Hi

We have an Exchange 2010 setup, soon it will be Exchange 2013.

The scenario is:

We want users to use OA externally.

We don't want users to connect from any client they want e.g. private Mac Mail og home computer.
We want to control which device/client they connect with.

Is that possible?

I miss the possibilities to control OA the same way as AS where I can control how many "partnerships", what version of the client, app and so on.

Is there any way to control that with Outlook Anywhere? I can't see it, but the customer wants this sollution.

BR
Steen

• Edited by steenpedersen Tuesday, March 03, 2015 12:05 PM

there is no direct way to block it but here is a way to tweak it

https://social.technet.microsoft.com/Forums/exchange/en-US/0b2f9c8a-aaa2-4dba-8c8c-c14ed1f05730/disabling-outlook-anywhere-for-external-users-with-exchange-2013?forum=exchangesvrclients

Hi and thanks

We don't want to block it. Then we would also have other methods, but we want to control who is connecting.

We don't want people to go to the library and connect through a public pc.

In that case we would only want them to run online mode so no data is cached.

BR

Steen

• Edited by steenpedersen Tuesday, March 03, 2015 1:34 PM

it can either be enable or disabled for all.

there is an option in outlook to disable cache mode but again if the user is smart they can turn it on. if the machine is domain joined then you can control it via GPO.

I'd use the workaround to9 block outlook anywhere and give only OWA access, don't know if any other solution exists.

Thanks.

Thats a disaster :-)

All that "data loss prevention" and then the user can just go buy a random PC and setup Outlook :-) Then we have no control of the data.

BR
Steen

Hi Steen,

Based on my knowledge, we can use Set-CASMailbox cmdlet with ActiveSyncBlockedDeviceIDs parameter to make one or more Exchange ActiveSync device IDs aren't allowed to synchronize with the mailbox.

As ExchangeITPro mentioned, we can also control them via GPO is the devices are domain-joined.

Unfortunately, I don't know how to control the unauthenticated clients like yours

 

Thanks

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Hi Mavis

Thanks for your answer.

This is not about ActiveSync but Outlook Anywhere. I miss the same control I have for ActiveSync devices for my Outlook Anywhere users.

If I open for Outlook Anywhere externally. Then I have no control over the users and devices.
They can go and buy a randomo PC and setup their mail account and then we have all the confidential data on a PC where we have no control. It is a security breach.

They can even go to the library and start up Outlook on a public PC and then their complete mailbox is on the pc in the OST. 

BR
Steen