Reporting Mobile Devices Synchronizing with Exchange Online

Posted on by Tony Redmond

Not Much Changes in Exchange Mobile Device Management

It’s been a while since I wrote about how to extract details of mobile devices registered with Exchange Online mailboxes. Time marches on and it’s time to take another look at how to generate a report about mobile devices used with Exchange Online, not least because there are upgraded versions of some cmdlets to use, like Get-ExoMailbox and Get-ExoMobileDeviceStatistics that didn’t arrive until late 2019.

Device management in Exchange Online goes back to on-premises management for mobile devices connected to Exchange Server via Exchange ActiveSync. Apart from making sure that everything works, Microsoft hasn’t done much to device management in Exchange Online. Most of the development activity has focused on leveraging synchronization of Outlook mobile clients with Exchange Online using the Azure-based architecture introduced in 2018 to introduce new functionality, like support for sensitivity labels.

The way Exchange ActiveSync management works hasn’t change much. A glance at the device access rules (which control what devices a tenant allows to connect) in the Exchange admin center (Figure 1) reveals entries like Acompli (the company Microsoft acquired to get Outlook mobile), Windows Phone, iOS 6, and so on. The advantage of this poor man’s mobile device management system is its simplicity. Even as Microsoft advanced to the final deprecation of the old Exchange admin center, not an iota of new functionality appeared in mobile device management.

Mobile device management in the Exchange admin center Exchange mobile device management
Figure 1: Mobile device management in the Exchange admin center

The subtle hint here is that mobile device management is better done in a purpose-built device management framework like Intune. And so you should, if you feel the need.

Reporting Mobile Device Status

Getting back to reporting the set of devices registered for Exchange mobile device management, the code to do the job is straightforward:

First, find the set of user mailboxes.

[array]$Mbx = Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Sort-Object DisplayName
If (!($Mbx)) { Write-Host "Unable to find any user mailboxes..." ; break }

For each mailbox, check if it has any registered mobile devices with a command like this:

[array]$Devices = Get-MobileDevice -Mailbox $M.DistinguishedName

If some registered devices exist (the devices might be very old), use Get-ExoMobileDeviceStatistics to fetch information about the synchronization status of each device.

You see here that I use the distinguished name of a device to fetch its statistics. According to the cmdlet documentation, the identity parameter accepts the device Guid or identifier. I think this is a documentation error because:

  • Guid works, but it’s slow.
  • DeviceId returns a “cannot be found” error.
  • DistinguishedName is fastest (up to ten times faster than Guid).

Which means that we do this:

$DeviceStats = Get-ExoMobileDeviceStatistics -Identity $Device.DistinguishedName

Parse the information returned by Exchange mobile device management to extract whatever seems interesting. For example:

  • Operating system installed on the device.
  • First date of synchronization.
  • Last successful synchronization.
  • Device policy applied to device.
  • Last time Exchange applied a policy to the device.

An example script to generate the report about devices synchronizing with Exchange Online is available from GitHub. The script creates a HTML report (Figure 2) and a CSV file containing its output. Feel free to modify the script as you wish!

Reporting mobile devices connected to Exchange Online
Figure 2: Reporting mobile devices known to Exchange mobile device management

Removing Obsolete Devices

Mobile device statistics allow the identification of devices that are not synchronizing. Any device that doesn’t synchronize in 30 days is likely no longer in active use and becomes a candidate for removal (after someone checks its actual status). When their obsolete status is confirmed, you can remove devices by running the Remove-MobileDevice cmdlet. Running the cmdlet breaks the partnership (link) between the mailbox and device.

For instance, this code finds devices reported with more than 365 days since their last synchronization and deletes the first device from the returned set.

[array]$SyncDevices365 = $Report | Where-Object {$_.DaysSinceLastSync -gt 365}
Remove-MobileDevice -Identity $SyncDevices365[0].DeviceDN -Confirm:$False

No Prospect for Change

At this point, it’s hard to see that Microsoft will make any dramatic change to the Exchange device management framework. What exists now suffices for small to medium businesses, and anyone who needs something more sophisticated should head to Intune or check out third-party mobile device management solutions.

Learn how to exploit the data available to Microsoft 365 tenant administrators through the Office 365 for IT Pros eBook. We love figuring out how things work.

3 Replies to “Reporting Mobile Devices Synchronizing with Exchange Online”

  1. Hi Tony, was just reading your last article, and wanted to say thanks for all your hard work !
    Your blog/e-book/github is a bible for IT admin like me. I’m reading every news that you are posting to stay updated about Office 365. I’m saving a lot of time.
    Thanks again ! Your work is much appreciated.

    Reply
  2. Pingback: Microsoft Roadmap, messagecenter en blogs updates van 21-06-2023 - KbWorks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.