What is Microsoft Outlook Anywhere?
Microsoft Outlook Anywhere is a software feature that lets clients using Outlook 2010, Outlook 2007 or Outlook 2003 connect to the Microsoft Exchange server and access their email from outside the corporate domain without having to use a virtual private network (VPN).
Formerly known as Remote Procedure Call over Hypertext Transfer Protocol (RPC over HTTP), Outlook Anywhere is a legacy connectivity and transport method between Outlook for Windows and Microsoft Exchange. Specifically, RPC over HTTP is a protocol that Outlook Anywhere clients can use to connect to Outlook for accessing mail data from Exchange Online.
How Outlook Anywhere works
In corporate email environments configured on the Microsoft Exchange server, the Outlook email client uses RPCs with TCP/IP. This lets the client communicate quickly and efficiently with the server to send and receive messages, calendar invites and tasks. However, this method requires the user to be connected on the corporate network.
If the user needs to access their email account from outside the network – from home or when they are traveling, for example -- they must connect via a VPN. The VPN will allow them to bypass the organization's firewall; connect to its network; and access many corporate services, including email.
Outlook Anywhere provides an alternative to a VPN. The Outlook client uses RPC over HTTP, a proxy component that wraps RPCs with an HTTP layer so traffic can pass through network firewalls without opening RPC ports. As a result, the user can connect to their corporate email from outside the network via the Internet and without using a VPN.
Evolution of Outlook Anywhere
First introduced by Microsoft in Outlook Anywhere Exchange 2003, Outlook Anywhere was developed to let remote users access corporate email and also to reduce VPN traffic. Until Exchange 2010, all users inside the corporate network used RPC, Messaging Application Programming Interface (MAPI), or MAPI over HTTP for connections. Since Exchange 2013, all Outlook clients use Outlook Anywhere for connections, regardless of whether users are inside or outside the network. By encapsulating RPC traffic inside HTTPS, Outlook Anywhere reduces this traffic inside the network.
Configuration Requirements in Microsoft Exchange
In Exchange 2013 and higher, Outlook Anywhere is enabled by default since RPC over HTTP is used by default and all Outlook connectivity occurs via Outlook Anywhere. Only one post-deployment task must be performed for users to use Outlook Anywhere on Exchange 2013: install a valid Secure Sockets Layer certificate (SSL certificate) on the Client Access Server (CAS). Mailbox servers in any organization only require a default self-signed SSL certificate to use Outlook Anywhere in Exchange 2013 and higher.
It's important to note the following Outlook Anywhere and Exchange 2013 configuration guidance:
- Outlook 2003 is not a supported client for Exchange 2013.
- Outlook 2007 or higher is required for an Outlook Anywhere connection to Exchange 2013.
- Outlook Anywhere must be enabled on all Exchange 2007/2010 CAS in the organization to allow proxy connections from Exchange 2013 CAS to Exchange 2007/2010 servers (i.e., if Exchange 2007 or Exchange 2010 coexist with Exchange 2013).
- When enabling Outlook Anywhere on the CAS, New Technology LAN Manager (NTLM) must be chosen for Internet Information Services authentication.
- The Outlook Anywhere external host name must be configured to point to the Exchange 2013 Outlook Anywhere host name.
Most Outlook Anywhere configurations are to be performed by Exchange admins. These are the steps to configure settings on the server:
- Open the Exchange Management Console and navigate to Server Configuration > Client Access.
- Under the client access sub-pane, look for Configure External Client.
- When the wizard opens, add the server so external clients can access it.
- On the right-side middle, enable the Enable Outlook Anywhere option.
- Enter the external hostname (it should be the same as the hostname used for the SSL certificate).
- Select the authentication type: basic or NTLM.
- Go to server manager, domain name system (DNS) server > Forward Lookup Zones > your URL to check if there's an Autodiscover record in the DNS server.
- If the option is missing, add it by going to the DNS Manager for the domain and navigating to Action > CNAME.
- When a dialog box opens, add Autodiscover as the type and autodiscover.outlook.com as the CNAME address. Click OK.
- To enable RPC over HTTP for Outlook Anywhere, an SSL certificate must be purchased and installed on the server (under the server management console).
Exchange admins must also complete these configurations to enable Outlook Anywhere on clients:
- Add the RPC over HTTP feature with the Server Manager.
- Check if remote connections work.
- Check if the firewall router has port 443 open to send traffic to the mail server.
Benefits of Outlook Anywhere
Outlook Anywhere is a good alternative to VPN to access email over Microsoft Exchange. 3szAjnh2It makes it easy for users who don't or can't use VPN to still check their email from outside the corporate network, particularly if they're using older versions of Outlook. Anytime access to email provides users the flexibility to work remotely, whether fully remote or in a hybrid work model.
Outlook Anywhere also reduces VPN traffic. To set up email connectivity, there's no need to set up additional open ports. A single namespace is also sufficient for configuring Outlook Anywhere. All these benefits reduce the burden on IT admins.