Blog | G5 Cyber Security

Block Old iPhones from ActiveSync

G5 Cyber Security

TL;DR

Older iPhones using outdated iOS versions can be a cyber security risk when accessing your company’s email and data via ActiveSync. This guide shows you how to block them, improving your overall security.

Blocking Insecure iPhones from Accessing ActiveSync

  1. Identify the Minimum Supported iOS Version: First, decide which is the oldest iOS version you’ll allow to connect. A good starting point is usually two or three versions behind the latest release. Check Apple’s support pages for current and past iOS releases.
  2. Access Exchange Admin Center (EAC): Log in to your Microsoft 365 admin center, then navigate to the Exchange Admin Center. You’ll need appropriate permissions (usually Global Administrator or Exchange Administrator).
  3. Navigate to ActiveSync Device Policies: In the EAC, go to Recipients > Mailboxes. Select a mailbox and then click on the settings cogwheel icon at the bottom of the page, and select Mobile devices.
  4. Create or Modify an ActiveSync Device Policy:
    • If you have existing policies, find one suitable for modification.
    • Otherwise, create a new policy by clicking Add a device policy. Give it a descriptive name (e.g., “iPhone Minimum iOS Version”).
  5. Configure the Policy: This is where you block older devices.
    • Under Device restrictions, expand the section.
    • Find the setting Minimum OS version.
    • Enter the iOS version number you identified in Step 1 (e.g., 15 for iOS 15). This will block any devices with an older iOS version from connecting. 
      Minimum OS version: 15
    • You can also configure other restrictions here, such as requiring a PIN or password.
  6. Assign the Policy: You have several options for assigning the policy:
    • To all users: This is simplest but may affect personal devices you don’t want to restrict.
    • To specific users: Select individual mailboxes to apply the policy to. This gives you more control. 
      Select Mailbox 1, Mailbox 2...
    • To groups: Assign the policy to Active Directory or Microsoft 365 Groups containing the relevant users.
  7. Test the Policy: Before rolling out widely, test with a device running an older iOS version. Verify that it’s blocked from connecting to Exchange Online.
  8. Monitor and Adjust: Regularly review your ActiveSync policies and adjust the minimum OS version as new iOS releases become available. This ensures you maintain a strong cyber security posture.
Exit mobile version