional info: Outlook for iOS/Android Still Able to Connect After Disabling ActiveSync