Hi,

I need to restrict a specific user to only use OWA for email access (but still has to be able to send and receive), so I can disable POP, MAPI, IMAP, but what about SMTP receive connector? How can I achieve this? 

Thanks

You can do that using Set-CasMailbox.

https://technet.microsoft.com/en-us/library/bb125264%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

There is no SMTP receive connector that is mailbox-specific, so you don't have to worry about that.  I don't see any parameter that restricts whether a user can sent authenticated SMTP

Thanks Ed,

But that's the problem, the user will still be allowed to connect to smtp receive connector and send email... even if I disable all features with set-CasMailbox

Thanks Ed,

But that's the problem, the user will still be allowed to connect to smtp receive connector and send email... even if I disable all features with set-CasMailbox

Do you not want the user to be able to send email?  If that's the case create a transport rule to either drop all mail from that user.

Yeah, but that would drop mail sent via OWA.

Will this user actually try to connect with a POP or IMAP client, which they will be unable to use to retrieve e-mail, and still try to send?  That would surprise me.  I suspect that what Set-CasMailbox gives you will be enough.

Check the mail box features

The computer and mobile phone is compromised with trojans, and other stuff.

SO. in the meantime that is cleaned:

I need to only allow OWA access. the user has to be able to send and receive email, but only using OWA UI. do you understand the reason now? THANKS

• Edited by AndresGorzelany 18 hours 12 minutes ago typo

The computer and mobile phone is compromised with trojans, and other stuff.

SO. in the meantime that is cleaned:

I need to only allow OWA access. the user has to be able to send and receive email, but only using OWA UI. do you understand the reason now? THANKS

ok, then Ed's suggestion about using Set-CasMailbox will do the job you are looking for.

Set-CASMailbox <user> -MAPIEnabled $false -ActiveSyncEnabled $false -OWAEnabled $true

The command above will disable access to the Mailbox via Outlook and ActiveSync and make sure OWA is enabled.

You can lock down your receive connectors so that only trusted IP addresses are allowed to submit.  If you have problems with malware, that is probably a prudent course of action.

The computer and mobile phone is compromised with trojans, and other stuff.

SO. in the meantime that is cleaned:

I need to only allow OWA access. the user has to be able to send and receive email, but only using OWA UI. do you understand the reason now? THANKS

• Edited by AndresGorzelany Wednesday, July 08, 2015 1:16 PM typo

IP changes all the time Ed. Thanks

Will try that, sorry me but I still think that will be able to connect through SMTP, because I did not restrict it from there... will try and let you know. thanks

I confirm that using set-casMailbox you can not do what I need to do.

Why not fix the IP addresses of hosts allowed to send SMTP?