Connection rules

Connection rules are used to allow or deny connections to an Exchange mailbox for specific device types. If your company uses Microsoft Exchange 2010/2016 or Office 365, you can use Modern Device Management to manage Exchange connection rules. The Microsoft Exchange 2007 server environment doesn't support connection rules.

By default, Modern Device Management does not manage connection rules, so if you have connection rules configured on the Exchange server already, they are not modified. However, if you configure connection rules through Modern Device Management, those rules override any rules configured on the Exchange server.

NOTE: Connection rules are applied to any device that connects to the Exchange 2010 server, regardless of whether it has an agent installed or not.

If you are unsure of what device models to add to the exceptions list, you can identify what models you have by trying to connect them to your Exchange mailbox. When you try accessing your Exchange mailbox from a device that is blocked, you receive an email with information about why the device was denied access. You can use the information from this email to add the blocked device model to an exception list, if you want to allow that device model access.

If mobile devices have already connected to your Exchange server and you want to continue to allow those devices, regardless of whether they meet the connection rule criteria or not, use the grandfather option.

Once you've configured a Modern Device Management connection to a Microsoft Exchange 2010/2016 server or Office 365, you can then configure ActiveSync connection rules. 

There are three connection rules you can apply:

Allow all mobile devices to connect: Any user can access an Exchange mailbox from a mobile device.

Do not allow mobile devices to connect: Mobile devices can't access an Exchange mailbox. You can refine this rule by creating exceptions for certain mobile device types.

Allow only managed devices to connect: Mobile devices that are enrolled in Modern Device Management can access an Exchange mailbox. You can refine this rule by creating exceptions for certain mobile device types.

The default device list already defines exceptions for some common device types. If you don't see the device type you want to manage in the list, you can add new device types.

Connection rules take effect when you click OK or Apply in the configuration dialog. There is no additional deployment required.

To apply connection rules

1.Click Tools > Modern Device Management > MDM configurations > Additional Device Discovery > Exchange ActiveSync.

2.Click the Exchange 2010 or Office 365 link. For Exchange 2016 configuration, click Exchange 2010. Exchange 2010 and 2016 have the same configuration options.

3.Make sure the Exchange manages my connection policy checkbox is not enabled.

4.If necessary, add device types to the exceptions list.

5.Enable the checkbox next to each device type you want to allow to connect.

6.Click OK.

You can grandfather all mobile devices that have connected to your Exchange 2010/2016 or Office 365 server in the past. Grandfathering allows these devices access regardless of any future connection rules. This can be useful when you're deploying Modern Device Management and want to be sure existing mobile devices aren't affected.

Use this option carefully. It modifies the server allow list and is not reversible using the LDMS console. Once you've enabled grandfathering, the only way to remove an allowed device is to use the Exchange console to manage the allow list manually.

To allow previously connected devices regardless of the connection rules

1.Click Tools > Modern Device Management > MDM configurations > Additional Device Discovery > Exchange ActiveSync.

2.Click the Exchange 2010 or Office 365 link. For Exchange 2016 configuration, click Exchange 2010. Exchange 2010 and 2016 have the same configuration options.

3.Make sure the Exchange manages my connection policy checkbox is not enabled, and enable the Allow previous connected devices (grandfather) checkbox.

4.Click OK.