How to get a list of ActiveSync-enabled mailboxes in Exchange Online
Last updated on:In this page
- How to find ActiveSync enabled mailboxes using the EAC
- How to get a list of ActiveSync-enabled mailboxes using Exchange Online PowerShell
- How to view a list of Exchange Online ActiveSync-enabled mailboxes in M365 Manager Plus
- Monitor your Exchange Online protocols and more
- Important tips
- Frequently asked questions
Managing mobile access to Exchange Online is an essential part of maintaining security and compliance across your Microsoft 365 environment. When mobile Exchange ActiveSync access is not properly monitored, users may continue to sync their corporate email accounts on unmanaged or insecure devices. For administrators, tracking all ActiveSync-enabled mailboxes is necessary to ensure only authorized devices are connecting and to identify outdated or risky configurations.
This article explains how to list ActiveSync-enabled mailboxes in Exchange Online using the Exchange admin center (EAC), PowerShell, and ManageEngine M365 Manager Plus, a dedicated Microsoft 365 administration tool.
- Exchange Online
- Graph PowerShell
- M365 Manager Plus
Method 1: How to find ActiveSync enabled mailboxes using the Exchange Admin Center
Prerequisites
You need the Exchange Administrator role applied to the account you use to sign in to the EAC.
Steps
- Log in to the EAC.
- Navigate to Recipients > Mailboxes and click the mailbox you want to check the Exchange ActiveSync status for.
- Under Email apps & mobile devices, click Manage email apps settings.
- Check if the Mobile (Exchange ActiveSync) option is toggled on.
Limitation to consider
The EAC only allows you to view ActiveSync settings of one mailbox at a time. You will have to use Exchange Online PowerShell or a third-party Microsoft 365 administration tool like M365 Manager Plus to export the list of all ActiveSync-enabled mailboxes.
Method 2: How to get a list of ActiveSync-enabled mailboxes using Exchange Online PowerShell (Get-CASMailbox)
Prerequisites
Before using Exchange Online PowerShell, please verify that:
- The Exchange Administrator role is applied to the account you use to sign in to Exchange Online PowerShell.
- You are connected to the Exchange Online PowerShell module.
- To check if the Exchange Online PowerShell module is installed, use this script:
Get-Module -ListAvailable ExchangeOnlineManagement - If it does not return a value, you will have to install the module. To install the Exchange Online PowerShell module, execute this script:
Install-Module ExchangeOnlineManagement -Scope CurrentUser - To connect to Exchange Online PowerShell, run this script:
Connect-ExchangeOnline
- To check if the Exchange Online PowerShell module is installed, use this script:
Using Get-CASMailbox to export a list of ActiveSync-enabled mailboxes
The Get-CASMailbox cmdlet can be used to retrieve client access settings, including the ActiveSync status, for mailboxes.
Use this syntax to retrieve a list of all mailboxes where ActiveSync is enabled:
Get-CASMailbox -Filter "ActiveSyncEnabled -eq $true" -ResultSize Unlimited |
Select-Object DisplayName, PrimarySmtpAddress, ActiveSyncEnabled |
Export-Csv -Path "C:\Reports\ActiveSyncEnabledMailboxes-$(Get-Date -Format yyyyMMdd-HHmmss).csv" -NoTypeInformation -Encoding UTF8
Using the new Get-EXOCASMailbox cmdlet per Microsoft's recommendation
Microsoft recommends using the Get-EXOCASMailbox cmdlet instead of Get-CASMailbox in Exchange Online. The EXO cmdlets are optimized for the cloud service, offer better performance with large datasets, and will continue to be updated.
Use this syntax to retrieve the ActiveSync enabled mailboxes in Exchange Online:
Get-EXOCASMailbox -Filter "ActiveSyncEnabled -eq $true" -ResultSize Unlimited |
Select-Object DisplayName, PrimarySmtpAddress, ActiveSyncEnabled |
Export-Csv -Path "C:\Reports\ActiveSyncEnabledMailboxes-$(Get-Date -Format yyyyMMdd-HHmmss).csv" -NoTypeInformation -Encoding UTF8
Supported parameters
The following table contains some parameters that can be used with the Get-CASMailbox and Get-EXOCASMailbox cmdlets.
| Parameter | Description |
|---|---|
| -Filter | Filters the results based on specific properties. For this use case, it's "ActiveSyncEnabled -eq $true". |
| -ResultSize | Specifies the maximum number of results to return. Unlimited ensures all mailboxes are retrieved. |
| DisplayName | The friendly name of the mailbox. |
| PrimarySmtpAddress | The primary email address of the mailbox. |
| ActiveSyncEnabled | A boolean value ($true/$false) that indicates if mobile Exchange ActiveSync is enabled for the mailbox. |
Method 3: How to view a list of Exchange Online ActiveSync-enabled mailboxes in M365 Manager Plus
- Log in to M365 Manager Plus and click the Reports tab.
- Navigate to Exchange Online > Mobile Reports.
- Click the ActiveSync Enabled Users report to view a comprehensive, prebuilt list of all mailboxes with ActiveSync enabled, along with their ActiveSync mailbox policies and other protocols.
Note: You can click Export As and select your desired file format (CSV, XLSX, PDF, or HTML) to export the list of Exchange ActiveSync mailboxes.
Monitor your Exchange Online protocols and more
M365 Manager Plus’ mailbox management capabilities help you view, monitor, and modify not just your ActiveSync settings, but also other Exchange Online mailbox properties like mailbox quotas, archive status, and inbox rules.
Bulk mailbox management
Handle large-scale mailbox actions—such as enabling features, updating settings, or modifying permissions—through simple, GUI-driven operations. No manual scripts, no repetitive tasks.
Reports on Microsoft 365 mailboxes
Access ready-made reports that cover mailbox size, activity, license usage, storage trends, permission assignments, and more. Get the insights you need without digging through multiple admin centers.
Real-time alerts on mailbox changes
Set up instant alerts for critical mailbox changes, including permission updates, forwarding rule modifications, and configuration changes. Stay aware of risky or unauthorized activity as it happens.
Eliminate PowerShell complexity
Perform mailbox audits, configuration checks, and bulk updates without relying on cmdlets or scripting expertise. One-click actions reduce errors and make mailbox administration more manageable.
Important tips
Enforce MFA for ActiveSync-enabled users: Require MFA to add an additional layer of security for mobile access. MFA helps prevent unauthorized mailbox access even if device credentials are compromised.
Use Allow/Block/Quarantine policies: Implement a default quarantine policy in your Microsoft 365 life cycle workflows. This forces all new devices to be quarantined until an administrator manually approves them, preventing unauthorized access.
Audit mailboxes regularly: Periodically run reports on ActiveSync-enabled mailboxes to ensure users who no longer require mobile access (e.g., in-office staff, former employees) have the feature disabled.
Frequently asked questions
Exchange ActiveSync is a Microsoft-native protocol that synchronizes mailbox data like email, calendars, and contacts between mobile devices and an Exchange Server. It is specifically optimized for high-latency, low-bandwidth mobile networks and includes a framework for administrators to manage devices and enforce security policies, such as remote wipe and PIN requirements.
To disable Exchange ActiveSync for a specific mailbox, use this cmdlet:
Set-CASMailbox user@domain.com -ActiveSyncEnabled $false
No, it prevents future synchronization. Devices remain listed until removed manually.
To troubleshoot a specific device's connection, you can use the Get-EXOMobileDeviceStatistics cmdlet (which replaces the older get-activesyncdevicestatistics). You must first get the device's identity using Get-MobileDevice:
Get-EXOMobileDeviceStatistics -Identity "user@domain.com\ExchangeActiveSyncDevices\ApplDMPN3Q11D1" | Select-Object LastSuccessSync, DevicePolicyApplied