Enabling Managed Device Compliance policy (PowerShell) without affecting existing managed devices
search cancel

Enabling Managed Device Compliance policy (PowerShell) without affecting existing managed devices


Article ID: 328381


Updated On:




Incorrectly deploying a managed device compliance policy can have negative impact on your email enabled devices.



  1. Set PowerShell Global Access Policy to Allow.
  2. Perform a Mailbox Sync & verify that mailboxes/devices are retrieved & segregated accurately into Managed & Unmanaged devices on the email dashboard.
  3. Notify employee-base stating that AirWatch is being used to manage email access & that employees must enroll into AirWatch by a "pre-decided" date.
  4. Filter the Email>List View to only show Unmanaged devices and delete all Unmanaged records from the dashboard
  5. Enable Email>Compliance Policies>General Email Policies> Managed Device & Run Compliance from the dashboard.
  6. Verify all existing Managed devices are Compliant and Allowed by navigating to Email>List View and verifying the reason is Compliant.
  7. Once the "pre-decided" date is reached, enable Exchange/Office365 to block all devices by default (i.e. Global Access policy is set to Block). At this time, devices (e.g. unmanaged) that have NOT been explicitly allowed by AirWatch will get blocked until enrollment into AirWatch.
  8. Perform an additional Mailbox Sync (to resync Unmanaged records) & Run Compliance from the dashboard. Monitor the environment to make sure that devices that are expected to be blocked are indeed being blocked by AirWatch. Compliance rules are executed against the information that is known to AirWatch at that time (as highlighted above).
  9. Now, Exchange/Office365 has been configured to block all devices by default unless AirWatch allows it due to enrollment / compliance events. Thus, the email environment is secured by AirWatch to ensure only managed & compliant devices can access email. You will need to Run Compliance for bulk compliance evaluation but should be notified that every time a device checks into AirWatch, compliance is evaluated for the managed device & appropriate actions are taken in real-time.