Mobile Device Mailbox Policy – Change it with PowerShell!

Another post, another large PowerShell script. This script is an attempt to make modifying the Mobile Device Mailbox Policies. It is menu driven:

MobileDevice Menu

… and provides access to all the settings that can be configured on the policy. Note that some changes could trigger an Enterprise CAL requirement, so plan ahead before making changes. The script will not allow the creation of a new policy, nor will it assign one to users. If there is interest, I may add that later. For now this is simply for changing settings on the policies.

In Action
The script is split up into multiple parts and multiple menus. The groupings were done for logical reasons as well as to mimic a previous grouping for these settings. Let’s look at the menu structure:

MenuTree-MobileDevice

As you can see all the options for the Mobile Device Mailbox Policy are available. You can change most settings at will, for example if I wanted to set one of the Password Policy options like Require Device Encryption, I would enter the ‘Configure Password Policy’ menu, select option 4 for ‘Configure Device Encryption Enabled’ and then change the setting to what I needed:

DeviceEncryptionEnabled

Looking closer at the screenshot, you will see that the script also checks the value before and after to make sure the results are what you want them to be. Now if we wanted to change an SMIME option, we can go to the SMIME menu from the main menu (Option 9 from the main menu) and let’s change the ‘Allow SMIME Soft Certs’ setting:

smimesoftcerts

The script functions used by this script were built in a similar fashion to the last large scripts I’ve written recently The cookie cutter approach has allowed me to build a script of this size in a matter of hours and not days.

The Entire Script

<#  
.SYNOPSIS
   Configure all options on the Mobile Device Mailbox Polices	

.DESCRIPTION  
    

.NOTES  
    Version      		: 1.0
    Wish list			: Keep track of changes for auditing or reporting purposes (other than a transcript file)
                        : Add the ability to create a brand new policy from the same script
                        : Log changes to Event Logs?
    Rights Required		: Local admin on server
    Sched Task Req'd	: No
    Exchange Version	: 2013
    Author       		: Just A UC Guy [JAUCG]
    Email/Blog/Twitter	: ( ) 	https://justaucguy.wordpress.com/
    Dedicated Blog		: https://justaucguy.wordpress.com/
    Disclaimer   		: You are on your own.  This was not written by, support by, or endorsed by Microsoft.
    Info Stolen from 	: None, all hand written code.

.LINK  
[TBD]

.EXAMPLE
	.\Changes-OWAAuthSettings

.INPUTS
	None. You cannot pipe objects to this script.
#>

param(
	[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)] 
	[string] $strFilenameTranscript = $MyInvocation.MyCommand.Name + " " + (hostname)+ " {0:yyyy-MM-dd hh-mmtt}.log" -f (Get-Date),
	[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$true, Mandatory=$false)] 
	[string] $TargetFolder = "c:\Install",
	# [string] $TargetFolder = $Env:Temp
	[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)] 
	[bool] $WasInstalled = $false,
	[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)] 
	[bool] $RebootRequired = $false,
	[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)] 
	[string] $opt = "None",
	[parameter(ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$false, Mandatory=$false)] 
	[bool] $HasInternetAccess = ([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]'{DCB00C01-570F-4A9B-8D69-199FDBA5723B}')).IsConnectedToInternet)
)

Start-Transcript -path .\$strFilenameTranscript | Out-Null
$error.clear()
Clear-Host
Pushd


write-host " "
write-host "WARNING: Changing some options may require a Premium CAL for Exchange." -ForegroundColor Red
write-host " "
write-host "Choose Option 1 to choose the policy to modify - REQUIRED." -ForegroundColor Green
write-host " "
write-host " "
start-sleep 2

[string] $menu = @'
	
    ***********************************************************
           Mobile Device Mailbox Policy
    ***********************************************************

    (1)  Choose which policy to modify - REQUIRED!

    (2)  Configure General Settings
    (3)  Configure Sync Settings                        
    (4)  Configure Device Settings             
    (5)  Configure Password Policy
    (6)  Configure Device Applications
    (7)  Configure Device Features
    (8)  Configure File and SharePoint Access
    (9)  Configure Device SMIME


    (99) Exit

Select an option.. [1-9 or 99]?
'@

[string] $menu2 = @'
	
    ***********************************************************
                General Settings Sub Menu
    ***********************************************************

    (1) Set IsDefault
    (2) Change Policy Name
    (3) Change the Device Policy Refresh Interval
    (4) Change the Allow Non Provisionable Devices
    
    (5) Exit to the main menu

Select an option.. [1-5]?
'@

[string] $menu4 = @'
	
    ***********************************************************
                Configure Sync Settings Sub Menu
    ***********************************************************

    (1) Configure AllowHTMLEmail
    (2) Configure Max Attachment Size
    (3) Configure Max Calendar Age Filter
    (4) Configure Max Email Age Filter
    (5) Configure Max Email Body Truncation Size
    (6) Configure Max Email HTML Body Truncation Size
    (7) Configure Attachments Enabled
    (8) Configure Require Manual Sync When Roaming
        
    (9) Exit to the main menu

Select an option.. [1-9]?
'@

[string] $menu5 = @'
	
    ***********************************************************
                Configure Device Settings Sub Menu
    ***********************************************************

    (1) Configure Allow Storage Card
    (2) Configure Allow Camera
    (3) Configure Allow Bluetooth
    (4) Configure Allow WiFi
    (5) Configure Allow Internet Sharing
    (6) Configure Allow Remote Desktop
    (7) Configure Allow Desktop Sync
    (8) Configure Require Storage Card Encryption
    
    (9) Exit to the main menu

Select an option.. [1-9]?
'@

[string] $menu6 = @'
	
    ***********************************************************
                Confgure Password Policy Sub Menu
    ***********************************************************

    (1)  Configure Password Enabled
    (2)  Configure Allow Simple Password
    (3)  Configure Alphanumeric Password Required
    (4)  Configure Device Encryption Enabled
    (5)  Configure Password Expiration
    (6)  Configure Password History
    (7)  Configure Password Recovery Enabled
    (8)  Configure Require Device Encryption
    (9)  Configure MaxPassword Failed Attempts
    (10) Configure Min Password Complex Characters
    (11) Configure Min Password Length
    (12) Configure Max Inactivity TimeLock

    (13) Exit to the main menu

Select an option.. [1-13]?
'@

[string] $menu7 = @'
	
    ***********************************************************
           Configure Device Applications Sub Menu
    ***********************************************************

    (1) Configure Allow Browser
    (2) Configure Allow Consumer Email
    (3) Configure Allow Unsigned Applications
    (4) Configure Allow Unsigned Installation Packages
    (5) Configure Approved Application List
    (6) Configure Unapproved InROM Application List
    
    (7) Exit to the main menu

Select an option.. [1-7]?
'@

[string] $menu8 = @'
	
    ***********************************************************
              Configure Device Features Sub Menu
    ***********************************************************

    (1) Configure Allow External Device Management
    (2) Configure Allow IrDA
    (3) Configure Allow POP IMAP Email
    (4) Configure Allow Text Messaging
    (5) Configure Irm Enabled

    (6) Exit to the main menu

Select an option.. [1-8]?
'@

[string] $menu9 = @'
	
    ***********************************************************
          Configure File And Share Point Access Sub Menu
    ***********************************************************

    (1) Configure UNC Access Enabled
    (2) Configure WSS Access Enabled

    (3) Exit to the main menu

Select an option.. [1-3]?
'@


[string] $menu10 = @'
	
    ***********************************************************
              Configure Device SMIME Sub Menu
    ***********************************************************

    (1) Configure Allow SMIME Encryption Algorithm Negotiation
    (2) Configure Allow SMIME Soft Certs
    (3) Configure Require Encrypted SMIME Messages
    (4) Configure Require Encryption SMIME Algorithm
    (5) Configure Require Signed SMIME Algorithm
    (6) Configure Require Signed SMIME Messages

    (7) Exit to the main menu

Select an option.. [1-7]?
'@

# Functions that configure each option for the mailbox policy



function AllowApplePushNotifications {
     write-host " "
     write-host "Allow Apple Push Notifications - Before:" -foregroundcolor green
     $AllowApplePushNotification = $value.AllowApplePushNotifications
     write-host 'AllowApplePushNotification = '$AllowApplePushNotification
     write-host " "
     write-host  "Change Allow Apple Push Notifications Value? " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Apple Push Notifications to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowApplePushNotifications $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowApplePushNotifications $false }
         write-host " "
         write-host "Allow Apple Push Notifications - After:" -foregroundcolor cyan
         $value = get-MobileDeviceMailboxPolicy;foreach ($line in $value) {$line.servername+","+$line.AllowApplePushNotifications}
     }
} # End of AllowApplePushNotifications


# Device Settings Functions

function AllowStorageCard {
     write-host " "
     write-host "Allow Storage Card - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowStorageCard
     write-host " "
     write-host  "Change Allow Storage Card Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Storage Card to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowStorageCard $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowStorageCard $false }
         write-host " "
         write-host "Allow Storage Card - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowStorageCard = $value.AllowStorageCard
         $AllowStorageCard
     }
} # End of AllowStorageCard

function AllowCamera {
     write-host " "
     write-host "Allow Camera - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowCamera
     write-host " "
     write-host  "Change Allow Camera Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Camera to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowCamera $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowCamera $false }
         write-host " "
         write-host "Allow Camera - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowCamera = $value.AllowCamera
         $AllowCamera
     }
} # End of AllowCamera

function AllowBluetooth {
     write-host " "
     write-host "Allow Bluetooth - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowBluetooth
     write-host " "
     write-host  "Change Allow Bluetooth Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Bluetooth to (d) Disable, (h) HandsfreeOnly or (a) Allow"
         if ($answer -eq "d") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBluetooth Disable }
         if ($answer -eq "h") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBluetooth Handsfreeonly }
         if ($answer -eq "a") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBluetooth Allow }
         write-host " "
         write-host "Allow Bluetooth - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowBluetooth = $value.AllowBluetooth
         $AllowBluetooth
     }
} # End of AllowBluetooth

function AllowWiFi {
     write-host " "
     write-host "Allow WiFi - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowWiFi
     write-host " "
     write-host  "Change Allow WiFi Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow WiFi to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowWiFi $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowWiFi $false }
         write-host " "
         write-host "Allow WiFi - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowWiFi = $value.AllowWiFi
         $AllowWiFi
     }
} # End of AllowWiFi

function AllowInternetSharing {
     write-host " "
     write-host "Allow Internet Sharing - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowInternetSharing
     write-host " "
     write-host  "Change Allow Internet Sharing Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Internet Sharing to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowInternetSharing $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowInternetSharing $false }
         write-host " "
         write-host "Allow Internet Sharing - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowInternetSharing = $value.AllowInternetSharing
         $AllowInternetSharing
     }
} # End of AllowInternetSharing

function AllowRemoteDesktop {
     write-host " "
     write-host "Allow Remote Desktop - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowRemoteDesktop
     write-host " "
     write-host  "Change Allow Remote Desktop Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Remote Desktop to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowRemoteDesktop $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowRemoteDesktop $false }
         write-host " "
         write-host "Allow Remote Desktop - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowRemoteDesktop = $value.AllowRemoteDesktop
         $AllowRemoteDesktop
     }
} # End of AllowRemoteDesktop

function AllowDesktopSync {
     write-host " "
     write-host "Allow Desktop Sync - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowDesktopSync
     write-host " "
     write-host  "Change Allow Desktop Sync Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Desktop Sync to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowDesktopSync $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowDesktopSync $false }
         write-host " "
         write-host "Allow Desktop Sync - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowDesktopSync = $value.AllowDesktopSync
         $AllowDesktopSync
     }
} # End of AllowDesktopSync

function RequireStorageCardEncryption {
     write-host " "
     write-host "Require Storage Card Encryption - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).RequireStorageCardEncryption
     write-host " "
     write-host  "Change Require Storage Card Encryption Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Require Storage Card Encryption to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireStorageCardEncryption $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireStorageCardEncryption $false }
         write-host " "
         write-host "Require Storage Card Encryption - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $RequireStorageCardEncryption = $value.RequireStorageCardEncryption
         $RequireStorageCardEncryption
     }
} # End of RequireStorageCardEncryption

#  Configure Sync Settings

function AllowHTMLEmail {
     write-host " "
     write-host "Allow HTML Email - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowHTMLEmail
     write-host " "
     write-host  "Change Allow HTML Email Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow HTML Email to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowHTMLEmail $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowHTMLEmail $false }
         write-host " "
         write-host "Allow HTML Email - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowHTMLEmail = $value.AllowHTMLEmail
         $AllowHTMLEmail
     }
} # End of AllowHTMLEmail

function MaxAttachmentSize {
     write-host " "
     write-host "Max Attachment Size - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).MaxAttachmentSize
     write-host " "
     write-host  "Change Max Attachment Size Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Max Attachment Size"
         get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MaxAttachmentSize $answer
         write-host " "
         write-host "Max Attachment Size - After:" -foregroundcolor cyan
        (Get-MobileDeviceMailboxPolicy $policy).MaxAttachmentSize
     }
} # End of MaxAttachmentSize




# DEVICE APPLICATIONS

function AllowBrowser {
     write-host " "
     write-host "Allow Browser - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowBrowser
     write-host " "
     write-host  "Change Allow Browser Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Browser to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBrowser $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowBrowser $false }

         write-host " "
         write-host "Allow Browser - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowBrowser = $value.AllowBrowser
         $AllowBrowser
     }
} # End of AllowBrowser

function AllowConsumerEmail {
     write-host " "
     write-host "Allow Consumer Email - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowConsumerEmail
     write-host " "
     write-host  "Change Allow Consumer Email Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Consumer Email to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowConsumerEmail $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowConsumerEmail $false }

         write-host " "
         write-host "Allow Consumer Email - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowConsumerEmail = $value.AllowConsumerEmail
         $AllowConsumerEmail
     }
} # End of AllowConsumerEmail

function AllowUnsignedApplications {
     write-host " "
     write-host "Allow Unsigned Applications - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowUnsignedApplications
     write-host " "
     write-host  "Change Allow Unsigned Applications Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Unsigned Applications to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedApplications $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedApplications $false }

         write-host " "
         write-host "Allow Unsigned Applications - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowUnsignedApplications = $value.AllowUnsignedApplications
         $AllowUnsignedApplications
     }
} # End of AllowUnsignedApplications

function AllowUnsignedInstallationPackages {
     write-host " "
     write-host "Allow Unsigned Installation Packages - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowUnsignedInstallationPackages
     write-host " "
     write-host  "Change Allow Unsigned Installation Packages Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Unsigned Installation Packages to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedInstallationPackages $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowUnsignedInstallationPackages $false }

         write-host " "
         write-host "Allow Unsigned Installation Packages - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowUnsignedInstallationPackages = $value.AllowUnsignedInstallationPackages
         $AllowUnsignedInstallationPackages
     }
} # End of AllowUnsignedInstallationPackages

function ApprovedApplicationList {
     write-host " "
     write-host "Approved Application List - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).ApprovedApplicationList
     write-host " "
     write-host  "Change Approved Application List Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Approved Application List to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -ApprovedApplicationList $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -ApprovedApplicationList $false }

         write-host " "
         write-host "Approved Application List - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $ApprovedApplicationList = $value.ApprovedApplicationList
         $ApprovedApplicationList
     }
} # End of ApprovedApplicationList

function UnapprovedInROMApplicationList {
     write-host " "
     write-host "Unapproved In ROM Application List - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).UnapprovedInROMApplicationList
     write-host " "
     write-host  "Change Unapproved In ROM Application List Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Unapproved In ROM Application List to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UnapprovedInROMApplicationList $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UnapprovedInROMApplicationList $false }

         write-host " "
         write-host "Unapproved In ROM Application List - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $UnapprovedInROMApplicationList = $value.UnapprovedInROMApplicationList
         $UnapprovedInROMApplicationList
     }
} # End of UnapprovedInROMApplicationList

# DEVICE Features


function AllowExternalDeviceManagement {
     write-host " "
     write-host "Allow External Device Management - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowExternalDeviceManagement
     write-host " "
     write-host  "Change Allow External Device Management Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow External Device Management to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowExternalDeviceManagement $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowExternalDeviceManagement $false }

         write-host " "
         write-host "Allow External Device Management - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowExternalDeviceManagement = $value.AllowExternalDeviceManagement
         $AllowExternalDeviceManagement
     }
} # End of AllowExternalDeviceManagement

function AllowIrDA {
     write-host " "
     write-host "Allow IrDA - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowIrDA
     write-host " "
     write-host  "Change Allow IrDA Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow IrDA to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowIrDA $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowIrDA $false }

         write-host " "
         write-host "Allow IrDA - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowIrDA = $value.AllowIrDA
         $AllowIrDA
     }
} # End of AllowIrDA

function AllowPOPIMAPEmail {
     write-host " "
     write-host "Allow POP IMAP Email - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowPOPIMAPEmail
     write-host " "
     write-host  "Change Allow POP IMAP Email Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow POP IMAP Email to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowPOPIMAPEmail $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowPOPIMAPEmail $false }

         write-host " "
         write-host "Allow POP IMAP Email - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowPOPIMAPEmail = $value.AllowPOPIMAPEmail
         $AllowPOPIMAPEmail
     }
} # End of AllowPOPIMAPEmail

function AllowTextMessaging {
     write-host " "
     write-host "Allow Text Messaging - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowTextMessaging
     write-host " "
     write-host  "Change Allow Text Messaging Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Text Messaging to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowTextMessaging $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowTextMessaging $false }

         write-host " "
         write-host "Allow Text Messaging - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowTextMessaging = $value.AllowTextMessaging
         $AllowTextMessaging
     }
} # End of AllowTextMessaging

function IrmEnabled {
     write-host " "
     write-host "Irm Enabled - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).IrmEnabled
     write-host " "
     write-host  "Change Irm Enabled Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Irm Enabled to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -IrmEnabled $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -IrmEnabled $false }

         write-host " "
         write-host "Irm Enabled - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $IrmEnabled = $value.IrmEnabled
         $IrmEnabled
     }
} # End of IrmEnabled


# SMIME Section
function AllowSMIMEEncryptionAlgorithmNegotiation {
     write-host " "
     write-host "Allow SMIME Encryption Algorithm Negotiation - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowSMIMEEncryptionAlgorithmNegotiation
     write-host " "
     write-host  "Change Allow SMIME Encryption Algorithm Negotiation Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow SMIME Encryption Algorithm Negotiation to  (a) AllowAnyAlgorithmNegotiation, (b) BlockNegotiation or (o) OnlyStrongAlgorithmNegotiation"
         if ($answer -eq "a") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMEEncryptionAlgorithmNegotiation AllowAnyAlgorithmNegotiation }
         if ($answer -eq "b") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMEEncryptionAlgorithmNegotiation BlockNegotiation }
         if ($answer -eq "o") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMEEncryptionAlgorithmNegotiation OnlyStrongAlgorithmNegotiation }
         write-host " "
         write-host "Allow SMIME Encryption Algorithm Negotiation - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowSMIMEEncryptionAlgorithmNegotiation = $value.AllowSMIMEEncryptionAlgorithmNegotiation
         $AllowSMIMEEncryptionAlgorithmNegotiation
     }
} # End of AllowSMIMEEncryptionAlgorithmNegotiation


function AllowSMIMESoftCerts {
     write-host " "
     write-host "Allow SMIME Soft Certs - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowSMIMESoftCerts
     write-host " "
     write-host  "Change Allow SMIME Soft Certs Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow SMIME Soft Certs to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMESoftCerts $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSMIMESoftCerts $false }

         write-host " "
         write-host "Allow SMIME Soft Certs - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowSMIMESoftCerts = $value.AllowSMIMESoftCerts
         $AllowSMIMESoftCerts
     }
} # End of AllowSMIMESoftCerts

function RequireEncryptedSMIMEMessages {
     write-host " "
     write-host "Require Encrypted SMIME Messages - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).RequireEncryptedSMIMEMessages
     write-host " "
     write-host  "Change Require Encrypted SMIME Messages Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Require Encrypted SMIME Messages to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptedSMIMEMessages $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptedSMIMEMessages $false }

         write-host " "
         write-host "Require Encrypted SMIME Messages - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $RequireEncryptedSMIMEMessages = $value.RequireEncryptedSMIMEMessages
         $RequireEncryptedSMIMEMessages
     }
} # End of RequireEncryptedSMIMEMessages


function RequireEncryptionSMIMEAlgorithm {
     write-host " "
     write-host "Require Encryption SMIME Algorithm - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).RequireEncryptionSMIMEAlgorithm
     write-host " "
     write-host  "Change Require Encryption SMIME Algorithm Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Require Encryption SMIME Algorithm to  (t) TripleDES, (d) DES, (2128) RC2128bit, (264) RC264bit or (240) RC240bit"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm TripleDES }
         if ($answer -eq "d") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm DES }
         if ($answer -eq "2128") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm RC2128bit }
         if ($answer -eq "264") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm RC264bit }
         if ($answer -eq "240") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireEncryptionSMIMEAlgorithm RC240bit }
         write-host " "
         write-host "Require Encryption SMIME Algorithm - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $RequireEncryptionSMIMEAlgorithm = $value.RequireEncryptionSMIMEAlgorithm
         $RequireEncryptionSMIMEAlgorithm
     }
} # End of RequireEncryptionSMIMEAlgorithm


function RequireSignedSMIMEAlgorithm {
     write-host " "
     write-host "Require Signed SMIME Algorithm - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).RequireSignedSMIMEAlgorithm
     write-host " "
     write-host  "Change Require Signed SMIME Algorithm Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Require Signed SMIME Algorithm to  (s) SHA1 or (m) MD5"
         if ($answer -eq "s") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEAlgorithm SHA1 }
         if ($answer -eq "m") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEAlgorithm MD5 }
         write-host " "
         write-host "Require Signed SMIME Algorithm - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $RequireSignedSMIMEAlgorithm = $value.RequireSignedSMIMEAlgorithm
         $RequireSignedSMIMEAlgorithm
     }
} # End of RequireSignedSMIMEAlgorithm

function RequireSignedSMIMEMessages {
     write-host " "
     write-host "Require Signed SMIME Messages - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).RequireSignedSMIMEMessages
     write-host " "
     write-host  "Change Require Signed SMIME Messages Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Require Signed SMIME Messages to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $false }

         write-host " "
         write-host "Require Signed SMIME Messages - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $RequireSignedSMIMEMessages = $value.RequireSignedSMIMEMessages
         $RequireSignedSMIMEMessages
     }
} # End of RequireSignedSMIMEMessages

# Configure General Setting
function isdefault {
write-host " "
     write-host "Is Default - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).IsDefault
     write-host " "
     write-host  "Change the IsDefault value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set IsDefault to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -isdefault $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -isdefault $false }
         write-host " "
         write-host "Is Default - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $IsDefault = $value.IsDefault
         $IsDefault
     }
} # End of IsDefault function

function Name {
write-host " "
     write-host "Policy Name - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).Name
     write-host " "
     write-host  "Change Policy Name? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
        $answer = read-host "What is the new name for the policy"
         get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -IsDefault $answer
         write-host " "
         write-host "Policy Name - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $name = $value.name
         $name
     }

} # End of Name funciton

function DevicePolicyRefreshInterval {
    write-host " "
     write-host "Device Policy Refresh Interval - Before:" -foregroundcolor green
     Get-MobileDeviceMailboxPolicy $policy |ft DevicePolicyRefreshInterval
     write-host " "
     write-host  "Change Device Policy Refresh Interval? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
        $answer = read-host "Enter a new Device Policy Refresh in this format [dd.hh:mm:ss]"
         get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -DevicePolicyRefreshInterval $answer
         write-host " "
         write-host "Device Policy Refresh - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         Get-MobileDeviceMailboxPolicy $policy |ft DevicePolicyRefreshInterval
     }
} # End of Device Policy Refresh

function AllowNonProvisionableDevices {
write-host " "
     write-host "Allow Non Provisionable Devices - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowNonProvisionableDevices
     write-host " "
     write-host  "Change Allow Non Provisionable Devices setting? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Require Signed SMIME Messages to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireSignedSMIMEMessages $false }
         write-host " "
         write-host "AllowNonProvisionableDevices - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         Get-MobileDeviceMailboxPolicy $policy |ft DevicePolicyRefreshInterval
         $AllowNonProvisionableDevices
     }
} # End of Non Provisional Devices

# Password Policy

function PasswordEnabled {
     write-host " "
     write-host "PasswordEnabled - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).PasswordEnabled
     write-host " "
     write-host  "Change PasswordEnabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set PasswordEnabled to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordEnabled $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordEnabled $false }

         write-host " "
         write-host "PasswordEnabled - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $PasswordEnabled = $value.PasswordEnabled
         $PasswordEnabled
     }
} # End of PasswordEnabled

function AllowSimplePassword {
     write-host " "
     write-host "Allow Simple Password - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AllowSimplePassword
     write-host " "
     write-host  "Change Allow Simple Password Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Allow Simple Password to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSimplePassword $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AllowSimplePassword $false }

         write-host " "
         write-host "Allow Simple Password - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AllowSimplePassword = $value.AllowSimplePassword
         $AllowSimplePassword
     }
} # End of AllowSimplePassword

function AlphanumericPasswordRequired {
     write-host " "
     write-host "Alphanumeric Password Required - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).AlphanumericPasswordRequired
     write-host " "
     write-host  "Change Alphanumeric Password Required Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Alphanumeric Password Required to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AlphanumericPasswordRequired $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -AlphanumericPasswordRequired $false }

         write-host " "
         write-host "Alphanumeric Password Required - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $AlphanumericPasswordRequired = $value.AlphanumericPasswordRequired
         $AlphanumericPasswordRequired
     }
} # End of AlphanumericPasswordRequired

function DeviceEncryptionEnabled {
     write-host " "
     write-host "Device Encryption Enabled - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).DeviceEncryptionEnabled
     write-host " "
     write-host  "Change Device Encryption Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Device Encryption Enabled to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -DeviceEncryptionEnabled $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -DeviceEncryptionEnabled $false }

         write-host " "
         write-host "Device Encryption Enabled - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $DeviceEncryptionEnabled = $value.DeviceEncryptionEnabled
         $DeviceEncryptionEnabled
     }
} # End of DeviceEncryptionEnabled

function PasswordRecoveryEnabled {
     write-host " "
     write-host "Password Recovery Enabled - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).PasswordRecoveryEnabled
     write-host " "
     write-host  "Change Password Recovery Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Password Recovery Enabled to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordRecoveryEnabled $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordRecoveryEnabled $false }

         write-host " "
         write-host "Password Recovery Enabled - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $PasswordRecoveryEnabled = $value.PasswordRecoveryEnabled
         $PasswordRecoveryEnabled
     }
} # End of PasswordRecoveryEnabled

function RequireDeviceEncryption {
     write-host " "
     write-host "Require Device Encryption - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).RequireDeviceEncryption
     write-host " "
     write-host  "Change Require Device Encryption Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Require Device Encryption to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireDeviceEncryption $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -RequireDeviceEncryption $false }

         write-host " "
         write-host "Require Device Encryption - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $RequireDeviceEncryption = $value.RequireDeviceEncryption
         $RequireDeviceEncryption
     }
} # End of RequireDeviceEncryption


function PasswordExpiration {
     write-host " "
     write-host "Password Expiration - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).PasswordExpiration
     write-host " "
     write-host  "Change Password Expiration Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Password Expiration to (u) Unlimited or [ddd.hh:mm:ss] day time format "
         if ($answer -eq "u") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordExpiration unlimited }
         if ($answer -ne "u") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordExpiration $answer }

         write-host " "
         write-host "Password Expiration - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $PasswordExpiration = $value.PasswordExpiration
         $PasswordExpiration
     }
} # End of PasswordExpiration

function PasswordHistory {
     write-host " "
     write-host "Password History - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).PasswordHistory
     write-host " "
     write-host  "Change Password History Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Password History to a number between 0 and 50 "
         get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -PasswordHistory $answer
         write-host " "
         write-host "Password History - After:" -foregroundcolor cyan
         (Get-MobileDeviceMailboxPolicy $policy).passwordhistory
     }
} # End of PasswordHistory

function MaxPasswordFailedAttempts {
     write-host " "
     write-host "Max Password Failed Attempts - Before:" -foregroundcolor green
     $value = Get-MobileDeviceMailboxPolicy $policy
     $value.MaxPasswordFailedAttempts
     write-host " "
     write-host  "Change Max Password Failed Attempts Value? [y or n] " -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
            write-host " "
            $answer = read-host "Set Max Password Failed Attempts to a number between 4 and 16"
            if (($answer -lt 4) -or ($answer -gt 16)) {write-host " ";write-host "The number is too small or too large. Please try it again." -ForegroundColor red
            } else { get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MaxPasswordFailedAttempts $answer }
            write-host " "
            write-host "Max Password Failed Attempts - After:" -foregroundcolor cyan
            (Get-MobileDeviceMailboxPolicy $policy).MaxPasswordFailedAttempts
     }
} # End of MaxPasswordFailedAttempts

function MinPasswordComplexCharacters {
     write-host " "
     write-host "Min Password Complex Characters - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).MinPasswordComplexCharacters
     write-host " "
     write-host  "Change Min Password Complex Characters Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Min Password Complex Characters to a number between 1 and 4"
         if ($answer -lt 5) {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MinPasswordComplexCharacters $answer }
         if ($answer -gt 4) {write-host " ";write-host "The number is too large. Please try it again." -ForegroundColor red }
         write-host " "
         write-host "Min Password Complex Characters - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $MinPasswordComplexCharacters = $value.MinPasswordComplexCharacters
         $MinPasswordComplexCharacters
     }
} # End of MinPasswordComplexCharacters

function MinPasswordLength {
     write-host " "
     write-host "Min Password Length - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).MinPasswordLength
     write-host " "
     write-host  "Change Min Password Length Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Min Password Length to a number between 1 and 16 "
         if ($answer -lt 17) {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MinPasswordLength $answer
         } else {write-host " ";write-host "The number is too large. Please try it again." -ForegroundColor red}
         write-host " "
         write-host "Min Password Length - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $MinPasswordLength = $value.MinPasswordLength
         $MinPasswordLength
     }
} # End of MinPasswordLength

function MaxInactivityTimeLock {
     write-host " "
     write-host "Max Inactivity Time Lock - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).MaxInactivityTimeLock
     write-host " "
     write-host  "Change Max Inactivity Time Lock Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set Max Inactivity Time Lock to a timespan in hours, minutes and seconds[hh:mm:ss]"
         get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -MaxInactivityTimeLock $answer
         write-host " "
         write-host "Max Inactivity Time Lock - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $MaxInactivityTimeLock = $value.MaxInactivityTimeLock
         $MaxInactivityTimeLock
     }
} # End of MaxInactivityTimeLock

function UNCAccessEnabled {
     write-host " "
     write-host "UNC Access Enabled - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).UNCAccessEnabled
     write-host " "
     write-host  "Change UNC Access Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set UNC Access Enabled to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UNCAccessEnabled $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -UNCAccessEnabled $false }

         write-host " "
         write-host "UNC Access Enabled - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $UNCAccessEnabled = $value.UNCAccessEnabled
         $UNCAccessEnabled
     }
} # End of UNCAccessEnabled

function WSSAccessEnabled {
     write-host " "
     write-host "WSS Access Enabled - Before:" -foregroundcolor green
     (Get-MobileDeviceMailboxPolicy $policy).WSSAccessEnabled
     write-host " "
     write-host  "Change WSS Access Enabled Value? [y or n]" -nonewline -ForegroundColor yellow; $set = read-host
     if ($set -eq "y") {
         $answer = read-host "Set WSS Access Enabled to (t) True or (f) False"
         if ($answer -eq "t") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -WSSAccessEnabled $true }
         if ($answer -eq "f") {get-MobileDeviceMailboxPolicy $policy | set-MobileDeviceMailboxPolicy -WSSAccessEnabled $false }

         write-host " "
         write-host "WSS Access Enabled - After:" -foregroundcolor cyan
         $value = Get-MobileDeviceMailboxPolicy $policy
         $WSSAccessEnabled = $value.WSSAccessEnabled
         $WSSAccessEnabled
     }
} # End of WSSAccessEnabled

# Each sub menu - which call the above functions

function ConfigureGeneralSettings {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu2
	    switch ($opt)    {
        1 {IsDefault}
        2 {Name}
        3 {DevicePolicyRefreshInterval}
        4 {AllowNonProvisionableDevices}
        5 {$opt = 5}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 5)
}

function ConfigureSyncSettings {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu4
	    switch ($opt)    {
        1 {AllowHTMLEmail}
        2 {MaxAttachmentSize}
        3 {MaxCalendarAgeFilter}
        4 {MaxEmailAgeFilter}
        5 {MaxEmailBodyTruncationSize}
        6 {MaxEmailHTMLBodyTruncationSize}
        7 {AttachmentsEnabled}
        8 {RequireManualSyncWhenRoaming}
        9 {$opt = 9}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 9)
}

function ConfigureDeviceSettings {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu5
	    switch ($opt)    {
        1 { AllowStorageCard }
        2 { AllowCamera }
        3 { AllowBluetooth }
        4 { AllowWiFi }
        5 { AllowInternetSharing }
        6 { AllowRemoteDesktop }
        7 { AllowDesktopSync }
        8 { RequireStorageCardEncryption }
        9 {$opt = 9}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 9)
}

function ConfgurePasswordPolicy {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu6
	    switch ($opt)    {
        1 {PasswordEnabled}
        2 {AllowSimplePassword}
        3 {AlphanumericPasswordRequired}
        4 {DeviceEncryptionEnabled}
        5 {PasswordExpiration}
        6 {PasswordHistory}
        7 {PasswordRecoveryEnabled}
        8 {RequireDeviceEncryption}
        9 {MaxPasswordFailedAttempts}
        10 {MinPasswordComplexCharacters}
        11 {MinPasswordLength}
        12 {MaxInactivityTimeLock}
        13 {$opt = 13}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 13)
}

function ConfigureDeviceApplications  {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu7
	    switch ($opt)    {
        
        1 {AllowBrowser}
        2 {AllowConsumerEmail}
        3 {AllowUnsignedApplications}
        4 {AllowUnsignedInstallationPackages}
        5 {write-host "Not ready";# ApprovedApplicationList
        }
        6 {write-host "Not ready";# UnapprovedInROMApplicationList
        }
        7 {$opt = 7}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 7)
}

function ConfigureDeviceFeatures {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu8
	    switch ($opt)    {

        1 {AllowExternalDeviceManagement}
        2 {AllowIrDA}
        3 {AllowPOPIMAPEmail}
        4 {AllowTextMessaging}
        5 {IrmEnabled}
        6 {$opt = 6}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 6)
}

function ConfigureFileAndSharePointAccess {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu9

	    switch ($opt)    {
        1 {UNCAccessEnabled}
        2 {WSSAccessEnabled}
        3 {$opt = 3}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 3)
}

function ConfigureDeviceSMIME {
    Do {
	    if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	    $opt = Read-Host $menu10
	    switch ($opt)    {

        1 {AllowSMIMEEncryptionAlgorithmNegotiation}
        2 {AllowSMIMESoftCerts}
        3 {RequireEncryptedSMIMEMessages}
        4 {RequireEncryptionSMIMEAlgorithm}
        5 {RequireSignedSMIMEAlgorithm}
        6 {RequireSignedSMIMEMessages}
        7 {$opt = 7}
        default {Write-Host "You haven't selected any of the available options. "}
            }
    } while ($opt -ne 7)
}

Do {
	if ($opt -ne "None") {Write-Host "Last command: "$opt -foregroundcolor Yellow}	
	$opt = Read-Host $menu

	switch ($opt)    {
     1 {write-host " "; write-host "Current Mobile Device Mailbox Policies:" -ForegroundColor cyan;(Get-MobileDeviceMailboxPolicy).name
        write-host " ";write-host "Which policy would you like to modify? "-ForegroundColor green -NoNewline
       $policy = read-host
       $value = Get-MobileDeviceMailboxPolicy $policy
       }
     2 { cls;ConfigureGeneralSettings }
     3 { cls;ConfigureSyncSettings }
     4 { cls;ConfigureDeviceSettings }
     5 { cls;ConfgurePasswordPolicy }
     6 { cls;ConfigureDeviceApplications }
     7 { cls;ConfigureDeviceFeatures }
     8 { cls;ConfigureFileAndSharePointAccess }
     9 { cls;ConfigureDeviceSMIME }

    99 {#	Exit
			popd
            $path = (Get-Item -Path ".\" -Verbose).FullName
            write-host " "
            write-host "Changes made are tracked in the Transcript file here: " -NoNewline
            write-host "$path\$strFilenameTranscript" -ForegroundColor green
            write-host " "
			Write-Host "Exiting..." -ForegroundColor Red
            write-host " "
			Stop-Transcript
		}
    default {Write-Host "You haven't selected any of the available options. "}
        }
} while ($opt -ne 99)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s