Configure Outlook Client Blocking for Messaging Records Management

Applies to: Exchange Server 2010

In Microsoft Exchange Server 2010, you can use retention policies or managed folders for messaging records management (MRM). Only users running Microsoft Outlook 2010 have access to all client features for retention policies and managed folders. Users running Office Outlook 2007 have access only to managed folders. You can block users who are running incompatible versions of Outlook from accessing their Exchange mailboxes. You can also block access on a per-mailbox or on a per-mailbox server basis.

Looking for other management tasks related to MRM? Check out Deploying Messaging Records Management.

MRM Feature Availability by Client Application and Version

The following table lists the MRM features available in various client applications and versions.

MRM features

Client application Available MRM client features

Outlook 2010


Outlook 2007

Managed folders

Outlook 2003 Service Pack 2 (SP2) while connected to an Exchange server and working in online mode

The following applies:

  • Managed folder comments are displayed only when the user clicks the managed folder icon in the folder header or clicks View, and then clicks Policy.
  • Managed folder quotas are supported. Error messages appear when a folder exceeds the quota.

Outlook 2003 SP2 while disconnected from an Exchange server and working in Cached Exchange Mode

The following applies:

  • Managed custom folder icons are displayed.
  • Managed folder comments aren't displayed.
  • Managed folder quotas aren't supported. Specifically:
    • No folder quota error messages are displayed.
    • Folder quota information isn't synced with the Exchange server.

Outlook versions earlier than Outlook 2003 SP2


Other e-mail client software


The following table shows version numbers for Outlook.

Outlook versions

Outlook version Version number

Outlook 2010


Outlook 2007


Outlook 2003


Outlook 2002


Outlook 2000


Outlook 98


Outlook 97



Before making any changes, note that hotfixes and service pack releases may affect the client version string. Be careful when you restrict client access because server-side Exchange components must also use MAPI to log on. Some components report their client version as the component name (such as SMTP or OLE DB), while others report the Exchange build number (such as 6.0.4712.0). For this reason, avoid restricting clients that have version numbers that start with 6.<x.x.>. For example, to prevent MAPI access completely, instead of specifying 0.0.0-6.5535.65535.65535, specify the two ranges so that the server components can log on. For example, specify the following: 0.0.0-5.9.9; 7.0.0-.

After you perform these procedures, be aware that when users are blocked from accessing their mailboxes, they will receive the following warning message.

Your Exchange Server administrator has blocked the version of Outlook that you are using. Contact your administrator for assistance.

To bypass the warning that MRM features aren't supported for e-mail clients running versions of Outlook earlier than Outlook 2010, you can use the ManagedFolderMailboxPolicyAllowed parameter of the New-Mailbox, Enable-Mailbox, and Set-Mailbox cmdlets in the Shell. When a managed folder mailbox policy is assigned to a mailbox by using the ManagedFolderMailboxPolicy parameter, the warning appears by default unless you use the ManagedFolderMailboxPolicyAllowed parameter.

Use the Shell to block versions of Outlook on a per-mailbox basis

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "User mailboxes" entry in the Mailbox Permissions topic.


You can't use the EMC to block versions of Outlook on a per-mailbox basis.

This example blocks all Outlook versions earlier than 11.8010.8036.

Set-CASMailbox -Identity -MAPIBlockOutlookVersions "-11.8010.8036"

This example restores access to a mailbox that's blocked by a version of Outlook.

Set-CASMailbox -Identity -MAPIBlockOutlookVersion $null

For detailed syntax and parameter information, see Set-CASMailbox.

Use the Shell or Registry Editor to block Outlook versions on a per-server basis

The account you use to perform this procedure must be a member of the local administrators group on the server.

Use the Shell to block Outlook versions on a per-server basis

This example creates the Disable MAPI Clients registry value to block access to all mailboxes on an Exchange 2010 server for Outlook clients prior to version 14.0.0.


The value used for the Value parameter in this command is an example. You must determine the correct client version numbers. In Exchange 2010, you can use the Get-LogonStatistics cmdlet to retrieve the versions of MAPI clients that are connected to the mailbox database.

New-ItemProperty "HKLM:\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem" -Name "Disable MAPI Clients" -PropertyType String -Value "0.0.0-5.9.9, 14.0.0-"

For detailed syntax and parameter information, see New-ItemProperty.

Use Registry Editor to block Outlook versions on a per-server basis

This example blocks access to all mailboxes on an Exchange 2010 server for Outlook clients prior to a specified version number.


Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

  1. Start Registry Editor.
  2. Navigate to the following subkey.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\Disable MAPI Clients
    Create the Disable MAPI Clients registry value if it doesn't already exist. (Right-click ParametersSystem, point to New, and then select String Value.)
  3. Right-click Disable MAPI Client, and then click Modify.
  4. In Value data, type the Outlook version number you want to block (for example, 0.0.0-5.9.9; 7.0.0-).
  5. To make your changes effective immediately, restart the Exchange Information Store service.