Are you using a load balancer or reverse proxy? Thats probably the best place to block access to the mapi/Outlook Anywhere virtual dirs externally.
You could also look at IP restrictions on the virtual dirs in IIS. Can't tell if that will work or if its supported.
Exchange 2016
Hello
I already delete Exchange outlookanywhere external link virtual directory but still users have access to outlook from outside.
I have Exchange 2016 last cu.
I want to disable outlook from outside ,what is the recommended way?
Thanks
3 answers
Sort by: Most helpful
-
Andy David - MVP 142.7K Reputation points MVP
2020-12-29T22:09:50.277+00:00 -
Jon Alfred Smith 541 Reputation points
2020-12-29T21:03:58.433+00:00 I don't have a local Exchange server anymore. So I cannot test this. Perhaps this will work:
Set-CasMailbox -identity user@keyman .com -MAPIBlockOutlookExternalConnectivity $TrueWith Exchange 2016 Outlook should connect with MAPI over HTTPS, not RPC over HTTPS anymore.
Don't know your configuration. Make sure there is no RPC over HTTPS, only MAPI over HTTPS.
Ctrl+Right-Click on Outlook in the System Tray. See how Outlook connects.Now, if it works withe Set-CasMailbox, I'll leave it at your own scrutiny to disable all users.
-
Eric Yin-MSFT 4,386 Reputation points
2020-12-30T07:47:53.417+00:00 Agree with Andy, you should block the external connections on the reverse proxy.
Externally autodiscover will most likely show users what to connect to. You probably want to be external and try to look at what autodiscover is handing out.
Now run the following command on your server, does it show like this?Get-outlookanywhere| fl *host*
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.