So you want to block those insecure Android devices from connecting to OWA? Are you using TMG? No problem.
Right click your OWA publishing rule & select Configure HTTP.
Select the Signatures tab & click Add.
In the Name field type Android. In the Description field type Android devices. In the Search in drop-down select Request headers. In the HTTP header field type user-agent. In the Signature field type Android. Click OK.
Apply the change to TMG.
Now if you try to browse to OWA from an Android device you will get an error that says, “Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)”
Now tell those users to go get a much better Windows Phone 8 device.
Use this LDAP query to determine which accounts (enabled or disabled) have OWA access.
Open ADUC. Right click the domain & select Find. Select Custom Search from the Find dropdown. Select the Advanced tab. In the Enter LDAP query textbox type the LDAP query below: