Outlook Anywhere History
When Exchange 2007 released with Outlook Anywhere it was Technically called RPC over HTTP (RPC/HTTP). Till that time, we used TCP/MAPI even both internal and external(VPN). Even though Exchange 2003 supports RPC/HTTP, it was completely a full reconfiguration of RPC components and configuration of certificate etc. In short, if you configure Outlook Anywhere all the users inside and outside the network can connect to the server without using a VPN. There is also a security risk on the same configuration if a client OS is compromised or a user's account has been compromised, then a copy can be downloaded to a PC on a remote PC.
In Exchange 2013 and higher versions, Outlook Anwhere (RPC/HTTP) is the default Protocol used to connect to the server even from an internal network. So if you disable RPC/HTTP Outlook will not connect to the server and shows disconnect. To allow internal access and block external access you should set -MAPIBlockOutlookExternalConnectivity to True.
In Exchange 2007 and higher versions, you can enable and disable Outlook Anywhere per mailbox, per database and the whole organization both internally and externally.
1. Disable Outlook Anywhere for single mailbox both internally and externally.
Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $True
1.a What if you want to enable Outlook Anywhere internally and block Outlook Anywhere access externally. i.e. External to your the Exchange server network.?
Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookExternalConnectivity $True
2. Disable Outlook Anywhere for all mailboxes in the organization.
You can disable Outlook Anywhere for your organization by running the following command. This will disable Outlook Anywhere for all of the mailboxes in your organization.
Get-Mailbox | Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $True
Note: In Exchange 2013 and higher versions, this command will disable Outlook from the internal network as well.
If you wish to disable Outlook Anywhere for the internet in Exchange 2013 or higher, just clear the external hostname and keep it blank.3. Enable Outlook Anywhere for single mailbox.
You can enable Outlook Anywhere on a single mailbox using the following command.This will enable both internal and external connectivity.Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $True
3.a. What if you enabled Outlook Anywhere and block Outlook Anywhere access externally. I.e. External to your Exchange server network?
Outlook will work only from the internal network. To make it available from the external network for that user, you have to ensure the external block is not set to True. Run the following command to check the external block.
Get-CasMailbox -identity user@domain.com | fl Identity,MAPIBlockOutlookExternalConnectivity
Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookExternalConnectivity $False
Get-Mailbox | Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $False
I have written articles to cover the Exchange administration on all versions of Exchange (see below):
To clear certificate error and set URLs in Exchange2007.
To clear certificate error and set URLs in Exchange2010.
To clear certificate error and set URLs in Exchange2013.
To clear certificate error and set URLs in Exchange2016.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (4)
Author
Commented:Author
Commented:I will delete this and add these points in my Exchange 2016 article and republish.
What do you think?
Thanks
MAS
Commented:
Author
Commented::))
MAS