Skip to content

Disable Access to Service (protocol ) by using PowerShell | Office 365

In the current article, we review the use of the PowerShell cmdlet Set-CASMailbox, which is used for disabling (or enabling) access to specific types of mail client or mail client that uses a specific protocol to Exchange mailboxes.

Table of contents

Connect to Exchange Online PowerShell

To be able to run the PowerShell commands specified in the current article, you will need to Connect to Exchange Online PowerShell.

Start Windows PowerShell as administrator and run the cmdlet Connect-ExchangeOnline.

Connect-ExchangeOnline

Disable Exchange recipient mailbox access | Various protocols and mail clients

One of the most conspicuous advantages of Exchange server is, his ability to “expose” the Exchange mailbox to a various type mail client and to various mail protocols.

By default, Exchange server is configured to allow Exchange clients to use all the available mail protocols using all the supported mail clients.

In some scenarios, we as Exchange Administrator, need to “prevent” Exchange client from using a specific protocol or a specific mail client.

For example, in a scenario in which our client experiences strange problems such as mail that disappear or other problems.
To be able to locate the specific mail client that is causing this problem, we can implement a troubleshooting method in which we disable all the available mail protocol beside one protocol such as – OWA mail client, and then verify if the problem still occurs.

The rest of the process is implemented by enabling each time additional mail client until we locate the not functioning or problematic mail client.

The following table includes a summary of the mail protocol and mail client that we review in the current article:

ClientProtocolDisable parameter
Web Base Based clientDisable OWA client access-OWAEnabled $False
Mobile Based mail clientDisable ActiveSync mail client access to Exchange mailbox-ActiveSyncEnabled $False
Mobile Based mail clientDisable OWA for mobile device mail client access to Exchange mailbox-OWAforDevicesEnabled $False
Outlook mail clientDisable Outlook mail client access to Exchange mailbox-MAPIEnabled $False
Outlook mail clientDisable Outlook mail client access to Exchange WEB services (EWS)-EwsAllowOutlook $False
Exchange Web Services clientDisable mail client access to Exchange WEB services (EWS)-EwsEnabled $False
“Internet” mail clients – POP3 and IMAP4Disable POP3 mail client access to Exchange mailbox-PopEnabled $False
“Internet” mail clients – POP3 and IMAP4Disable IMAP4 mail client access to Exchange mailbox-ImapEnabled $False
Exchange MAC clientDisable Microsoft Entourage mail client access to Exchange mailbox-EwsAllowEntourage $False
Exchange MAC clientDisable Microsoft Outlook for Mac mail client access to Exchange mailbox-EwsAllowMacOutlook $False
Remote PowerShellDisable Access to Remote PowerShell-RemotePowerShellEnabled $False

I have added a reference to a scenario in which we want to disable the option of Exchange client to create a Remote PowerShell session.

Disable OWA client access to Exchange mailbox

The OWAEnabled parameter enables or disables access to the mailbox by using Outlook on the web. The default value is $True.

To disable Exchange Online recipient access to OWA protocol, we set the OWAEnabled value to $False.

Disable OWA client access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -OWAEnabled $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -OWAEnabled $False

Disable OWA client access to Exchange mailbox | Bulk – All Exchange recipients with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -OWAEnabled $False

Disable ActiveSync (Mobile client) client access to Exchange mailbox

The ActiveSyncEnabled parameter enables or disables Exchange ActiveSync for the mailbox. The default value is $True.

To disable Exchange Online recipient access to ActiveSync protocol, we set the ActiveSyncEnabled value to $False.

Disable ActiveSync (Mobile client) access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -ActiveSyncEnabled $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -ActiveSyncEnabled $False

Disable ActiveSync (Mobile client) access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -ActiveSyncEnabled $False

Disable OWA for mobile device client access to Exchange mailbox

The OWAforDevicesEnabled parameter enables or disables access to the mailbox by using Outlook on the web for devices. The default value is $True.

To disable Exchange Online recipient access to Outlook on the web for devices protocol, we set the OWAforDevicesEnabled value to $False.

Disable OWA for mobile device client access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -OWAforDevicesEnabled $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -OWAforDevicesEnabled $False

Disable OWA for mobile device client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -OWAforDevicesEnabled $False

Disable Outlook client (MAPI client) access to Exchange mailbox

The MAPIEnabled parameter enables or disables access to the mailbox by using MAPI clients (for example, Microsoft Outlook). The default value is $True.

To disable Outlook (MAPI clients) protocol, we set the MAPIEnabled value to $False.

Disable Outlook client (MAPI client) access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -MAPIEnabled $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -MAPIEnabled $False

Disable Outlook client (MAPI client) access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -MAPIEnabled $False

Disable Microsoft Outlook client EWS access to Exchange mailbox

The EwsAllowOutlook parameter enables or disables access to the mailbox by Microsoft Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing. The default value is $True.

To disable Exchange Microsoft Outlook client EWS access, we set the EwsAllowOutlook value to $False.

Disable Microsoft Outlook client EWS access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -EwsAllowOutlook $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -EwsAllowOutlook $False

Disable Microsoft Outlook client EWS access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsAllowOutlook $False

Disable Exchange Web Services client access to Exchange mailbox

The EwsEnabled parameter enables or disables access to the mailbox by using Exchange Web Services clients. The default value is $True.

To disable Exchange Web Services clients protocol, we set the EwsEnabled value to $False.

Disable Exchange Web Services client access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -EwsEnabled $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -EwsEnabled $False

Disable Exchange Web Services client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsEnabled $False

Disable POP3 client access to Exchange mailbox

The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. The default value is $True.

To disable Exchange Online recipient access to POP3 protocol, we set the PopEnabled value to $False.

Disable POP3 client access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -PopEnabled $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -PopEnabled $False

Disable POP3 client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -PopEnabled $False

Disable IMAP4 client access to Exchange mailbox

The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. The default value is $True.

To disable Exchange Online recipient access to IMAP4 protocol, we set the ImapEnabled value to $False.

Disable IMAP4 client access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -ImapEnabled $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -ImapEnabled $False

Disable IMAP4 client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -ImapEnabled $False

Disable Microsoft Entourage client (Mac client) access to Exchange mailbox

The EwsAllowEntourage parameter enables or disables access to the mailbox by Microsoft Entourage clients that use Exchange Web Services (for example, Entourage 2008 for Mac, Web Services Edition). The default value is $True.

To disable Exchange Online Mac recipient access to Entourage protocol, we set the EwsAllowEntourage value to $False.

Disable Microsoft Entourage client (Mac client) client access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -EwsAllowEntourage $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -EwsAllowEntourage $False

Disable Microsoft Entourage client (Mac client) client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsAllowEntourage $False

Disable Microsoft Outlook for Mac client access to Exchange mailbox

The EwsAllowMacOutlook parameter enables or disables access to the mailbox by Microsoft Outlook for Mac clients that use Exchange Web Services (for example, Outlook for Mac 2011 or later). The default value is $True.

To disable Exchange Online Mac recipient access to Microsoft Outlook for Mac protocol, we set the EwsAllowMacOutlook value to $False.

Disable Microsoft Outlook for Mac client access to Exchange mailbox | Single mailbox

PowerShell command syntax:

Set-CASMailbox <Mailbox> -EwsAllowMacOutlook $False

PowerShell command example:

Set-CASMailbox "Bob@o365info.com" -EwsAllowMacOutlook $False

Disable Microsoft Outlook for Mac client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator

PowerShell command example:

Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsAllowMacOutlook $False

Disable Access to Remote PowerShell

The RemotePowerShellEnabled parameter enables or disables access to Exchange Online using Remote PowerShell session. The default value is $True.

To disable Remote PowerShell, we set the RemotePowerShellEnabled value to $False.

PowerShell command syntax:

​ Set-User <Mailbox> -RemotePowerShellEnabled $False

PowerShell command example:

Set-User "Bob@o365info.com" -RemotePowerShellEnabled $False

Get mailbox access protocols information

Get standard access protocol settings | Single mailbox

PowerShell command syntax:

Get-CASMailbox <Mailbox>

PowerShell command example:

Get-CASMailbox "Bob"

Get MAC client access protocol settings | Single mailbox

PowerShell command syntax:

Get-CASMailbox <Mailbox> | FT EwsAllowMacOutlook, EwsAllowEntourage

PowerShell command example:

Get-CASMailbox "Bob" | FT EwsAllowMacOutlook, EwsAllowEntourage

Get Remote PowerShell access settings | Single mailbox

PowerShell command syntax:

Get-User <USER> | FT RemotePowerShellEnabled

PowerShell command example:

Get-User "Bob" | FT RemotePowerShellEnabled

Get standard access protocol settings | All Exchange user mailboxes

PowerShell command example:

Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Get-CASMailbox

Get standard access protocol settings | All Exchange user mailboxes

PowerShell command example:

Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Get-CASMailbox

Get Exchange recipient with OWA access disabled

PowerShell command example:

Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).OWAEnabled -eq $False }

Get Exchange recipient with ActiveSync access disabled

PowerShell command example:

Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).ActiveSyncEnabled -eq $False }

Get Exchange recipient with Outlook (MAPI) access disabled

PowerShell command example:

Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).MAPIEnabled -eq $False }
o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *