Solved

Restricting Outlook Anywhere to internal network

Posted on 2014-09-15
3
560 Views
Last Modified: 2014-09-16
I have two CAS/HT servers running Exchange 2007 SP3 Update Rollup 10 in the same site.  Only one of the CAS servers is accessible from the Internet and is used for OWA externally along with inbound/outbound email.  Currently Outlook Anywhere is disabled in our Exchange organization because we require two-factor authentication.  

To satisfy our two-factor needs with Outlook Anywhere, we plan to install a certificate on the client machine to be used for establishing a client VPN session with the corporate firewall (along with username/password).  Would it be best to enable Outlook Anywhere and use the internal host name of the other CAS server (not accessible from Internet) for Outlook Anywhere?  That way only clients with an internal IP address (and VPN clients) would be able to access it using the internal host name of the CAS server.  Does this sound like a good solution?  What is best practices for limiting Outlook Anywhere to internal clients that do not necessary have workstations that are part of the domain?
0
Comment
Question by:npdodge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Accepted Solution

by:
mrmark75 earned 500 total points
ID: 40324656
Your post is confusing or I'm just not understanding what you are doing.  The point of Outlook Anywhere is to be able to connect to exchange without the need to have a VPN connection. So if you disable Outlook Anywhere then the user will need a VPN connection to connect to exchange, and that's what is sounds like you want. Are you confusing Outlook Anywhere with Outlook Web Access here?
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 40324867
outlook anywhere is the default connection method once you hit exchange 2013 and was more prominent in 2013 vs using MAPI connections.

If you want to stop it connecting externally you could

- Set the external URL to one that is not resolvable outside of the internal network (doesn't have to be domain.local just no external DNS record)
or
- don't configure firewall rules to allow connections to outlook anywhere through (if you are using Outlook web access as the poster above talks about then you will have an issue as the function on the same ports)
0
 

Author Comment

by:npdodge
ID: 40325607
Thanks MrMark75 that makes completely sense.  We were so focused on Outlook Anywhere that we didn't think about that.  

Once we move to Exchange 2013, we will just leave the external URL blank.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXCHANGE, SPF 2 55
script to trace the email in Office365 4 52
Exchange 2013 fills up C drive with logs 4 29
Exchange 2010 certificate warning. 5 39
In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question