Solved

Restricting Outlook Anywhere to internal network

Posted on 2014-09-15
3
567 Views
Last Modified: 2014-09-16
I have two CAS/HT servers running Exchange 2007 SP3 Update Rollup 10 in the same site.  Only one of the CAS servers is accessible from the Internet and is used for OWA externally along with inbound/outbound email.  Currently Outlook Anywhere is disabled in our Exchange organization because we require two-factor authentication.  

To satisfy our two-factor needs with Outlook Anywhere, we plan to install a certificate on the client machine to be used for establishing a client VPN session with the corporate firewall (along with username/password).  Would it be best to enable Outlook Anywhere and use the internal host name of the other CAS server (not accessible from Internet) for Outlook Anywhere?  That way only clients with an internal IP address (and VPN clients) would be able to access it using the internal host name of the CAS server.  Does this sound like a good solution?  What is best practices for limiting Outlook Anywhere to internal clients that do not necessary have workstations that are part of the domain?
0
Comment
Question by:npdodge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Accepted Solution

by:
mrmark75 earned 500 total points
ID: 40324656
Your post is confusing or I'm just not understanding what you are doing.  The point of Outlook Anywhere is to be able to connect to exchange without the need to have a VPN connection. So if you disable Outlook Anywhere then the user will need a VPN connection to connect to exchange, and that's what is sounds like you want. Are you confusing Outlook Anywhere with Outlook Web Access here?
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 40324867
outlook anywhere is the default connection method once you hit exchange 2013 and was more prominent in 2013 vs using MAPI connections.

If you want to stop it connecting externally you could

- Set the external URL to one that is not resolvable outside of the internal network (doesn't have to be domain.local just no external DNS record)
or
- don't configure firewall rules to allow connections to outlook anywhere through (if you are using Outlook web access as the poster above talks about then you will have an issue as the function on the same ports)
0
 

Author Comment

by:npdodge
ID: 40325607
Thanks MrMark75 that makes completely sense.  We were so focused on Outlook Anywhere that we didn't think about that.  

Once we move to Exchange 2013, we will just leave the external URL blank.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month10 days, 7 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question