Exchange ActiveSync getting failedSolved

Participant
Discussion
9 months ago

Hey all

When I am trying to add my work account on my device suddenly, I see this new warning “Unable to Add Account”. It seems like we need to disable the Stolen Device Protection option before adding the account. Does anybody know why this is happening?

Replies (7)

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

Hello @Dylan

I couldn’t find the Stolen Device Protection feature on my iPhone. Could you specify where I can locate it exactly?

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

Hello @Nancy

Stolen Device Protection is apparently a new feature released by Apple for devices running iOS 17.3 or later. You can find this feature under Settings > Face ID & Passcode. I don’t understand how having this feature turned on is restricting me from adding a work account on my device.

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

Hey @Dylan

Seems like Apple mentioned something about turning off the Stolen Device Protection in their docs, you can check that out.

https://support.apple.com/en-in/105128#:~:text=Unless%20you%20are%20in%20a,it%20once%20configuration%20is%20complete

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

Hello @Damaris

I’ve come across the Apple document, as well as the document on Stolen Device Protection. I’ve also discovered that for devices running iOS 17.3, you must disable Stolen Device Protection to configure Exchange ActiveSync or enroll the device in any MDM. However, starting from iOS 17.4, Apple allows you to enroll your device in an MDM or configure an Exchange account without disabling Stolen Device Protection. Yet, there’s no explanation provided for why the Stolen Device Protection feature needs to be disabled in order to add an Exchange account.

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

Hey @Dylan,

I hear you, buddy. When I was researching this topic, I found out that Exchange comes with a few MDM capabilities, such as remote device wipe. So, I think this might be the reason why the Stolen Device Protection (SDP) is trying to prevent you from adding an Exchange account to your device.

https://learn.microsoft.com/en-us/mem/configmgr/mdm/deploy-use/manage-mobile-devices-with-exchange-activesync#:~:text=If%20you%20have,multiple%20Exchange%20servers.

I just want to share a few insights I had while testing this that could be of help. When Apple released this feature with the iOS 17.3 update, they might have intended that no critical changes should be made when the iPhone is in an unfamiliar location. So, whenever your device is in an unfamiliar location, you have to go through a security delay in order to make changes to any critical settings mentioned by Apple. You can’t even turn off the SDP when you are in an unfamiliar location without waiting through the delay period. Apparently, Apple wants users to have this extra layer of protection where they can mark the device as lost within this 1-hour span of the delay period.

So, after the delay period, you get to use biometrics to turn off the SDP in order to make any critical changes to the device. From iOS 17.4, though you still have to wait throughout the 1-hour delay period when your device is in an unfamiliar place. After the delay period, this time you don’t have to disable SDP to make any critical changes on the device. You can just use your biometrics to make changes to settings individually. Each option can be unlocked using your biometrics and modified.

PS: As I mentioned, when your device is in an unfamiliar location, only the device biometrics like Face ID or Touch ID can be used to modify those settings. You cannot use a passcode to turn off stolen device protection. Even after the delay period is done, you must authenticate with biometrics to make changes to system-critical settings. This could be a step to ensure that the device is with its owner.

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

Hello @Eugene

Those are helpful insights, man. Do you happen to know if we could check, by any chance, what these familiar places are for my device? Does my iPhone store it somewhere locally on the device? It is not mentioned anywhere in the Apple document regarding ‘Stolen Device Protection’ where we can see what the familiar places are. Any information regarding that could be of much help, man. Thanks in advance.

Marked SolutionPending Review
Participant
9 months ago
Marked SolutionPending Review

Hey @Kipp,

I’m glad it helped. Regarding your question, you can find those familiar locations on your iOS device in the following location:

Settings > Privacy & Security > Location Services > System Services > Significant Locations

Your device uses location services and saves the locations you visit frequently for longer periods. You’ll also have an option to clear the location history from the device.

Save