This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 75%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Hello
I already delete Exchange outlookanywhere external link virtual directory but still users have access to outlook from outside.
I have Exchange 2016 last cu.
I want to disable outlook from outside ,what is the recommended way?
Thanks
Are you using a load balancer or reverse proxy? Thats probably the best place to block access to the mapi/Outlook Anywhere virtual dirs externally.
You could also look at IP restrictions on the virtual dirs in IIS. Can't tell if that will work or if its supported.
I don't have a local Exchange server anymore. So I cannot test this. Perhaps this will work:
Set-CasMailbox -identity user@keyman .com -MAPIBlockOutlookExternalConnectivity $True
With Exchange 2016 Outlook should connect with MAPI over HTTPS, not RPC over HTTPS anymore.
Don't know your configuration. Make sure there is no RPC over HTTPS, only MAPI over HTTPS.
Ctrl+Right-Click on Outlook in the System Tray. See how Outlook connects.
Now, if it works withe Set-CasMailbox, I'll leave it at your own scrutiny to disable all users.
Unfortunately, that will block more than just outlook anywhere :(
It also wont work if using Split DNS.
yes , it is happen with me so please what are your suggestions?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 82%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)
Agree with Andy, you should block the external connections on the reverse proxy.
Externally autodiscover will most likely show users what to connect to. You probably want to be external and try to look at what autodiscover is handing out.
Now run the following command on your server, does it show like this?
Get-outlookanywhere| fl *host*
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
yes it is showing the same , there is no external link for outlook anywhere
If the external clients can resolve and contact the internal FQDN, then removing the external Host Name wont work.
Is your question answered? Please mark any as accepted if so.
Hi,
Make sure your internal FQDN cannot be resolved from external.
Have your tried with the reverse proxy? Create a rule to block any traffic hitting external F5 then they cannot access mapi and rpc over http.