Hi All, may I know is there any way to restrict the access of an mailbox outside our office? meaning the mailbox is only able to access inside our office network, including Outlook, OWA, etc... Thank you very much !!

1. This should be the case by default if you haven't published OWA externally and setup autodiscover externally on the public DNS servers. So users should not be able to access the mailbox.Sukh

Block the ports 80\443 on the firewall this will stop OWA, activesync, and Outlook Anywhere access. If you mean single user, go into the mailbox properties and disable OWA. For Outlook anywhere: Get-Mailbox –Identity <username> | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Block the ports 80\443 on the firewall this will stop OWA, activesync, and Outlook Anywhere access. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com may want to fine tune this with source/destination IP or inbound traffic or something similar otherwsie you may knock out normal HTTP traffic if youre hosting web servers or web browsing. Sukh

Thank you all, after read all your reply, I'm apologies that I forgot to mention the restriction should only apply on certain users, so those users can only access their mailbox inside the office network, but they are not able to access to their mailbox if using outside the office network. Any idea?

Well you can do activesycn and OA using the set-casmailbox, OWA may be a little tricky but there's a post here somewhere whereby you can set an ACL of deny for thoses users on the CAS server virtual directory so these uses cant access OWA externally. Also I assume you're talking about exch 2007/2010 here and not 2003.Sukh

There is no real "supported" method if you're not using a proxy such as TMG\UAG to grant per user priveledges to externally publishes URLs. You can muck around with denying ACLs on your internet facing CAS or your denying local on locally\deny access to this computer from the network to this user; however you need to be weary if you do this just because it's your internet facing CAS doesn't necessarily mean that it won't be used internally by the user depending on how many CAS servers you have, topology setup for CAS to CAS proxy etc.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hi, What is the version of your Exchange server? Do you have any update? Thanks Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.