A user's domain account is locked out unexpectedly in a managed environment in Microsoft Office 365 dedicated.
This issue may occur because a mobile device or other Microsoft Exchange ActiveSync (EAS) application that has an incorrect or expired cache tries to obtain access to the user's mailbox. Windows group policies can be configured to lock out an account after multiple unsuccessful password submissions.
The detailed information about the device type and the last sync time can identify devices that try to connect to the mailbox. You should examine each device to determine whether you used the correct password. To resolve this issue, use one of the following methods, as appropriate for your situation, to check the devices that try to connect to the mailbox.
UsersYou can view all ActiveSync devices that connect to the mailbox by using EAS through Microsoft Outlook Web App (OWA). To do this, follow these steps:
- Log on to the mailbox through OWA.
- Select Options, and then select See All Options.
- In the left navigation pane, Select Phone, and then click Mobile Phones.
AdministratorsAdministrators who are members of the following self-service groups should run a Windows PowerShell cmdlet:
- The EAS Policy Editor self-service group
- The EAS User Settings self-service group
- The Limited Recipient Management self-service group
- The Protocol Control self-service group
- The Recipient Admin VO self-service group
Note For Exchange 2013, use Get-MobileDeviceStatistics. See TechNet article Get-MobileDeviceStatistics for more information.
Get-ActiveSyncDeviceStatistics -mailbox <user stmp> | fl DeviceType,FirstSyncTime,LastSyncAttemptTime,DeviceUserAgent,DeviceFriendlyName,DeviceOS
Article ID: 2810886 - Last Review: Apr 18, 2016 - Revision: 1
Microsoft Business Productivity Online Dedicated, Microsoft Business Productivity Online Suite Federal