Picture this scenario:

You have a poor performing employee at your company, let's call him Joe.  Joe receives company email on his personal phone and due to his poor performance, he has been fired.  You as the System Administrator did everything correctly, disabling his account and then disabling ActiveSync, MAPI, and OWA access to his mailbox.  You even delete the mobile devices from Joe's mailbox.

Now, it is a month later and your new, just installed security threat management solution shows an excessive number of failed logins on your Exchange server.  The report's Username field reads "Unknown, Joe, Servername$".  Wait a minute, why is Joe still trying to access the Exchange server?  Is he trying to hack us? Does he want to do something malicious?  The most likely answer is that he simply forgot to delete his ex-company's email profile from his phone. 

So, the question is, how do you prevent Joe's phone from trying to access your Exchange server with his user account and causing the execs to panic thinking Joe is trying to hack the company?

Nobody tries to hack you using a phone.  He probably never deleted his profile so it's constantly trying to connect.

You could re-enable his account and then wipe his device once it connects.

Nobody tries to hack you using a phone.  He probably never deleted his profile so it's constantly trying to connect.

You could re-enable his account and then wipe his device once it con

Hi Aridaen,

Thank you for your question.

Did Eds suggestion solve your problem?

We could also disconnect this phone to check if issue persist. Those solution will help you check if this issue was caused by this phone.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim