Enable or disable Outlook Anywhere (RPC-HTTP/MAPI-HTTP) in Exchange Server.

Outlook Anywhere History

When Exchange 2007 released with Outlook Anywhere it was Technically called RPC over HTTP (RPC/HTTP). Till that time, we used TCP/MAPI even both internal and external(VPN). Even though Exchange 2003 supports RPC/HTTP, it was completely a full reconfiguration of RPC components and configuration of certificate etc. In short, if you configure Outlook Anywhere all the users inside and outside the network can connect to the server without using a VPN. There is also a security risk on the same configuration if a client OS is compromised or a user's account has been compromised, then a copy can be downloaded to a PC on a remote PC.

In Exchange 2013 and higher versions, Outlook Anwhere (RPC/HTTP) is the default Protocol used to connect to the server even from an internal network. So if you disable RPC/HTTP Outlook will not connect to the server and shows disconnect. To allow internal access and block external access you should set -MAPIBlockOutlookExternalConnectivity to True.

In Exchange 2007 and higher versions, you can enable and disable Outlook Anywhere per mailbox, per database and the whole organization both internally and externally.

1. Disable Outlook Anywhere for single mailbox both internally and externally.

You can disable Outlook Anywhere on a single mailbox using the command shown below. This will disable both internal connectivity and external connectivity.

Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $True

1.a What if you want to enable Outlook Anywhere internally and block Outlook Anywhere access externally. i.e. External to your the Exchange server network.?

You can achieve that with the following command.

Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookExternalConnectivity $True

2. Disable Outlook Anywhere for all mailboxes in the organization.

You can disable Outlook Anywhere for your organization by running the following command. This will disable Outlook Anywhere for all of the mailboxes in your organization.

Get-Mailbox | Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $True

Note: In Exchange 2013 and higher versions, this command will disable Outlook from the internal network as well.

If you wish to disable Outlook Anywhere for the internet in Exchange 2013 or higher, just clear the external hostname and keep it blank.

3. Enable Outlook Anywhere for single mailbox.

You can enable Outlook Anywhere on a single mailbox using the following command.This will enable both internal and external connectivity. 

Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $True

3.a. What if you enabled Outlook Anywhere and block Outlook Anywhere access externally. I.e. External to your Exchange server network? 

Outlook will work only from the internal network. To make it available from the external network for that user, you have to ensure the external block is not set to True. Run the following command to check the external block.

Get-CasMailbox -identity user@domain.com | fl Identity,MAPIBlockOutlookExternalConnectivity

If it is set to True, run the following command to set the external block to False.

Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookExternalConnectivity $False

4. Enable Outlook Anywhere for all mailboxes in the organization.
In case you disabled Outlook Anywhere to all of the mailboxes in your organization, you can enable Outlook Anywhere for all the mailboxes by running the following command.

Get-Mailbox | Set-CasMailbox -identity user@domain.com -MAPIBlockOutlookRpcHttp $False

I hope this will help you to enable and disable Outlook Anwhere for your Exchange Organization.

Your comments are highly appreciated.
Cheers :))  MAS

I have written articles to cover the Exchange administration on all versions of Exchange (see below):

Count Mailboxes in your organization in Exchange2007 and higher versions.

To clear certificate error and set URLs in Exchange2007.

To clear certificate error and set URLs in Exchange2010.

To clear certificate error and set URLs in Exchange2013.

To clear certificate error and set URLs in Exchange2016.