Link to home
Start Free TrialLog in
Avatar of Mark Gould
Mark GouldFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Disable access to Exchange 2016 REMOTELY from Outlook 2013/16 for some users

We need the ability for certain users to use Outlook remotely with MAPI over HTTPS
We need ALL users to be able to use Outlook on the LAN
Our internal and external Autodiscover URL addresses are the same as is recommended good practice
Single server

Unless a user has explicitly been enabled for remote MAPI access, I would like to block it

How can I do this?
Avatar of Mark Gould
Mark Gould
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

In Exchange Server 2016 - https://technet.microsoft.com/library/mt634322 

In addition, you can use the MapiBlockOutlookExternalConnectivity parameter with Set-Casmailbox to allow or deny external connections to a mailbox through Outlook Anywhere or MAPI over HTTP. True will allow only internal connections to the mailbox. False is the default setting.

Alas this does not work rather strangly
ASKER CERTIFIED SOLUTION
Avatar of Peter Hutchison
Peter Hutchison
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
But when I change the internal URL to in this case internalserver.internaldomain.local, I get SSL warnings on the clients as I can't  assign a verified SSL certificate to the internalserver name.

How would I do this?
I assume I could have

mail.domain.com having both internal and external DNS as the external MAPI
mailserver1.domain.com having internal DNS only as the internal MAPI

Would that work
Answering my own questions here

YES, providing the MAPI internal and External are different
Alas this did not work, we were finding that users with the MapiBlockOutlookExternalConnectivity  set to false were only being served the internal MAPI address and not the external address which makes no sense.

They are the correct way round in Exchange