Do you want to keep internal access to OWA? If not, in Ex2010, you can just turn off access to OWA on individual's accounts, separately from ActiveSync.
set-casmailbox can do that, though you'll have to do a bit of scripting to turn it off for everyone, since it looks as if it will only act on a single mailbox at a time. Otherwise, yes, setting up a separate address for OWA, and restricting access to it to only for internal addresses should work just fine. It's essentially the reverse what we did with ActiveSync - set it up so that only our MDM application can do AS, while OWA was freely available. Kurt On Wed, Sep 9, 2015 at 8:41 AM, Maglinger, Paul <[email protected]> wrote: > Block external access, but we want Active Sync available. > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Kennedy, Jim > Sent: Wednesday, September 09, 2015 9:22 AM > To: New Exchange List ([email protected]) > Subject: [Exchange] RE: Restrict external OWA access > > > > You want to stop all external access? Or just some of it….if that from > where? Firewall denies on the IP ranges come to mind as a quick easy fix. > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Maglinger, Paul > Sent: Wednesday, September 9, 2015 10:19 AM > To: New Exchange List ([email protected]) > Subject: [Exchange] Restrict external OWA access > > > > I’ve looking for a way to restrict OWA access externally. One method which > intrigues me is this: > > > > > http://www.leederbyshire.com/Articles/Block-Or-Allow-OWA-Depending-On-Location-2007.asp > > > > Although written for Exchange 2007 (this environment is Exchange 2010), the > files exist and it seems that it would work. > > Other solutions involve setting up a second IP address and setting up > another virtual directory. > > > > This seems to be the less complicated of any other method I’ve found. Would > anyone care to chime in with an opinion? > > > > -Paul
