In the current article, we will review how to use the PowerShell cmdlet Search-Mailbox to…
Disable Access to Service (protocol ) by using PowerShell | Office 365
In the current article, we review the use of the PowerShell cmdlet Set-CASMailbox, which is used for disabling (or enabling) access to specific types of mail client or mail client that uses a specific protocol to Exchange mailboxes.
Table of contents
- Connect to Exchange Online PowerShell
- Disable Exchange recipient mailbox access | Various protocols and mail clients
- Disable OWA client access to Exchange mailbox
- Disable ActiveSync (Mobile client) client access to Exchange mailbox
- Disable OWA for mobile device client access to Exchange mailbox
- Disable Outlook client (MAPI client) access to Exchange mailbox
- Disable Microsoft Outlook client EWS access to Exchange mailbox
- Disable Exchange Web Services client access to Exchange mailbox
- Disable POP3 client access to Exchange mailbox
- Disable IMAP4 client access to Exchange mailbox
- Disable Microsoft Entourage client (Mac client) access to Exchange mailbox
- Disable Microsoft Outlook for Mac client access to Exchange mailbox
- Disable Access to Remote PowerShell
- Get mailbox access protocols information
- Get standard access protocol settings | Single mailbox
- Get MAC client access protocol settings | Single mailbox
- Get Remote PowerShell access settings | Single mailbox
- Get standard access protocol settings | All Exchange user mailboxes
- Get standard access protocol settings | All Exchange user mailboxes
- Get Exchange recipient with OWA access disabled
- Get Exchange recipient with ActiveSync access disabled
- Get Exchange recipient with Outlook (MAPI) access disabled
Connect to Exchange Online PowerShell
To be able to run the PowerShell commands specified in the current article, you will need to Connect to Exchange Online PowerShell.
Start Windows PowerShell as administrator and run the cmdlet Connect-ExchangeOnline.
Connect-ExchangeOnline
Disable Exchange recipient mailbox access | Various protocols and mail clients
One of the most conspicuous advantages of Exchange server is, his ability to “expose” the Exchange mailbox to a various type mail client and to various mail protocols.
By default, Exchange server is configured to allow Exchange clients to use all the available mail protocols using all the supported mail clients.
In some scenarios, we as Exchange Administrator, need to “prevent” Exchange client from using a specific protocol or a specific mail client.
For example, in a scenario in which our client experiences strange problems such as mail that disappear or other problems.
To be able to locate the specific mail client that is causing this problem, we can implement a troubleshooting method in which we disable all the available mail protocol beside one protocol such as – OWA mail client, and then verify if the problem still occurs.
The rest of the process is implemented by enabling each time additional mail client until we locate the not functioning or problematic mail client.
The following table includes a summary of the mail protocol and mail client that we review in the current article:
Client | Protocol | Disable parameter |
---|---|---|
Web Base Based client | Disable OWA client access | -OWAEnabled $False |
Mobile Based mail client | Disable ActiveSync mail client access to Exchange mailbox | -ActiveSyncEnabled $False |
Mobile Based mail client | Disable OWA for mobile device mail client access to Exchange mailbox | -OWAforDevicesEnabled $False |
Outlook mail client | Disable Outlook mail client access to Exchange mailbox | -MAPIEnabled $False |
Outlook mail client | Disable Outlook mail client access to Exchange WEB services (EWS) | -EwsAllowOutlook $False |
Exchange Web Services client | Disable mail client access to Exchange WEB services (EWS) | -EwsEnabled $False |
“Internet” mail clients – POP3 and IMAP4 | Disable POP3 mail client access to Exchange mailbox | -PopEnabled $False |
“Internet” mail clients – POP3 and IMAP4 | Disable IMAP4 mail client access to Exchange mailbox | -ImapEnabled $False |
Exchange MAC client | Disable Microsoft Entourage mail client access to Exchange mailbox | -EwsAllowEntourage $False |
Exchange MAC client | Disable Microsoft Outlook for Mac mail client access to Exchange mailbox | -EwsAllowMacOutlook $False |
Remote PowerShell | Disable Access to Remote PowerShell | -RemotePowerShellEnabled $False |
I have added a reference to a scenario in which we want to disable the option of Exchange client to create a Remote PowerShell session.
Disable OWA client access to Exchange mailbox
The OWAEnabled parameter enables or disables access to the mailbox by using Outlook on the web. The default value is $True.
To disable Exchange Online recipient access to OWA protocol, we set the OWAEnabled value to $False.
Disable OWA client access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -OWAEnabled $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -OWAEnabled $False
Disable OWA client access to Exchange mailbox | Bulk – All Exchange recipients with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -OWAEnabled $False
Disable ActiveSync (Mobile client) client access to Exchange mailbox
The ActiveSyncEnabled parameter enables or disables Exchange ActiveSync for the mailbox. The default value is $True.
To disable Exchange Online recipient access to ActiveSync protocol, we set the ActiveSyncEnabled value to $False.
Disable ActiveSync (Mobile client) access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -ActiveSyncEnabled $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -ActiveSyncEnabled $False
Disable ActiveSync (Mobile client) access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -ActiveSyncEnabled $False
Disable OWA for mobile device client access to Exchange mailbox
The OWAforDevicesEnabled parameter enables or disables access to the mailbox by using Outlook on the web for devices. The default value is $True.
To disable Exchange Online recipient access to Outlook on the web for devices protocol, we set the OWAforDevicesEnabled value to $False.
Disable OWA for mobile device client access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -OWAforDevicesEnabled $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -OWAforDevicesEnabled $False
Disable OWA for mobile device client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -OWAforDevicesEnabled $False
Disable Outlook client (MAPI client) access to Exchange mailbox
The MAPIEnabled parameter enables or disables access to the mailbox by using MAPI clients (for example, Microsoft Outlook). The default value is $True.
To disable Outlook (MAPI clients) protocol, we set the MAPIEnabled value to $False.
Disable Outlook client (MAPI client) access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -MAPIEnabled $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -MAPIEnabled $False
Disable Outlook client (MAPI client) access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -MAPIEnabled $False
Disable Microsoft Outlook client EWS access to Exchange mailbox
The EwsAllowOutlook parameter enables or disables access to the mailbox by Microsoft Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing. The default value is $True.
To disable Exchange Microsoft Outlook client EWS access, we set the EwsAllowOutlook value to $False.
Disable Microsoft Outlook client EWS access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -EwsAllowOutlook $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -EwsAllowOutlook $False
Disable Microsoft Outlook client EWS access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsAllowOutlook $False
Disable Exchange Web Services client access to Exchange mailbox
The EwsEnabled parameter enables or disables access to the mailbox by using Exchange Web Services clients. The default value is $True.
To disable Exchange Web Services clients protocol, we set the EwsEnabled value to $False.
Disable Exchange Web Services client access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -EwsEnabled $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -EwsEnabled $False
Disable Exchange Web Services client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsEnabled $False
Disable POP3 client access to Exchange mailbox
The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. The default value is $True.
To disable Exchange Online recipient access to POP3 protocol, we set the PopEnabled value to $False.
Disable POP3 client access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -PopEnabled $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -PopEnabled $False
Disable POP3 client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -PopEnabled $False
Disable IMAP4 client access to Exchange mailbox
The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. The default value is $True.
To disable Exchange Online recipient access to IMAP4 protocol, we set the ImapEnabled value to $False.
Disable IMAP4 client access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -ImapEnabled $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -ImapEnabled $False
Disable IMAP4 client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -ImapEnabled $False
Disable Microsoft Entourage client (Mac client) access to Exchange mailbox
The EwsAllowEntourage parameter enables or disables access to the mailbox by Microsoft Entourage clients that use Exchange Web Services (for example, Entourage 2008 for Mac, Web Services Edition). The default value is $True.
To disable Exchange Online Mac recipient access to Entourage protocol, we set the EwsAllowEntourage value to $False.
Disable Microsoft Entourage client (Mac client) client access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -EwsAllowEntourage $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -EwsAllowEntourage $False
Disable Microsoft Entourage client (Mac client) client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsAllowEntourage $False
Disable Microsoft Outlook for Mac client access to Exchange mailbox
The EwsAllowMacOutlook parameter enables or disables access to the mailbox by Microsoft Outlook for Mac clients that use Exchange Web Services (for example, Outlook for Mac 2011 or later). The default value is $True.
To disable Exchange Online Mac recipient access to Microsoft Outlook for Mac protocol, we set the EwsAllowMacOutlook value to $False.
Disable Microsoft Outlook for Mac client access to Exchange mailbox | Single mailbox
PowerShell command syntax:
Set-CASMailbox <Mailbox> -EwsAllowMacOutlook $False
PowerShell command example:
Set-CASMailbox "Bob@o365info.com" -EwsAllowMacOutlook $False
Disable Microsoft Outlook for Mac client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command example:
Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne 'Exchange Admin')} | Set-CASMailbox -EwsAllowMacOutlook $False
Disable Access to Remote PowerShell
The RemotePowerShellEnabled parameter enables or disables access to Exchange Online using Remote PowerShell session. The default value is $True.
To disable Remote PowerShell, we set the RemotePowerShellEnabled value to $False.
PowerShell command syntax:
Set-User <Mailbox> -RemotePowerShellEnabled $False
PowerShell command example:
Set-User "Bob@o365info.com" -RemotePowerShellEnabled $False
Get mailbox access protocols information
Get standard access protocol settings | Single mailbox
PowerShell command syntax:
Get-CASMailbox <Mailbox>
PowerShell command example:
Get-CASMailbox "Bob"
Get MAC client access protocol settings | Single mailbox
PowerShell command syntax:
Get-CASMailbox <Mailbox> | FT EwsAllowMacOutlook, EwsAllowEntourage
PowerShell command example:
Get-CASMailbox "Bob" | FT EwsAllowMacOutlook, EwsAllowEntourage
Get Remote PowerShell access settings | Single mailbox
PowerShell command syntax:
Get-User <USER> | FT RemotePowerShellEnabled
PowerShell command example:
Get-User "Bob" | FT RemotePowerShellEnabled
Get standard access protocol settings | All Exchange user mailboxes
PowerShell command example:
Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Get-CASMailbox
Get standard access protocol settings | All Exchange user mailboxes
PowerShell command example:
Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Get-CASMailbox
Get Exchange recipient with OWA access disabled
PowerShell command example:
Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).OWAEnabled -eq $False }
Get Exchange recipient with ActiveSync access disabled
PowerShell command example:
Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).ActiveSyncEnabled -eq $False }
Get Exchange recipient with Outlook (MAPI) access disabled
PowerShell command example:
Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).MAPIEnabled -eq $False }
Good article.
Hey great info!