Thinking out loud..... Change the URL for OWA and active sync to be different. Blow up external DNS for the OWA URL, fix it for internal, fix it for active sync.
Or Add the IP and Domain Restrictions role to the server, then you should be able to add ip restrictions to the OWA folder. Deny all except your internal range. Never done that, this one is based on my Google Fu. From: [email protected] [mailto:[email protected]] On Behalf Of Maglinger, Paul Sent: Wednesday, September 9, 2015 11:42 AM To: '[email protected]' Subject: [Exchange] RE: Restrict external OWA access Block external access, but we want Active Sync available. From: [email protected] [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Wednesday, September 09, 2015 9:22 AM To: New Exchange List ([email protected]) Subject: [Exchange] RE: Restrict external OWA access You want to stop all external access? Or just some of it....if that from where? Firewall denies on the IP ranges come to mind as a quick easy fix. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Maglinger, Paul Sent: Wednesday, September 9, 2015 10:19 AM To: New Exchange List ([email protected]<mailto:[email protected]>) Subject: [Exchange] Restrict external OWA access I've looking for a way to restrict OWA access externally. One method which intrigues me is this: http://www.leederbyshire.com/Articles/Block-Or-Allow-OWA-Depending-On-Location-2007.asp Although written for Exchange 2007 (this environment is Exchange 2010), the files exist and it seems that it would work. Other solutions involve setting up a second IP address and setting up another virtual directory. This seems to be the less complicated of any other method I've found. Would anyone care to chime in with an opinion? -Paul
