From time to time, as IT administrator, you had recalled a problem with an employee name, for our purposes, Ellen Ripley or if you prefer, xenomorph. The most recent “ah moment,” had derived from migrating an iPhone to a newer mobile device management product. Since this issue had come around twice over a half decade but, vexing enough to remember, figure worth mentioning.
The symptoms: Windows credentials won’t authenticate under Activesync but, testing against another active Exchange mailbox account, works fine.
Solution: Removing all Active sync devices from a user profile aka “Clear ActiveSyncAllowedDeviceIDs”
1. Launch Exchange Management Shell
2. Execute the following command example;
set-CASMailbox Ellen.Ripley -ActiveSyncAllowedDeviceIDs $null