0

For security reasons our company has decided to disable OWA (at least to the outside world), but would like to keep EAS (Activesync) available for syncing mobile devices.

Is this possible? Both use HTTP so I don't see how to allow one but not the other (we have a simple firewall).

It would be ok to disable OWA for internal use as well. Is it possible through IIS or ECP to disable OWA only?

TSG
  • 1,674
  • 7
  • 32
  • 51
  • 1
    By simply googling you get lots of answers on how to disable OWA, but keep EAS working. Didn't it cover your scenario? – J-M Feb 13 '20 at 02:18
  • Most of the google results show how to disable OWA access per mailbox. Some show disabling HTTP access (which also blocks EAS). By simply googling high level terms you have found solutions to the wrong question. I'm asking about disabling OWA at the server level while leaving EAS operational. – TSG Feb 13 '20 at 13:57

1 Answers1

0

To my knowledge:

1. You could remove the external URL of the OWA VD in the EAC to block external access: enter image description here

If you want to disable the OWA access for certain user, you could run the command "Set-CASMailbox adam@contoso.com -OWAEnabled $false -PopEnabled $false"(From Enable or disable Outlook on the web for a mailbox)

2. Or you could also perform another method(IP Addresses and Domain Restrictions Settings in the IIS) to limit external IP. Before that, you need add the server role “IP and Domain Restrictions” in the Server Manager:

enter image description here

After that, you could allow your internal server IP address or a specific IP address to access the OWA in the IIS by clicking Add Allow Entry, and then deny unspecified clients to access by clicking Edit Feature Settings:

enter image description here enter image description here enter image description here

Ivan_Wang
  • 1,333
  • 1
  • 4
  • 4