Block Outlook Web App (OWA) 2013 for External Users
Hello,
I would like to block the Outlook Web App (2013) externally, should be accessible internal only. I have two Client Access Servers, one facing externally and one facing internally for administration purpose. I have been looking at the options to block the
external facing CAS for OWA only. I referred this article: http://blogs.msmvps.com/expta/2013/09/17/how-to-block-owa-2010-and-2013-for-external-users/, it doesn't help me much. Anyone had luck implementing this?
Thanks!
August 31st, 2015 8:56am
You can block OWA to users by set-casmailbox id "mailbox name"-owaenabled:$false
August 31st, 2015 9:05am
Hello, I didn't want to block for a particular user or for all users. I want to block the Outlook Web App URL itself for external access.
August 31st, 2015 9:34am
Hello, I didn't want to block for a particular user or for all users. I want to block the Outlook Web App URL itself for external access.
I did this once, and I configured a separate VIP for external access and blocked OWA Access from that level.
I think there's going to be an easier mechanism for this coming later on. I think this ignite sessions talks aboutit.
https://channel9.msdn.com/events/Ignite/2015/BRK3109
August 31st, 2015 1:39pm
On the device that you are using to publish CAS to the Internet, do not allow the /OWA or /ECP paths.
This is dooable on TMG and the various load balancers that feature an APM.
August 31st, 2015 2:03pm
Thanks for sharing the Ignite session.
August 31st, 2015 3:35pm
Thanks! I am thinking to just change the physical paths for both the OWA and ECP. This would disable the external access to OWA and bring the HTTP 404 error "The resource cannot be found".
August 31st, 2015 3:47pm
Thanks! I am thinking to just change the physical paths for both the OWA and ECP. This would disable the external access to OWA and bring the HTTP 404 error "The resource cannot be found".
That would disable OWA access to it internally as well. If that is all you want to do , then why not simply stop the OWA and ECP app pools on that CAS?
August 31st, 2015 5:44pm
Hi,
Based on my search, I have found no related setting to achieve your goal on exchange side.
Normally, we can use the below command to disable OWA access:
Set-CASMailbox user@contoso.com -OWAEnabled $false
According to your requirements, we have to use ISA/TMG to filter the OWA requests.
I suggest you can refer to the below blog to have a test:
http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx
Regards,
David
-
Edited by
David Wang_Microsoft contingent staff
Tuesday, September 01, 2015 2:51 AM
-
Proposed as answer by
David Wang_Microsoft contingent staff
Saturday, September 05, 2015 1:41 AM
September 1st, 2015 2:50am
Thanks! I have another CAS server that is hosted internally, so users will be able to access the OWA internally without any issues.
September 4th, 2015 8:27am