Lost and Stolen Active Sync enabled Devices and procedure to handle them in EAS environment

Today mobile devices comes up in different flavours , versions , operating systems , hardwares etc,..This creates a big security hole in terms of managing the Active Sync devices enabled on these devices.

If we plan up to bring a MDM solution then lots of study on the product needs to be done since it comes up with different platforms , console, management, vendors , licenses , team to handle and finally cost factor in terms of resources and hardware is also considered.

So planning for managing this mobile devices is very much important.

In this article lets have a look at the best procedure to handle the lost and stolen active sync enabled devices.

There are many best practices to be followed in the web and i have mentioned few points that can be taken.


Note : – This point is applicable only of we have EAS enabled devices without any MDM and EMM integration.

If a user lost/stolen his EAS enabled device below procedure can be handled


First Run the below command to check what are all the EAS devices associated with the users account

Get-ActiveSyncDevice -Mailbox “email address” | select Name



Run the command Get-ActiveSyncDeviceStatistics -Mailbox “Email Address” to see the last sync time of the device


If the user changes his password as soon as the device is lost then there is no way that the device can be authenticated , synced with his mailbox and will not receive the remote wipe command.

So it is better to leave the victim’s password unchanged so the sync attempt is successful and the device gets wiped


Run the below command to send you a notification email when the device is wiped out


Clear-ActiveSyncDevice -Identity Name -NotificationEmailAddresses administrator@domain.com


Note :

EAS doesn’t have the option to delete only the emails and the remote wipe command deletes the entire data present on the phone. Its better to inform the user before  you perform this action to ensure that he will be losing all of his data present on the device.

Also you can make use of the log parser tool along with this excellent script which will give you detailed information on Active sync devices in which you can see the last connection attempts made if any



Sathish Veerapandian

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: