How do I identify devices running old Exchange ActiveSync versions before the deadline?

Home » Microsoft » How do I identify devices running old Exchange ActiveSync versions before the deadline?

Table of Contents

Will my mobile email stop working with Exchange Online after March 1, 2026?
Understanding the Protocol Shift
The Requirement
The Consequence
Impact Assessment on Mobile Fleets
Technical Discovery: Identifying Non-Compliant Devices
Scope of Enforcement

Will my mobile email stop working with Exchange Online after March 1, 2026?

Microsoft is enforcing a strict security update for Exchange Online. Effective March 1, 2026, the service will block connections from mobile devices using Exchange ActiveSync (EAS) versions older than 16.1. This change (referenced in MC1197103) addresses security vulnerabilities and reliability issues inherent in outdated protocols.

As an administrator, you must verify your mobile fleet immediately. Any device failing to meet this requirement will stop synchronizing emails, calendars, and contacts on the deadline.

Understanding the Protocol Shift

Exchange ActiveSync (EAS) is the XML-based protocol that connects mobile clients to your messaging server via HTTP/HTTPS. While it facilitates data synchronization and policy management, older iterations lack modern security standards.

The Requirement

Microsoft requires EAS v16.1 or higher. This version, originally released in June 2016, introduces enhanced keyword search, draft synchronization, and superior account reliability.

The Consequence

Devices utilizing EAS v16.0 or lower will lose connectivity to Exchange Online. This blockage happens at the tenant level and cannot be bypassed by individual device settings.

Impact Assessment on Mobile Fleets

Most modern devices already support this standard, but legacy systems remain at risk.

iOS Devices: Apple has supported EAS 16.1 since iOS 10. Devices running iOS 10 or later are compliant.
Android Devices: Compliance depends on the mail application.
- Samsung Mail: Recent versions support 16.1. Ensure users update the app.
- Gmail App: Updated versions are compliant.
- Native/Third-Party Apps: These vary significantly. You must check specific application documentation.
Outlook Mobile: This application uses a different sync architecture and is not affected by this EAS limitation.

Technical Discovery: Identifying Non-Compliant Devices

You must proactively identify users relying on outdated protocols. Reliance on user self-reporting is inefficient. Use Exchange Online PowerShell to generate an audit report of vulnerable devices.

The following script filters your mobile device list. It isolates connections where the client type is EAS and the version is strictly less than 16.1.

Get-MobileDevice -ResultSize Unlimited | Where-Object {
($_.ClientType -eq 'EAS' -or $_.ClientType -match 'ActiveSync') -and
$_.ClientVersion -and
([version]$_.ClientVersion -lt [version]'16.1')
} | Sort-Object UserDisplayName | Select-Object UserDisplayName, Identity, DeviceId, DeviceModel | Format-List

Script Logic:

Get-MobileDevice: Retrieves all mobile device associations.
Where-Object: Filters for EAS clients specifically.
Version Comparison: Casts the client version string to a comparable [version] object to ensure accurate numerical comparison against ‘16.1’.
Output: Lists the user, device ID, and model for remediation.

Scope of Enforcement

This mandate applies exclusively to Exchange Online (Microsoft 365).

If you manage an On-Premises Exchange Server, this deprecation does not affect your local infrastructure. However, keeping on-premises protocols updated remains a best practice for security hygiene.