MAPI and Outlook Anywhere

MAPI:

MAPI uses RPC port 135 and some random high ranged ports by default although you can lock these down. MAPI works fine for internal users and Users connecting from the outside via VPN but it wont work from the outside , but Why?

First of all its not recommended because opening RPC port 135 for external users makes a great attack surface. lets say you forwarded 135 , locked down the highranged random ports and forwarded them too. It probably wont work because many ISPs blocked the 135 port due to security risks.

Anyway MAPI is a great protocol for internal use and has great performance. 

Outlook Anywhere:

Outlook Anywhere AKA RPCoverHTTP is a protocol that can be used for both internal and external users. Outlook anywhere requires valid Certificate to work and it will securely connect external users. it also fixes the security issue with RPC port by "RPC over HTTP" :P

Now which protocol the client is using? 

to find out Hold down control key and right click the outlook icon on taskbar and click connection status.

Now look at the "Conn" column , if its TCP/IP the client is using MAPI

If its HTTPS the client is using Outlook Anywhere.