The Exchange Management Shell includes various cmdlets commands to configure everything from mailbox quotas to SMTP relay settings. Cmdlets are typically named with a <verb> - <noun> convention, such as in Get-CASMailbox. Workspace ONE UEM uses the PowerShell cmdlets to establish the remote PowerShell session.


  • Creates a persistent PowerShell connection to a local or remote host. Once the session is open, the client can perform any number of PowerShell commands.
  • Performs Set-CASMailbox and updates three distinct parameters for a mailbox when Workspace ONE UEM uses this connection: ActiveSyncAllowedDeviceIDs, ActiveSyncBlockedDeviceIDs, and ActiveSyncEnabled.

    For example:

    • New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck–ProxyAccessType WinHttpConfig
    • New-PSSession –ConfigurationName $configurationName -ConnectionUri $connectionUri -Credential $cred -Authentication $authentication-AllowRedirection -SessionOption $proxyOption


Helps to import PowerShell commands from one PowerShell session to another. For example:

  • Import-PSSession –AllowClobber -CommandName $commandToImport -FormatTypeName


Allows the client to modify its preferences for the PowerShell run policy. Set-ExecutionPolicy also helps to determine if the client has the permissions necessary to perform certain PowerShell commands.


Helps to block or allow client access to specific user’s mailboxes over several client applications, including ActiveSync. Using this cmdlet, Workspace ONE UEM can block particular devices or users from accessing ActiveSync based on the device compliance and user compliance to MDM policies. Workspace ONE UEM specifically uses the following arguments to this cmdlet. For example:

  • Set-CASMailbox "acmeuser" - ActiveSyncAllowedDeviceIDs{Appl123456ABCD78} - ActiveSyncBlockedDeviceIDs $null - ActiveSyncEnabled $true
    Note: The Set-CASMailbox cmdlet operates on one mailbox at a time and can configure properties for Exchange ActiveSync. You can configure a single property or multiple properties by using one statement.
  • ActiveSyncAllowedDeviceIDs - Helps to allow particular device IDs that can access the mailbox through ActiveSync. The ActiveSyncAllowedDeviceIDs parameter accepts a list of device IDs that are allowed to synchronize with the mailbox.
  • ActiveSyncBlockedDeviceIDs - Helps to block particular device IDs that cannot access the mailbox using ActiveSync. The ActiveSyncBlockedDeviceIDs parameter accepts a list of device IDs that are not allowed to synchronize with the mailbox.
  • ActiveSyncEnabled - Helps to activate or deactivate ActiveSync access for a particular mailbox. TheActiveSyncEnabled parameter specifies whether to enable Exchange ActiveSync.


Returns the list of attributes of a mailbox. This cmdlet is also used for performing one time sync of mailbox. For example:

  • Get-CASMailbox "acmeuser"|Select ActiveSyncAllowedDeviceIDs,ActiveSyncBlockedDeviceIDs
  • Get-CASMailbox –Filter $filter $–ResultSize Unlimited
  • Get-CasMailbox –Identity $identity

Set-ADServer Settings

  • Set-AdServerSettings –ViewEntireForest $true/$false


Retrieves a list of devices in your organization that have active Microsoft Exchange ActiveSync partnerships. This cmdlet is also used for performing one time sync of mailbox. Administrators must now select the Exchange 2010 MEMconfig option for 'Get-ActiveSyncDevice', and the Exchange 2013/Office 365 option for 'Get-MobileDevice'.

  • For Exchange 2010:
    • Get - ActiveSyncDevice –Mailbox "acmeuser"
    • Get-ActiveSyncDevice –ResultSize Unlimited
    • Get-ActiveSyncDevice –Mailbox $mailbox
  • For Exchange 2013/2016/2019/Office 365:
    • Get-MobileDevice –Mailbox "acmeuser"
    • Get-MobileDevice –ResultSize Unlimited
    • Get-MobileDevice –Mailbox $mailbox


The Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory. For example:

  • Get-OrganizationalUnit


Deletes all user data from a mobile phone the next time that the device receives data from the server (for example, syncs with Microsoft Exchange Server 2010). Sets the DeviceWipeStatus parameter to $true in Exchange. For example:

  • Clear-ActiveSyncDevice –Identity $identity –Confirm $true/$false


Closes or ends the Windows PowerShell session.