EXOActiveSyncMailboxPolicy¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Name | Write | String | Specifies the name of the policy. | |
| AllowApplePushNotifications | Write | Boolean | Specifies whether push notifications are allowed for Apple mobile devices. | |
| AllowBluetooth | Write | String | Specifies whether the Bluetooth capabilities of the mobile phone are allowed. | Disable, HandsfreeOnly, Allow |
| AllowBrowser | Write | Boolean | Specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile phone. | |
| AllowCamera | Write | Boolean | Specifies whether the mobile phone's camera is allowed. | |
| AllowConsumerEmail | Write | Boolean | Specifies whether the mobile phone user can configure a personal email account on the device. | |
| AllowDesktopSync | Write | Boolean | Specifies whether the mobile phone can synchronize with a desktop computer through a cable. | |
| AllowExternalDeviceManagement | Write | Boolean | Specifies whether an external device management program is allowed to manage the device. | |
| AllowHTMLEmail | Write | Boolean | Specifies whether HTML email is enabled on the device. | |
| AllowInternetSharing | Write | Boolean | Specifies whether the mobile phone can be used as a modem to connect a computer to the Internet. | |
| AllowIrDA | Write | Boolean | Specifies whether infrared connections are allowed to the mobile phone. | |
| AllowMobileOTAUpdate | Write | Boolean | Specifies whether certain updates are seen by devices that implemented support for this restricting functionality. | |
| AllowNonProvisionableDevices | Write | Boolean | Enables all devices to synchronize with the computer running Exchange, regardless of whether the device can enforce all the specific settings established in the Mobile Device mailbox policy. | |
| AllowPOPIMAPEmail | Write | Boolean | Specifies whether the user can configure a POP3 or IMAP4 email account on the device. | |
| AllowRemoteDesktop | Write | Boolean | Specifies whether the mobile phone can initiate a remote desktop connection. | |
| AllowSimpleDevicePassword | Write | Boolean | Specifies whether a simple device password is allowed. | |
| AllowSMIMEEncryptionAlgorithmNegotiation | Write | String | Specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified encryption algorithm. | |
| AllowSMIMESoftCerts | Write | Boolean | Specifies whether S/MIME software certificates are allowed. | |
| AllowStorageCard | Write | Boolean | Specifies whether the device can access information stored on a storage card. | |
| AllowTextMessaging | Write | Boolean | Specifies whether text messaging is allowed from the device. | |
| AllowUnsignedApplications | Write | Boolean | Specifies whether unsigned applications can be installed on the device. | |
| AllowUnsignedInstallationPackages | Write | Boolean | Specifies whether unsigned installation packages can be run on the device. | |
| AllowWiFi | Write | Boolean | Specifies whether wireless Internet access is allowed on the device. | |
| AlphanumericDevicePasswordRequired | Write | Boolean | Specifies whether the device password must be alphanumeric. | |
| ApprovedApplicationList | Write | StringArray[] | Specifies a list of approved applications for the device. | |
| AttachmentsEnabled | Write | Boolean | Specifies whether the user can download attachments. | |
| DeviceEncryptionEnabled | Write | Boolean | Enables device encryption on the mobile phone. | |
| DevicePasswordEnabled | Write | Boolean | Specifies that the user set a password for the device. | |
| DevicePasswordExpiration | Write | String | Specifies the length of time, in days, that a password can be used. | |
| DevicePasswordHistory | Write | SInt32 | Specifies the number of previously used passwords to store. | |
| DevicePolicyRefreshInterval | Write | String | Specifies how often the policy is sent from the server to the mobile phone | |
| IrmEnabled | Write | Boolean | Specifies whether Information Rights Management (IRM) is enabled for the mailbox policy. | |
| IsDefault | Write | Boolean | Specifies whether this policy is the default Mobile Device mailbox policy. | |
| IsDefaultPolicy | Write | Boolean | Specifies whether this policy is the default Mobile Device mailbox policy. | |
| MaxAttachmentSize | Write | String | Specifies the maximum size of attachments that can be downloaded to the mobile phone. | |
| MaxCalendarAgeFilter | Write | String | Specifies the maximum range of calendar days that can be synchronized to the device. | All, TwoWeeks, OneMonth, ThreeMonths, SixMonths |
| MaxDevicePasswordFailedAttempts | Write | String | Specifies the number of attempts a user can make to enter the correct password for the device. | |
| MaxEmailAgeFilter | Write | String | Specifies the maximum number of days of email items to synchronize to the device. | All, OneDay, ThreeDays, OneWeek, TwoWeeks, OneMonth, ThreeMonths, SixMonths |
| MaxEmailBodyTruncationSize | Write | String | Specifies the maximum size at which email messages are truncated when synchronized to the device. | |
| MaxEmailHTMLBodyTruncationSize | Write | String | Specifies the maximum size at which HTML-formatted email messages are synchronized to the device. | |
| MaxInactivityTimeDeviceLock | Write | String | Specifies the length of time that the device can be inactive before the password is required to reactivate the device. | |
| MinDevicePasswordComplexCharacters | Write | SInt32 | Specifies the minimum number of complex characters required in a device password. | |
| MinDevicePasswordLength | Write | SInt32 | Specifies the minimum number of characters in the device password. | |
| PasswordRecoveryEnabled | Write | Boolean | Specifies whether you can store the recovery password for the device on an Exchange server. | |
| RequireDeviceEncryption | Write | Boolean | Specifies whether encryption is required on the device. | |
| RequireEncryptedSMIMEMessages | Write | Boolean | Specifies whether you must encrypt S/MIME messages. | |
| RequireEncryptionSMIMEAlgorithm | Write | String | Specifies what required algorithm must be used when encrypting a message. | |
| RequireManualSyncWhenRoaming | Write | Boolean | Specifies whether the device must synchronize manually while roaming. | |
| RequireSignedSMIMEAlgorithm | Write | String | Specifies what required algorithm must be used when signing a message. | |
| RequireSignedSMIMEMessages | Write | Boolean | Specifies whether the device must send signed S/MIME messages. | |
| RequireStorageCardEncryption | Write | Boolean | Specifies whether encryption of a storage card is required. | |
| UnapprovedInROMApplicationList | Write | StringArray[] | Specifies a list of applications that can't be run in ROM. | |
| UNCAccessEnabled | Write | Boolean | Specifies whether access to Microsoft Windows file shares is enabled. | |
| WSSAccessEnabled | Write | Boolean | Specifies whether access to Microsoft Windows SharePoint Services is enabled. | |
| Identity | Key | String | Specifies the Mobile Device mailbox policy. | |
| Ensure | Write | String | Specifies if this AddressList should exist. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the workload's Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
Description¶
This resource manages Mobile Device mailbox policy for mailboxes accessed by mobile devices.
Permissions¶
Exchange¶
To authenticate with Microsoft Exchange, this resource required the following permissions:
Roles¶
- Organization Client Access, View-Only Configuration
Role Groups¶
- Organization Management
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
EXOActiveSyncMailboxPolicy 'TestActiveSyncMailboxPolicy'
{
AllowApplePushNotifications = $True;
AllowBluetooth = "Allow";
AllowBrowser = $True;
AllowCamera = $True;
AllowConsumerEmail = $True;
AllowDesktopSync = $True;
AllowExternalDeviceManagement = $False;
AllowHTMLEmail = $True;
AllowInternetSharing = $True;
AllowIrDA = $True;
AllowMobileOTAUpdate = $True;
AllowNonProvisionableDevices = $True;
AllowPOPIMAPEmail = $True;
AllowRemoteDesktop = $True;
AllowSimpleDevicePassword = $True;
AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
AllowSMIMESoftCerts = $True;
AllowStorageCard = $True;
AllowTextMessaging = $True;
AllowUnsignedApplications = $True;
AllowUnsignedInstallationPackages = $True;
AllowWiFi = $True;
AlphanumericDevicePasswordRequired = $False;
ApprovedApplicationList = @();
AttachmentsEnabled = $True;
DeviceEncryptionEnabled = $False;
DevicePasswordEnabled = $False;
DevicePasswordExpiration = "Unlimited";
DevicePasswordHistory = 0;
DevicePolicyRefreshInterval = "Unlimited";
Identity = "Test";
IrmEnabled = $True;
IsDefault = $True;
IsDefaultPolicy = $True;
MaxAttachmentSize = "Unlimited";
MaxCalendarAgeFilter = "All";
MaxDevicePasswordFailedAttempts = "Unlimited";
MaxEmailAgeFilter = "All";
MaxEmailBodyTruncationSize = "Unlimited";
MaxEmailHTMLBodyTruncationSize = "Unlimited";
MaxInactivityTimeDeviceLock = "Unlimited";
MinDevicePasswordComplexCharacters = 1;
MinDevicePasswordLength = 1;
Name = "Test";
PasswordRecoveryEnabled = $False;
RequireDeviceEncryption = $False;
RequireEncryptedSMIMEMessages = $False;
RequireEncryptionSMIMEAlgorithm = "TripleDES";
RequireManualSyncWhenRoaming = $False;
RequireSignedSMIMEAlgorithm = "SHA1";
RequireSignedSMIMEMessages = $False;
RequireStorageCardEncryption = $False;
UnapprovedInROMApplicationList = @();
UNCAccessEnabled = $True;
WSSAccessEnabled = $True;
Ensure = "Present"
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
EXOActiveSyncMailboxPolicy 'TestActiveSyncMailboxPolicy'
{
AllowApplePushNotifications = $True;
AllowBluetooth = "Allow";
AllowBrowser = $True;
AllowCamera = $False; #drift
AllowConsumerEmail = $True;
AllowDesktopSync = $True;
AllowExternalDeviceManagement = $False;
AllowHTMLEmail = $True;
AllowInternetSharing = $True;
AllowIrDA = $True;
AllowMobileOTAUpdate = $True;
AllowNonProvisionableDevices = $True;
AllowPOPIMAPEmail = $True;
AllowRemoteDesktop = $True;
AllowSimpleDevicePassword = $True;
AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
AllowSMIMESoftCerts = $True;
AllowStorageCard = $True;
AllowTextMessaging = $True;
AllowUnsignedApplications = $True;
AllowUnsignedInstallationPackages = $True;
AllowWiFi = $True;
AlphanumericDevicePasswordRequired = $False;
ApprovedApplicationList = @();
AttachmentsEnabled = $True;
DeviceEncryptionEnabled = $False;
DevicePasswordEnabled = $False;
DevicePasswordExpiration = "Unlimited";
DevicePasswordHistory = 0;
DevicePolicyRefreshInterval = "Unlimited";
Identity = "Test";
IrmEnabled = $True;
IsDefault = $True;
IsDefaultPolicy = $True;
MaxAttachmentSize = "Unlimited";
MaxCalendarAgeFilter = "All";
MaxDevicePasswordFailedAttempts = "Unlimited";
MaxEmailAgeFilter = "All";
MaxEmailBodyTruncationSize = "Unlimited";
MaxEmailHTMLBodyTruncationSize = "Unlimited";
MaxInactivityTimeDeviceLock = "Unlimited";
MinDevicePasswordComplexCharacters = 1;
MinDevicePasswordLength = 1;
Name = "Test";
PasswordRecoveryEnabled = $False;
RequireDeviceEncryption = $False;
RequireEncryptedSMIMEMessages = $False;
RequireEncryptionSMIMEAlgorithm = "TripleDES";
RequireManualSyncWhenRoaming = $False;
RequireSignedSMIMEAlgorithm = "SHA1";
RequireSignedSMIMEMessages = $False;
RequireStorageCardEncryption = $False;
UnapprovedInROMApplicationList = @();
UNCAccessEnabled = $True;
WSSAccessEnabled = $True;
Ensure = "Present"
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
EXOActiveSyncMailboxPolicy 'TestActiveSyncMailboxPolicy'
{
AllowApplePushNotifications = $True;
AllowBluetooth = "Allow";
AllowBrowser = $True;
AllowCamera = $True;
AllowConsumerEmail = $True;
AllowDesktopSync = $True;
AllowExternalDeviceManagement = $False;
AllowHTMLEmail = $True;
AllowInternetSharing = $True;
AllowIrDA = $True;
AllowMobileOTAUpdate = $True;
AllowNonProvisionableDevices = $True;
AllowPOPIMAPEmail = $True;
AllowRemoteDesktop = $True;
AllowSimpleDevicePassword = $True;
AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
AllowSMIMESoftCerts = $True;
AllowStorageCard = $True;
AllowTextMessaging = $True;
AllowUnsignedApplications = $True;
AllowUnsignedInstallationPackages = $True;
AllowWiFi = $True;
AlphanumericDevicePasswordRequired = $False;
ApprovedApplicationList = @();
AttachmentsEnabled = $True;
DeviceEncryptionEnabled = $False;
DevicePasswordEnabled = $False;
DevicePasswordExpiration = "Unlimited";
DevicePasswordHistory = 0;
DevicePolicyRefreshInterval = "Unlimited";
Identity = "Test";
IrmEnabled = $True;
IsDefault = $True;
IsDefaultPolicy = $True;
MaxAttachmentSize = "Unlimited";
MaxCalendarAgeFilter = "All";
MaxDevicePasswordFailedAttempts = "Unlimited";
MaxEmailAgeFilter = "All";
MaxEmailBodyTruncationSize = "Unlimited";
MaxEmailHTMLBodyTruncationSize = "Unlimited";
MaxInactivityTimeDeviceLock = "Unlimited";
MinDevicePasswordComplexCharacters = 1;
MinDevicePasswordLength = 1;
Name = "Test";
PasswordRecoveryEnabled = $False;
RequireDeviceEncryption = $False;
RequireEncryptedSMIMEMessages = $False;
RequireEncryptionSMIMEAlgorithm = "TripleDES";
RequireManualSyncWhenRoaming = $False;
RequireSignedSMIMEAlgorithm = "SHA1";
RequireSignedSMIMEMessages = $False;
RequireStorageCardEncryption = $False;
UnapprovedInROMApplicationList = @();
UNCAccessEnabled = $True;
WSSAccessEnabled = $True;
Ensure = "Absent"
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}