Tuesday, October 8, 2013

Disabling Exchange protocols in Office 365

The general default with Exchange Online is to have things enabled. Thus, things like POP3 are enable on all mailboxes by default. This makes it easier for people to connect to the service using a variety of methods. Of course there are reasons why you may want some of these disabled and that is easy to do via a number of different methods in Office 365.

If you want to use the web portal login as an administrator to Office 365.

image

When you are greeted by the Office 365 admin center select Admin from the menu bar at the top right.

image

 

 

 

 

 

From the menu that appears select Exchange.

image

Select the mailbox you wish to configure and many of the settings will appear on the right. You can modify these from here but to get access to all the options now select the Edit icon (which is the picture of the pen just above the column headings).

image

If you now select the mailbox features option from the menu on the left hand side you see a list of links on the right than allows to control the different protocols and features of the mailbox.

image

For example if you select the Disable link under the POP3 heading you will be prompted to whether you wish to disable POP3 for this mailbox as shown above.

image

By holding down the control key and selecting multiple mailboxes you can make bulk edit changes by selecting from the options on the right. In the case above, I have selected all 7 mailboxes and select the link to enable POP3. All I need do is now confirm this to update all these accounts together.

Using the web portal allows you to make changes to accounts easily, however if you need to complete this process repeatedly on a large number of mailboxes then using PowerShell is a better option.

The first step is to connect to Office 365 using PowerShell which I have covered in a previous blog post here:

http://blog.ciaops.com/2012/09/configuring-power-shell-access-in.html

You can then run a variety of PowerShell commands to disable the different features of different mailbox. The details of those commands are found here:

http://support.microsoft.com/kb/2573225/en-us

For example, to disable POP3 for the same user above the command would be:

Set-CasMailbox barry.jones@kumoalliance.net.au -PopEnabled $False

Again, that is great when you only need to do a few mailboxes, but what happens when you need to do lots? Here’s a script that should do the job for all your users (provided you don’t have thousands):

Get-CASMailbox | Set-CASMailbox -PopEnabled $False

I will also point you to the following blog article:

http://blogs.technet.com/b/zarkatech/archive/2011/08/09/automatically-disable-pop3-amp-imap-in-office-365.aspx

which shows you how to achieve this using Office 365 security groups to more easily determine exactly who and who doesn’t have access. This is a great option if want to restrict only a subset of your users from having access to features like POP3 in Office 365.

The important takeaway here is that most of Exchange features are enabled in Office by default. You can easily change them via the web portal but an even better method would be to user PowerShell, where you can even integrate security groups to provide even more granular control.