Restricting device sync in Exchange 2007

Say you have a user and you want to let them use Exchange ActiveSync with one device, but not another one. Exchange 2007 allows you to control device sync based on the device ID. Only devices whose device IDs appear on the magic list can sync; other devices cannot. (I guess that makes this feature the equivalent of the invite list at a Beverly Hills party.) Because the device ID restriction is per-mailbox, it also lets you keep users from swapping devices. To do this, use the Get-ActiveSyncDeviceStatistics cmdlet to get the device ID, then the Set-CASMailbox cmdlet with the ActiveSyncAllowedDeviceIDs switch to add this deviceID to the list of allowed devices. If the list is NULL, which is the default, a user can sync with any device. Multiple devices can be specified in the allow list separated by semicolons. (Thanks to Microsoft’s Vanitha Prabhakaran for the tip!)

