Details
This setting determines whether Exchange allow devices that do not accept security policy updates from the Exchange server to use ActiveSync.
Rationale:
Unmanaged devices are more likely to not comply with an organization’s security policies and to be infected by malicious software.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-MobileDeviceMailboxPolicy -Identity default -AllowNonProvisionableDevices $false
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.