When Exchange 2003 came out, it offered Outlook Anywhere, although it was called “RPC/HTTPS”. This was an all or nothing service. In other words, if you set up Outlook Anywhere on the server then every user was able to use it. This poses a data security risk because users could connect to their mailbox from any Outlook client and download a copy of their mailbox, without using VPN or any other security checks on the remote system.
In Exchange 2007 (after SP1) and 2010, Outlook Anywhere permissions and capabilities are more granular. You can set up Outlook Anywhere within the environment and then limit the ability on a per user basis.
This must be configured using Exchange Management Shell. Here is the PowerShell cmdlet to Outlook Anywhere for a single mailbox: Get-Mailbox –Identity <mailbox> | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True
Of course, most of us work in larger environments and this would be difficult to run once for each mailbox. There are a couple of approaches you could take to handle this. I will cover two.
Each method is similar in it’s application.
Disable Outlook Anywhere for All Mailboxes and Enable Specific Mailboxes:
Get-Mailbox –Identity <mailbox> | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False
Disable Specific Mailboxes
$Mailboxes = Get-Content “C:ScriptsDisableOAMailbox.txt” Foreach ($Mailbox in $Mailboxes) { Set-CASMailbox -Identity $Mailbox -MAPIBlockOutlookRpcHttp:$true -Verbose }
http://blogs.catapultsystems.com/drowe/archive/2012/09/21/managing-outlook-anywhere-per-user.aspx