When you migrate your devices to PowerShell, you are securing your devices and syncing the devices with Exchange or Office 365 for emails. PowerShell environment discovers managed and unmanaged devices and with the help of email access control policies gives access to only approved users and devices.

To migrate to PowerShell:

  1. Configure PowerShell integration at your required organization group under Global in the AirWatch Console. For information on how to configure PowerShell, see Enable PowerShell Integration in AirWatch.
  2. Configure the integration with user groups (either custom or pre-defined).
  3. Test the PowerShell functionality with a subset of users (for example, test users) to ensure the following features work:
    • Syncing with the email server to discover devices.
    • Access control in real time.
  4. Disable all compliance policies temporarily.
  5. Provision a new email profile to all devices that have enrolled into AirWatch with the email server hostname.
    •  Complete this step to remove the email profile from the device using Device Compliance policies.
  6. Sync with the email server to discover all devices (managed and unmanaged) that are syncing for email.
  7. Periodically remind users with unmanaged devices to enroll into AirWatch.
  8. Activate and enforce compliance rules to block email access from all non-compliant devices on a specific date, including the unmanaged devices.
  9. Set up the email server to block all devices by default.
  10. Sync with the email server to retrieve a list of allowed and blocked devices (as a result of the above policy change) and Run Compliance against these devices. When this is done, the Email Dashboard displays:
    •  Unmanaged devices as blocked.
    •   Managed devices are allowed for email.

Workaround for Boxer Flexible Deployment

Boxer flexible deployment involves creating single or multiple smart group based assignment groups and

deploying Boxer as a public application. Different Boxer email settings can be deployed to a specific to a set of users in your organization. For more information about configuring VMware Boxer as a public application, see Configure and Deploy VMware Boxer and VMware Boxer Email Settings.

During a MEM Exchange migration in PowerShell deployment, email access is denied to the users who have Boxer deployed as a public application on their devices.

The email access is restricted by compliance policies that does not allow the device type values created as part of Boxer deployment. To allow uninterrupted email access, allow the device types by configuring a device access rule on the Exchange Admin Center.

You can follow these steps to configure a device access rule for Office 365 to allow email access to devices installed with Boxer:


The instructions can be followed on other Exchange versions to prevent compliance restriction during MEM migration.

  1. Log in to the Exchange Control Panel.
  2. Select Mobile.
  3. To add a new rule, select the '+' icon under Device Access Rules.

  4. From Device family, select browse, and then select BoxerManagediPhone, BoxerManaged iPad, or BoxerManagedAndroid. Select OK.

  5. From Only this model, select All models.
  6. Select Allow access for the rule.

  7. Repeat step 4 for other BoxerManaged devices.