none
Restricting EWS Access - Problem on Exchange 2010 SP2 RRS feed

  • Question

  • Hi,

    Using Exchange 2010 SP2 I want to restrict EWS Access - so a specific user can only use EWS if he sends the correct user-agent.

    I did it this way using PS:

    Set-CASMailbox -Identity 'useraccountname' –EWSApplicationAccessPolicy: EnforceAllowList –EWSAllowList: {“the useragent string of the app”}

    Unfortunately this does not work, I still am able use EWS with this account with any user-agent

    Even disabling EWS all-together for this user does not work (just for testing):

    Set-CASMailbox -Identity 'useraccountname' –EWSEnabled $False

    I can still access EWS with EWSEditor for example.

    Attached are screenshots of Get-CASMailbox and a screenshot of EWSEditor accessing EWS without a problem although EWSEnabled is set to False for the User.

    Edit: For testing I also set OWAEnabled to $False and the user was instantaneously unable to acces OWA.

    Any help would be greatly appreciated!

    Thanks!
    Philipp

    Get-CASMailbox (EwsEnabled = False, so no EWS Access should be permitted)

    PowerShell

    Logged in with this user using EWSEditor (I am impersonating another user, but I am logging in as the user that should not be able to log in):

    EWSEditor






    • Edited by PhiWi Tuesday, September 18, 2012 10:01 PM EWSEditor comment
    Tuesday, September 18, 2012 6:58 PM

All replies

  • Not sure.  It might be to do with your 'I am impersonating another user, but I am logging in as the user that should not be able to log in'.  I've not tried this feature, but I would guess that it is the mailbox that is EWS-disabled, not the user account.

    Mobile OWA For Smartphone
    www.leederbyshire.com
    email a@t leederbyshire d.0.t c.0.m

    Wednesday, September 19, 2012 1:27 PM