Symptoms
When users try to sign in to the Outlook for iOS or Outlook for Android app, they receive the following error message:
"<user email address>" has been blocked on this device by your administrator.
The error occurs in a hybrid Exchange environment, for mailboxes in on-premises Microsoft Exchange Server or Exchange Online.
Cause
You might not have created an Exchange ActiveSync (EAS) device access rule in Exchange Online that allows connections from Outlook for iOS and Outlook for Android.
Resolution
To resolve the issue, follow these steps:
-
Verify that you've enabled support for hybrid Modern authentication in your organization. For more information, see the "Implementation steps" section in Using hybrid Modern Authentication with Outlook for iOS and Android.
-
Create an EAS device access rule in Exchange Online that allows connections from Outlook for iOS and Outlook for Android. To do this, run the following commands:
Connect-ExchangeOnline
New-ActiveSyncDeviceAccessRule -Characteristic DeviceModel -QueryString "Outlook for iOS and Android" -AccessLevel Allow