Why using MAPIBlockOutlookExternalConnectivity is a bad idea

A while ago we had a special request: For a dedicated AD site, only a subset of users should be able to access their mailbox with Outlook for Windows from outside the corporate network. My first thoughts were this is not possible. I wasn’t aware of any setting to limit Outlook Anywhere or MapiHttp external access on user base.

But we were told by a PFE that there is a way:

Combining MAPI over HTTP configurations and internal or external connections

There is always something new, you can learn!

We did some testing and the results were very promising. So we were able to fulfill the request.

But the description of Set-CASMailbox for the parameter MAPIBlockOutlookExternalConnectivity and the article doesn’t reflect all consequences and soon we received a lot of complains, reports about connectivity issues with devices and applications other than Outlook for Windows.

Continue reading

Advertisements