Caution: These instructions block or quarantine new devices until they enroll in the UEM console, at which point, Workspace ONE UEM issues relevant PowerShell cmdlets to allow email access for the newly enrolled devices. Use caution while enforcing device block or quarantine at the Global level on the Exchange server. While using this setting in a production environment, ensure that all your devices are enrolled. Typically, this setting is not used during a trial or evaluation. The cmdlet might also temporarily block or quarantine enrolled devices until they check into AirWatch. Quarantining or blocking devices from accessing email over ActiveSync allows organizations to ensure that only approved (that is, Workspace ONE UEM managed) devices are allowed for email access. Without this enforcement, there is the possibility that unmanaged devices might gain temporary access to corporate email. The temporary access is until the next PowerShell sync process discovers and blocks them. Define a custom email message for users with blocked devices. Microsoft Exchange can then automatically send users a notification to enroll, when their blocked device attempts to access email. For further information, refer http://blogs.technet.com/b/exchange/archive/2010/11/15/3411539.aspx.