1 min read

Managing Outlook Anywhere Per User

When Exchange 2003 came out, it offered Outlook Anywhere, although it was called “RPC/HTTPS”. This was an all or nothing service. In other words, if you set up Outlook Anywhere on the server then every user was able to use it. This poses a data security risk because users could connect to their mailbox from any Outlook client and download a copy of their mailbox, without using VPN or any other security checks on the remote system.

In Exchange 2007 (after SP1) and 2010, Outlook Anywhere permissions and capabilities are more granular.  You can set up Outlook Anywhere within the environment and then limit the ability on a per user basis. 

This must be configured using Exchange Management Shell.  Here is the PowerShell cmdlet to Outlook Anywhere for a single mailbox: Get-Mailbox –Identity <mailbox> | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True

Of course, most of us work in larger environments and this would be difficult to run once for each mailbox.  There are a couple of approaches you could take to handle this.  I will cover two.

  • Disable Outlook Anywhere for All Mailboxes and Enable Specific Mailboxes
  • Disable Specific Mailboxes

Each method is similar in it’s application.


Disable Outlook Anywhere for All Mailboxes and Enable Specific Mailboxes:

  1. If you want to disable it for all users: Get-Mailbox –ResultSize Unlimited | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True
  2. Enable specific mailboxes for Outlook Anywhere:

    Get-Mailbox –Identity <mailbox> | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False


Disable Specific Mailboxes

  1. Create a text file with a list of users you would like to disable, each on a separate line.
  2. Save the file to a central location (I usually create a “C:scripts” folder on my Exchange servers, so they are easily accessible).  (ex. C:ScriptsDisableOAMailboxes.txt).
  3. Create a script to call the text file, read the mailbox names and change their CAS Mailbox settings:

    $Mailboxes = Get-Content “C:ScriptsDisableOAMailbox.txt” Foreach ($Mailbox in $Mailboxes) { Set-CASMailbox -Identity $Mailbox -MAPIBlockOutlookRpcHttp:$true -Verbose }


Everything to Know About Cloud VDI and Azure Virtual Desktop

By now, most of us have experienced some form of remote work, whether it was during the height of the pandemic or now in the midst of the hybrid work...

What's New in SQL Server 2022 – Licensing Updates

SQL Server 2022 is now generally available and with it come some licensing changes you need to be aware of. Microsoft also announced that SQL Server...

Azure Modernization Assessment: Building a Robust Cloud-Ecosystem Starts Here

The pandemic may have accelerated the cloud journey trend, but cloud momentum isn’t slowing down anytime soon. Cloud adoption increased 25% in the...