SfBMac: Cannot connect to EWS after enabling EWS Access Policy

In a recent support case the Skype for Business Mac client wasn’t connecting to Exchange Web Services (EWS) after the EWS Access Policy was configured with the following cmdlets:

Set-CASMailbox -Identity brick@borderlands.lab -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowOutlook $true -EwsAllowMacOutlook $true
Set-CASMailbox -Identity brick@borderlands.lab -EwsAllowList @{add=’UCWA/*’, ‘OC/*’, ‘OWA/*’}

Get-CASMailbox -Identity brick@borderlands.lab | fl Name,EwsApplicationAccessPolicy,EwsAllowOutlook,EwsAllowMacOutlook,EwsAllowList

EWS was working except on Skype for Business Mac, after reviewing the logs the issue was that SfB Mac user agent is SfBForMac.
To fix this we simply add SfBForMac to the EwsAllowList with:

Set-CASMailbox -Identity brick@borderlands.lab -EwsAllowList @{add=’SfBForMac/*’}

Please note that the previous example was only for a test user, we can also configure it on the Organization Level:

Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowOutlook $true -EwsAllowMacOutlook $true -EwsAllowList @{add=’SfBForMac/*’,’UCWA/*’, ‘OC/*’, ‘OWA/*’}

Get-OrganizationConfig |fl Name,EwsApplicationAccessPolicy,EwsAllowOutlook,EwsAllowMacOutlook,EwsAllowList