iPhone,  Microsoft Exchange Server

Block Specific iOS Versions From Accessing Exchange

Exchange Online and Exchange 2010-2016 can block a device from accessing ActiveSync using a policy. To do so, first grab a list of all operating systems you’d like to block. To do so, first check which ones are out there using the Get-ActiveSyncDevice command, and looking at devicetype, deviceos, and deviceuseragent. This can be found using the following command:

Get-ActiveSyncDevice | select devicetype,deviceos,deviceuseragent

The command will show each of the operating systems that have accessed the server, including the user agent. You can block access based on each of these. In the following command, we’ll block one that our server found that’s now out of date:

New-ActiveSyncDeviceAccessRule -Characteristic DeviceOS -QueryString "iOS 8.1 12A369" -AccessLevel Block

To see all blocked devices, use

Get-ActiveSyncDeviceAccessRule | where {$_.AccessLevel -eq 'Block'}

If you mistakenly block a device, remove the block by copying it into your clipboard and then pasting into a Remove-ActiveSyncDeviceAccessRule commandlet:

Remove-ActiveSyncDeviceAccessRule -Characteristic DeviceOS -QueryString "iOS 8.1 12A369" -AccessLevel Block

Or to remove all the policies:

Get-ActiveSyncDeviceAccessRule | Remove-ActiveSyncDeviceAccessRule