How to enable Quarantine for Mobile devices in Exchange Server 2013

Share this:

In this Tutorial we are going over the process to enable quarantine for mobile devices in Exchange Server 2013.

This is really nice feature where a specific mailbox can review the devices that are trying to connect in the exchange organization and manage such devices by approving or denying their access. If you have a written policy to support BYOD (Bring Your Own Device) in place the Quarantine can be a handy feature where you only approve those device/users that have signed the policy.

How to configure Quarantine…

The first step is to be logged in Exchange Admin Center, from there click on mobile, and on the page displayed on the right side we will have a glance of the existent quarantined devices (if any) and device access rules that can deal with exceptions (we are going over this in specific Tutorial later on here at

By default, the organization accepts all clients to connect and start synchronizing their mailboxes. Let’s click on Edit


In the new page we can configure the default behaviour for Exchange, let’s click on Quarantine and from now on any new mobile will be quarantined. In the same page let’s configure an administrator to receive e-mail messages when a new device is quarantined, and last but not least we can configure a message to the end-user to set his/her expectations about the Quarantine, after all we don’t want them thinking that they have a connection issue, right? After setting up all those 3 items, hit save.


Testing the Quarantine…

When a new user configures ActiveSync a new message will arrive on his Inbox containing the text that we provided in the last step and in the message the user will be aware that his device is quarantined.


Managing the Quarantined devices…

As soon as we have a new Quarantined device a message will be triggered to the mailbox that we defined previously. The message will be similar to the one shown below.


The administrator can go to the same place on Exchange Admin Center that we went to configure Quarantine and now we will have the new device listed. Click on it and we will have buttons in the toolbox to allow or deny the access of that specific device. Click on Approve (second button from left to right).


The administrator can double click the specific mobile device and from the new page we can have an idea about the device and the user itself.


End-user experience after approving the device…

After approving the device the end-user will start synchronizing their mailbox with the new device just fine.


Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

BYOD Basics: Managing Smartphones and Tablets with... Hello folks, Fellow Anthony Bartolo from the Canadian IT Pro Connection ( blogged an interesting post about ActiveSync when managing BYO...
Managing mailbox audit feature in Exchange Server ... In this Tutorial we are going over the process to manage mailbox audit in Exchange Server 2013. Solution Exchange Server has a feature that can be ...
How to renew Public Certificates in Exchange Serve... The process to renew Public Certificates in Exchange Server 2013/2016 is simple and you can get over with in less than 30 minutes. We are going to dem...
How to allow XML files in Outlook Web App In this Tutorial we will allow the XML files in an Outlook Web App session in Exchange Server 2013. By default XML files are blocked on the OWA. Solut...