Solved

Restricting Outlook Anywhere to internal network

Posted on 2014-09-15
3
555 Views
Last Modified: 2014-09-16
I have two CAS/HT servers running Exchange 2007 SP3 Update Rollup 10 in the same site.  Only one of the CAS servers is accessible from the Internet and is used for OWA externally along with inbound/outbound email.  Currently Outlook Anywhere is disabled in our Exchange organization because we require two-factor authentication.  

To satisfy our two-factor needs with Outlook Anywhere, we plan to install a certificate on the client machine to be used for establishing a client VPN session with the corporate firewall (along with username/password).  Would it be best to enable Outlook Anywhere and use the internal host name of the other CAS server (not accessible from Internet) for Outlook Anywhere?  That way only clients with an internal IP address (and VPN clients) would be able to access it using the internal host name of the CAS server.  Does this sound like a good solution?  What is best practices for limiting Outlook Anywhere to internal clients that do not necessary have workstations that are part of the domain?
0
Comment
Question by:npdodge
3 Comments
 
LVL 3

Accepted Solution

by:
mrmark75 earned 500 total points
ID: 40324656
Your post is confusing or I'm just not understanding what you are doing.  The point of Outlook Anywhere is to be able to connect to exchange without the need to have a VPN connection. So if you disable Outlook Anywhere then the user will need a VPN connection to connect to exchange, and that's what is sounds like you want. Are you confusing Outlook Anywhere with Outlook Web Access here?
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 40324867
outlook anywhere is the default connection method once you hit exchange 2013 and was more prominent in 2013 vs using MAPI connections.

If you want to stop it connecting externally you could

- Set the external URL to one that is not resolvable outside of the internal network (doesn't have to be domain.local just no external DNS record)
or
- don't configure firewall rules to allow connections to outlook anywhere through (if you are using Outlook web access as the poster above talks about then you will have an issue as the function on the same ports)
0
 

Author Comment

by:npdodge
ID: 40325607
Thanks MrMark75 that makes completely sense.  We were so focused on Outlook Anywhere that we didn't think about that.  

Once we move to Exchange 2013, we will just leave the external URL blank.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question