EXOActiveSyncMailboxPolicy

Parameters

Parameter Attribute DataType Description Allowed Values
Name Write String Specifies the name of the policy.
AllowApplePushNotifications Write Boolean Specifies whether push notifications are allowed for Apple mobile devices.
AllowBluetooth Write String Specifies whether the Bluetooth capabilities of the mobile phone are allowed. Disable, HandsfreeOnly, Allow
AllowBrowser Write Boolean Specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile phone.
AllowCamera Write Boolean Specifies whether the mobile phone's camera is allowed.
AllowConsumerEmail Write Boolean Specifies whether the mobile phone user can configure a personal email account on the device.
AllowDesktopSync Write Boolean Specifies whether the mobile phone can synchronize with a desktop computer through a cable.
AllowExternalDeviceManagement Write Boolean Specifies whether an external device management program is allowed to manage the device.
AllowHTMLEmail Write Boolean Specifies whether HTML email is enabled on the device.
AllowInternetSharing Write Boolean Specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.
AllowIrDA Write Boolean Specifies whether infrared connections are allowed to the mobile phone.
AllowMobileOTAUpdate Write Boolean Specifies whether certain updates are seen by devices that implemented support for this restricting functionality.
AllowNonProvisionableDevices Write Boolean Enables all devices to synchronize with the computer running Exchange, regardless of whether the device can enforce all the specific settings established in the Mobile Device mailbox policy.
AllowPOPIMAPEmail Write Boolean Specifies whether the user can configure a POP3 or IMAP4 email account on the device.
AllowRemoteDesktop Write Boolean Specifies whether the mobile phone can initiate a remote desktop connection.
AllowSimpleDevicePassword Write Boolean Specifies whether a simple device password is allowed.
AllowSMIMEEncryptionAlgorithmNegotiation Write String Specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified encryption algorithm.
AllowSMIMESoftCerts Write Boolean Specifies whether S/MIME software certificates are allowed.
AllowStorageCard Write Boolean Specifies whether the device can access information stored on a storage card.
AllowTextMessaging Write Boolean Specifies whether text messaging is allowed from the device.
AllowUnsignedApplications Write Boolean Specifies whether unsigned applications can be installed on the device.
AllowUnsignedInstallationPackages Write Boolean Specifies whether unsigned installation packages can be run on the device.
AllowWiFi Write Boolean Specifies whether wireless Internet access is allowed on the device.
AlphanumericDevicePasswordRequired Write Boolean Specifies whether the device password must be alphanumeric.
ApprovedApplicationList Write StringArray[] Specifies a list of approved applications for the device.
AttachmentsEnabled Write Boolean Specifies whether the user can download attachments.
DeviceEncryptionEnabled Write Boolean Enables device encryption on the mobile phone.
DevicePasswordEnabled Write Boolean Specifies that the user set a password for the device.
DevicePasswordExpiration Write String Specifies the length of time, in days, that a password can be used.
DevicePasswordHistory Write SInt32 Specifies the number of previously used passwords to store.
DevicePolicyRefreshInterval Write String Specifies how often the policy is sent from the server to the mobile phone
IrmEnabled Write Boolean Specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.
IsDefault Write Boolean Specifies whether this policy is the default Mobile Device mailbox policy.
IsDefaultPolicy Write Boolean Specifies whether this policy is the default Mobile Device mailbox policy.
MaxAttachmentSize Write String Specifies the maximum size of attachments that can be downloaded to the mobile phone.
MaxCalendarAgeFilter Write String Specifies the maximum range of calendar days that can be synchronized to the device. All, TwoWeeks, OneMonth, ThreeMonths, SixMonths
MaxDevicePasswordFailedAttempts Write String Specifies the number of attempts a user can make to enter the correct password for the device.
MaxEmailAgeFilter Write String Specifies the maximum number of days of email items to synchronize to the device. All, OneDay, ThreeDays, OneWeek, TwoWeeks, OneMonth, ThreeMonths, SixMonths
MaxEmailBodyTruncationSize Write String Specifies the maximum size at which email messages are truncated when synchronized to the device.
MaxEmailHTMLBodyTruncationSize Write String Specifies the maximum size at which HTML-formatted email messages are synchronized to the device.
MaxInactivityTimeDeviceLock Write String Specifies the length of time that the device can be inactive before the password is required to reactivate the device.
MinDevicePasswordComplexCharacters Write SInt32 Specifies the minimum number of complex characters required in a device password.
MinDevicePasswordLength Write SInt32 Specifies the minimum number of characters in the device password.
PasswordRecoveryEnabled Write Boolean Specifies whether you can store the recovery password for the device on an Exchange server.
RequireDeviceEncryption Write Boolean Specifies whether encryption is required on the device.
RequireEncryptedSMIMEMessages Write Boolean Specifies whether you must encrypt S/MIME messages.
RequireEncryptionSMIMEAlgorithm Write String Specifies what required algorithm must be used when encrypting a message.
RequireManualSyncWhenRoaming Write Boolean Specifies whether the device must synchronize manually while roaming.
RequireSignedSMIMEAlgorithm Write String Specifies what required algorithm must be used when signing a message.
RequireSignedSMIMEMessages Write Boolean Specifies whether the device must send signed S/MIME messages.
RequireStorageCardEncryption Write Boolean Specifies whether encryption of a storage card is required.
UnapprovedInROMApplicationList Write StringArray[] Specifies a list of applications that can't be run in ROM.
UNCAccessEnabled Write Boolean Specifies whether access to Microsoft Windows file shares is enabled.
WSSAccessEnabled Write Boolean Specifies whether access to Microsoft Windows SharePoint Services is enabled.
Identity Key String Specifies the Mobile Device mailbox policy.
Ensure Write String Specifies if this AddressList should exist. Present, Absent
Credential Write PSCredential Credentials of the workload's Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

Description

This resource manages Mobile Device mailbox policy for mailboxes accessed by mobile devices.

Permissions

Exchange

To authenticate with Microsoft Exchange, this resource required the following permissions:

Roles

  • Organization Client Access, View-Only Configuration

Role Groups

  • Organization Management

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        EXOActiveSyncMailboxPolicy 'TestActiveSyncMailboxPolicy'
        {
            AllowApplePushNotifications              = $True;
            AllowBluetooth                           = "Allow";
            AllowBrowser                             = $True;
            AllowCamera                              = $True;
            AllowConsumerEmail                       = $True;
            AllowDesktopSync                         = $True;
            AllowExternalDeviceManagement            = $False;
            AllowHTMLEmail                           = $True;
            AllowInternetSharing                     = $True;
            AllowIrDA                                = $True;
            AllowMobileOTAUpdate                     = $True;
            AllowNonProvisionableDevices             = $True;
            AllowPOPIMAPEmail                        = $True;
            AllowRemoteDesktop                       = $True;
            AllowSimpleDevicePassword                = $True;
            AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
            AllowSMIMESoftCerts                      = $True;
            AllowStorageCard                         = $True;
            AllowTextMessaging                       = $True;
            AllowUnsignedApplications                = $True;
            AllowUnsignedInstallationPackages        = $True;
            AllowWiFi                                = $True;
            AlphanumericDevicePasswordRequired       = $False;
            ApprovedApplicationList                  = @();
            AttachmentsEnabled                       = $True;
            DeviceEncryptionEnabled                  = $False;
            DevicePasswordEnabled                    = $False;
            DevicePasswordExpiration                 = "Unlimited";
            DevicePasswordHistory                    = 0;
            DevicePolicyRefreshInterval              = "Unlimited";
            Identity                                 = "Test";
            IrmEnabled                               = $True;
            IsDefault                                = $True;
            IsDefaultPolicy                          = $True;
            MaxAttachmentSize                        = "Unlimited";
            MaxCalendarAgeFilter                     = "All";
            MaxDevicePasswordFailedAttempts          = "Unlimited";
            MaxEmailAgeFilter                        = "All";
            MaxEmailBodyTruncationSize               = "Unlimited";
            MaxEmailHTMLBodyTruncationSize           = "Unlimited";
            MaxInactivityTimeDeviceLock              = "Unlimited";
            MinDevicePasswordComplexCharacters       = 1;
            MinDevicePasswordLength                  = 1;
            Name                                     = "Test";
            PasswordRecoveryEnabled                  = $False;
            RequireDeviceEncryption                  = $False;
            RequireEncryptedSMIMEMessages            = $False;
            RequireEncryptionSMIMEAlgorithm          = "TripleDES";
            RequireManualSyncWhenRoaming             = $False;
            RequireSignedSMIMEAlgorithm              = "SHA1";
            RequireSignedSMIMEMessages               = $False;
            RequireStorageCardEncryption             = $False;
            UnapprovedInROMApplicationList           = @();
            UNCAccessEnabled                         = $True;
            WSSAccessEnabled                         = $True;
            Ensure               = "Present"
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        EXOActiveSyncMailboxPolicy 'TestActiveSyncMailboxPolicy'
        {
            AllowApplePushNotifications              = $True;
            AllowBluetooth                           = "Allow";
            AllowBrowser                             = $True;
            AllowCamera                              = $False; #drift
            AllowConsumerEmail                       = $True;
            AllowDesktopSync                         = $True;
            AllowExternalDeviceManagement            = $False;
            AllowHTMLEmail                           = $True;
            AllowInternetSharing                     = $True;
            AllowIrDA                                = $True;
            AllowMobileOTAUpdate                     = $True;
            AllowNonProvisionableDevices             = $True;
            AllowPOPIMAPEmail                        = $True;
            AllowRemoteDesktop                       = $True;
            AllowSimpleDevicePassword                = $True;
            AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
            AllowSMIMESoftCerts                      = $True;
            AllowStorageCard                         = $True;
            AllowTextMessaging                       = $True;
            AllowUnsignedApplications                = $True;
            AllowUnsignedInstallationPackages        = $True;
            AllowWiFi                                = $True;
            AlphanumericDevicePasswordRequired       = $False;
            ApprovedApplicationList                  = @();
            AttachmentsEnabled                       = $True;
            DeviceEncryptionEnabled                  = $False;
            DevicePasswordEnabled                    = $False;
            DevicePasswordExpiration                 = "Unlimited";
            DevicePasswordHistory                    = 0;
            DevicePolicyRefreshInterval              = "Unlimited";
            Identity                                 = "Test";
            IrmEnabled                               = $True;
            IsDefault                                = $True;
            IsDefaultPolicy                          = $True;
            MaxAttachmentSize                        = "Unlimited";
            MaxCalendarAgeFilter                     = "All";
            MaxDevicePasswordFailedAttempts          = "Unlimited";
            MaxEmailAgeFilter                        = "All";
            MaxEmailBodyTruncationSize               = "Unlimited";
            MaxEmailHTMLBodyTruncationSize           = "Unlimited";
            MaxInactivityTimeDeviceLock              = "Unlimited";
            MinDevicePasswordComplexCharacters       = 1;
            MinDevicePasswordLength                  = 1;
            Name                                     = "Test";
            PasswordRecoveryEnabled                  = $False;
            RequireDeviceEncryption                  = $False;
            RequireEncryptedSMIMEMessages            = $False;
            RequireEncryptionSMIMEAlgorithm          = "TripleDES";
            RequireManualSyncWhenRoaming             = $False;
            RequireSignedSMIMEAlgorithm              = "SHA1";
            RequireSignedSMIMEMessages               = $False;
            RequireStorageCardEncryption             = $False;
            UnapprovedInROMApplicationList           = @();
            UNCAccessEnabled                         = $True;
            WSSAccessEnabled                         = $True;
            Ensure               = "Present"
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        EXOActiveSyncMailboxPolicy 'TestActiveSyncMailboxPolicy'
        {
            AllowApplePushNotifications              = $True;
            AllowBluetooth                           = "Allow";
            AllowBrowser                             = $True;
            AllowCamera                              = $True;
            AllowConsumerEmail                       = $True;
            AllowDesktopSync                         = $True;
            AllowExternalDeviceManagement            = $False;
            AllowHTMLEmail                           = $True;
            AllowInternetSharing                     = $True;
            AllowIrDA                                = $True;
            AllowMobileOTAUpdate                     = $True;
            AllowNonProvisionableDevices             = $True;
            AllowPOPIMAPEmail                        = $True;
            AllowRemoteDesktop                       = $True;
            AllowSimpleDevicePassword                = $True;
            AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
            AllowSMIMESoftCerts                      = $True;
            AllowStorageCard                         = $True;
            AllowTextMessaging                       = $True;
            AllowUnsignedApplications                = $True;
            AllowUnsignedInstallationPackages        = $True;
            AllowWiFi                                = $True;
            AlphanumericDevicePasswordRequired       = $False;
            ApprovedApplicationList                  = @();
            AttachmentsEnabled                       = $True;
            DeviceEncryptionEnabled                  = $False;
            DevicePasswordEnabled                    = $False;
            DevicePasswordExpiration                 = "Unlimited";
            DevicePasswordHistory                    = 0;
            DevicePolicyRefreshInterval              = "Unlimited";
            Identity                                 = "Test";
            IrmEnabled                               = $True;
            IsDefault                                = $True;
            IsDefaultPolicy                          = $True;
            MaxAttachmentSize                        = "Unlimited";
            MaxCalendarAgeFilter                     = "All";
            MaxDevicePasswordFailedAttempts          = "Unlimited";
            MaxEmailAgeFilter                        = "All";
            MaxEmailBodyTruncationSize               = "Unlimited";
            MaxEmailHTMLBodyTruncationSize           = "Unlimited";
            MaxInactivityTimeDeviceLock              = "Unlimited";
            MinDevicePasswordComplexCharacters       = 1;
            MinDevicePasswordLength                  = 1;
            Name                                     = "Test";
            PasswordRecoveryEnabled                  = $False;
            RequireDeviceEncryption                  = $False;
            RequireEncryptedSMIMEMessages            = $False;
            RequireEncryptionSMIMEAlgorithm          = "TripleDES";
            RequireManualSyncWhenRoaming             = $False;
            RequireSignedSMIMEAlgorithm              = "SHA1";
            RequireSignedSMIMEMessages               = $False;
            RequireStorageCardEncryption             = $False;
            UnapprovedInROMApplicationList           = @();
            UNCAccessEnabled                         = $True;
            WSSAccessEnabled                         = $True;
            Ensure               = "Absent"
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}