REST API for Mobile Device Management (Block/Deny/Allow)
We currently quarantine devices that are using native mail clients on iOS, Android and Windows Phone. The quarantine email the user receives instructs them to visit a custom web application only available within our corporate network to then approve their device. This is in place to provide a pseudo multi-factor experience since the native mobile applications do not support MFA.
When a user "approves" their device, the custom web application uses Exchange PowerShell Remoting to "Allow" the device for the user. We have been using this approach on premise for quite a few years now and it has been working flawlessly.
Now that we are moving to Exchange Online, we have to take care to tightly manage the remote PowerShell connections to Exchange Online because of the connection throttling that Exchange Online has in place to protect the service.
It would be great if there was a REST API available to perform these sort of management operations for mobile devices. Getting PowerShell to work in the context of a web application on the server side has a lot of challenges that need to be overcome. Not to mention, the process to build up a remote connection to Exchange Online takes 20+ seconds to build up and tear down. REST API would be a much lighter weight and modern solution to manage things in Exchange Online than PowerShell.
We are also aware that the Outlook App for iOS and Android support MFA. However, until the Outlook App is closer in feature parity to the native application, we are not able to move to the application. Specifically, contact sync, calendar shortcomings and lack of notes/task sync is what is keeping us from fully adopting the Outlook for iOS and Android app at this point in time.
Also consider adding other mailbox information. What retention policy is applied, when where mobile devices last synchronized, list of mobile devices for a user.