I have recently come across an issue where a device status was Blocked. It was Allowed from Exchange Online portal but after refreshing it, it goes back to the Blocked state.
I ran the following command on exchange power shell to find out the device ID of the device that was in Blocked status. Make a note of that device id.
Get-ActiveSyncDeviceStatistics -mailbox EmailAdress| select deviceuseragent, deviceaccessstate,deviceid
Run the following command to check if the above noted device id is in Allowed Device IDs. In my case, the above noted device ID was already in the Allowed Device IDs but device was still in Blocked status.
Get-CASMailbox -Identity EmailID | fl activesync*
I removed the ID from Allowed Device IDs and then re-added it and that fixed the issue.
Set-CASMailbox -Identity EmailID – ActiveSyncAllowedDeviceIDs @{remove=’xxxxxxxxxxxxx’}
Set-CASMailbox -Identity EmailID -ActiveSyncAllowedDeviceIDs @{add=’xxxxxxxxxxxxxx’}
Salman Tariq
SalmanTechBlogs 
Leave a comment