Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

limit mailbox access to owa for a group of internal people

Posted on 2016-10-07
16
Medium Priority
?
140 Views
Last Modified: 2016-10-07
Hello Team,

Please suggest,

how to configure mailboxes for a set of users to have it only allowed to be opened via OWA. No outlook access should be provided for the same for Exchange on premises

we have exchange 2013

Thanks,
andy
0
Comment
Question by:Addy Nadia
  • 8
  • 6
  • 2
16 Comments
 
LVL 7

Expert Comment

by:Andy
ID: 41833149
Hi Navi,

If you need to disable OWA access to all user In your organization In one go or In bulk you can use Exchange Poweshell, here are a few examples.

To disable OWA open EMS and type:
Get-Mailbox -ResultSize unlimited |Set-CASMailbox -OWAEnabled $false

To enable it back to all users type:
Get-Mailbox -ResultSize unlimited |Set-CASMailbox -OWAEnabled $true

Or in bulk you could use something like:
Import-CSV c:\temp\users.csv | Foreach-Object
{
  Write-host -NoNewLine "Disabling OWA for $_.samaccountname"
  Set-CASMailbox -SamAccountName $_.samaccountname -OWAEnabled $False
}

Test the script first to ensure correct output/names using:
Import-CSV c:\temp\users.csv | Foreach-Object
{
  Write-host -NoNewLine "Disabling OWA for $_.samaccountname"
}

You could also set a mailbox store with OWA disabled using and use a particular store only for enabled users:
Get-Mailbox | Where {$_.Database -eq "EXCHSRV\SG1\MBX1"} | Set-CASMailbox -owaenabled:$false



As always, test any changes on a couple of users first.
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41833154
thanks for reply
can you recheck the question. i want to set for certain users to access owa but not outlook
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 7

Expert Comment

by:Andy
ID: 41833172
Hi,
The solutions I responded with are all to disable OWA, not outlook hence the command
"-owaenabled:$false"

Each mailbox has the option of OWA enabled or disabled

The same can be done via the EAC to enable or disable Outlook Web App for individual users:
1. In the EAC, navigate to Recipients > Mailboxes.
2. In the list of user mailboxes, click the mailbox that you want to enable or disable Outlook Web App for, and then click Edit Edit icon.
3. On the mailbox properties page, click Mailbox Features.
4. Under Email Connectivity, do one of the following:
To disable Outlook Web App, under Outlook Web App: Enabled, click Disable.
To enable Outlook Web App, under Outlook Web App: Disabled, click Enable.
Click Save

As well as the powershell scripts, you can also use Outlook Web App mailbox policies as described in the following technet article:
https://technet.microsoft.com/en-us/library/dd335142(v=exchg.150).aspx
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41833174
Hello,

I dont want to disable OWA, only outlook need to be restrict .

so will mapi disable in Mapi features in EAC, will work for this request

Thanks,
Andy
0
 
LVL 27

Expert Comment

by:MAS
ID: 41833176
You will have to stop MAPI, POP, IMAP for outlook to stop working.
Attached reference in my previous post.
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41833177
ok i will get back to you both.. thanks
let me know more suggestions
0
 
LVL 7

Accepted Solution

by:
Andy earned 2000 total points
ID: 41833186
Instead of Set-CASMailbox -owaenabled:$false in the scripts, use:

Set-CASMailbox -ImapEnabled:$false -MAPIEnabled:$false -PopEnabled:$false

Leaving OWAEnabled as true
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41833198
can we configure this asper policy for a certain group on mailbox provisioning ? eg if he is on a group or if he is on a a distribution list

Please suggest, if we can apply as per policy and assign to users
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41833208
i mean to disable this mapi feature on mailboxes, can we create a policy and applied on certain group or DL

if yes , can you suggest steps for the policy creation or any article  that suggesting this
0
 
LVL 7

Expert Comment

by:Andy
ID: 41833234
I don't believe there is a way to manage features based on groups or DL.

Only thing I can think of is to have a MAPI disabled Mailbox Store so you can have one for enabled MAPI users and one for disabled MAPI users so you could try this on a mailbox store you wish to disable MAPI:

Get-Mailbox | Where {$_.Database -eq "EXCHSRV\SG1\MBX1"} | Set-CASMailbox -mapienabled:$false
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41833237
i mean, can we create any policy in exchange and get that applied on DL or Group

for mailbox features-mapi disable, might be there is some policy ??
0
 
LVL 7

Expert Comment

by:Andy
ID: 41833252
No, I don't believe that is possible.
0
 
LVL 5

Author Comment

by:Addy Nadia
ID: 41833393
i think there would be any mailbox policy to achieve this. ?

we just simply need to disable the MAPI feature through Policy and get that applied on Group
0
 
LVL 7

Expert Comment

by:Andy
ID: 41833405
No, as I said I don't believe this is possible. However, the following article may also help with setting defaults in addition to my suggested scripts (bear in mind this is for Exchange 2010, should be the same but check for Exchange 2013):

https://www.experts-exchange.com/questions/27287937/Exchange-2010-Disable-Mailbox-Features-by-default.html
0
 
LVL 5

Author Closing Comment

by:Addy Nadia
ID: 41833455
Thanks
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question