Having trouble creating an ActiveSync Mailbox Policy to support your shiny new Windows Phone or Surface devices without checking the dreaded "AllowNonProvisionableDevices" setting? Well, let's see if I can help you out!
While it is documented that Windows devices only "support" certain policy settings:
http://support.microsoft.com/kb/2823900
There are SOME settings that can be configured that will prevent these devices from syncing AT ALL.
These settings are as follows:
-MaxCalendarAgeFilter
-MaxEmailAgeFilter
-AllowStorageCard
-WSSAccessEnabled
-UNCAccessEnabled
In my testing, I found that ANY of these settings being set to ANYTHING other than the values specified below will result in sync failure. I also included a sample of how I set the values using Exchange Management Shell:
Set-ActiveSyncMailboxPolicy $YourPolicy -MaxCalendarAgeFilter All
Set-ActiveSyncMailboxPolicy $YourPolicy -MaxEmailAgeFilter All
Set-ActivesSyncMailboxPolicy $YourPolicy -AllowStorageCard $true
Set-ActivesSyncMailboxPolicy $YourPolicy -WSSAccessEnabled $false
Set-ActivesSyncMailboxPolicy $YourPolicy -UNCAccessEnabled $false
See http://help.outlook.com/en-us/140/cc952755.aspx for instructions on connecting to EMS via Remote Powershell. Enjoy!
Here is the final, working policy that I came up with:
Many thanks to Jamie Tsottles for assisting with this post and verifying the veracity of the content :)