Support Tip: Seeing additional Exchange records in the Microsoft Intune Console?


For those of you using Exchange Online, Intune, and the service-to-service connector, you may start seeing some additional Exchange ActiveSync (EAS) records in the Intune Console related to recent changes in the Outlook app for iOS and Android. The Outlook app is improving its reporting of EAS IDs to Exchange Online. Previously, Outlook connections appeared as a single EAS ID for each user in Exchange Online (i.e. a user could connect an iOS and Android device and have it only show up in Exchange once). Moving forward, each device connecting to Exchange Online through the Outlook app will have its own EAS ID. While this is an improvement, this means your existing connections will get a new EAS ID and will cause additional connected devices records.

We’re working to improve your experience and ensure you’ve got the right number of devices reported in Intune. As we work on engineering a fix, please:

  1. Be aware you may see some new EAS device records in addition to the previous ones. The previous Exchange ActiveSync device records will remain in Intune for a period of up to 90 days.
  2. Please filter out the additional device records from your reporting.

In an upcoming Intune release we’ll provide a better workaround, and will keep you posted in this blog.

Comments (2)

  1. Richard Tinker says:

    Does the presence of these records in the Intune console indicate that your tenant has been moved fully to the "Future architecture – Outlook cloud service on Office 365 & Azure" as detailed in the Microsoft white paper "Outlook for iOS & Android – Info for IT Pros" which indicates this benefit (4) as well as 6 other benefits:

    "This architecture has the following benefits when compared with the previous architecture:
    1. User mailbox data stays in place, and therefore continues to respect the data locality and regionality promises of Office 365 for data at rest. Since there is no more cache, the user’s mailbox data is contained within the region in which the tenant is located.
    2. As there is no more cloud cache, mailbox data at rest in Exchange Online continues to meet the commitments outlined in Category D of the Compliance Framework for Office 365, our highest level of commitment, as outlined in the Office 365 Trust Center.
    3. Data passes through service components running in Azure via a TLS secured connection in transit to the Outlook app. These services will achieve certifications for Category C of the Compliance Framework for Office 365, as outlined in the Office 365 Trust Center, around the time of the new architecture launch. Our goal is to eventually move to Category D at a later update.
    4. As there is no mailbox cache, each Outlook connection will register in the Office 365 Admin console and be able to be managed as a unique connection. It will no longer show under a single mobile device identifier.
    5. Outlook will continue to leverage OAuth to protect user’s credentials. See the Passwords & Security section above for more details.
    6. Outlook will enforce admin set policies for PIN/Password, Remote Wipe and Encryption
    7. This update will enable Outlook to take advantage of native Office 365 features it does not support today, such as leveraging full Exchange Online search. More Office 365 features will roll out after the architecture update. "

    1. Hi, Richard - This is related to infrastructure improvements. However it does not mean your tenant has been moved to the new architecture. We will share more details soon when this work is completed.

Skip to main content