Updated: 2009-04-09

If you are an IT professional and use TechNet or the Office Resource Kit, take a look at our Online Survey (http://go.microsoft.com/fwlink/?LinkId=132189). Let us know how we can best meet your documentation needs. You can read more about our work to improve documentation on the Office Resource Kit Blog (http://go.microsoft.com/fwlink/?LinkID=125627&clcid=0x409).

You can configure user accounts in Microsoft Office Outlook 2007 to connect to Microsoft Exchange Server 2003 or later over the Internet without using virtual private network (VPN) connections. This feature—connecting to an Exchange account by using Outlook Anywhere—enables Outlook users to access their Exchange Server accounts from the Internet when they are traveling or are working outside their organization's firewall.

NoteNote:

This article describes the requirements and options for you to configure a group of Outlook users to use Outlook Anywhere. If you want to configure this feature on your individual computer, see the Outlook user Help topic Use Outlook Anywhere to connect to your Exchange server without VPN.

To configure Office Outlook 2007 with Outlook Anywhere as part of your Outlook deployment, you enable the option in the Office Customization Tool (OCT) and (optionally) specify additional settings—such as security-level requirements for communication with the Exchange server. After you specify these options, you save the settings with other configurations in the Setup customization file you use to deploy Outlook to your users.

You can also lock down some Outlook Anywhere settings by using Group Policy. For more information about Outlook Anywhere Group Policy settings, see the procedure "To lock down Outlook Anywhere settings in the user interface by using Group Policy" later in this article.

NoteNote:

Outlook Anywhere was referred to as RPC over HTTP in earlier versions of Outlook. References in Group Policy and OCT settings will be updated to reflect the new nomenclature. Until the name is updated, you might find settings that reference RPC over HTTP instead of Outlook Anywhere.

To configure Outlook Anywhere by using the OCT

  1. In the OCT, in the Outlook area, on the Specify Exchange Settings page, select Configure settings for a new Exchange Server connection or replace the settings in an existing Exchange Server connection.

  2. If you are defining a new Exchange server for users, enter a value or replaceable parameter in User name.

    For instance, you might specify =%UserName% to use the exact logon name for each user. This helps prevent user prompts when Outlook asks users to choose between several variations.

  3. If you are defining a new Exchange server, for Exchange Server, enter the name of the Exchange server.

    You can skip steps 2 and 3 if you are configuring Outlook Anywhere for existing Exchange users who are not moving to a new Exchange server.

  4. Click More Settings.

  5. Select the Connect to Exchange Mailbox using HTTP check box.

  6. Type the server name for the Outlook Anywhere proxy server.

    Do not enter http:// or https:// as part of the name. The appropriate entry (http:// or https://) is included automatically in the box after you enter the name, based on the authentication settings you choose.

  7. Choose whether or not to reverse default behavior for how Outlook chooses which connection type to try to use first, LAN or Outlook Anywhere.

  8. Select an authentication method.

    The default method is Password Authentication (NTLM).

  9. Click OK to return to the Specify Exchange Settings page.

  10. Complete other Outlook or Office configurations and click Finish to create the customization file that you can deploy to your users.

NoteNote:

We recommend that the user accounts that you configure for Outlook Anywhere use Cached Exchange Mode. For more information about Cached Exchange Mode in Outlook, see Plan a Cached Exchange Mode deployment in Outlook 2007.

The following table explains the Outlook Anywhere options for configuring connection type and authentication method. Outlook uses default values for these options that are likely to provide a good experience for your users and to help provide secure connections to your network. These configuration options cannot be locked down by using Group Policy.

Outlook Anywhere option Description

On a fast network, connect using HTTP first, then connect using TCP/IP.

By default on a fast network, Outlook attempts to connect by using the LAN connection first. This option is cleared by default.

On a slow network, connect using HTTP first, then connect using TCP/IP.

By default, on a slow network, Outlook attempts to connect by using HTTP first. This option is set by default.

Password Authentication (NTLM).

The default authentication method. We recommend that you specify this optiontogether with Connect with SSL only and Mutually authenticate the session when connecting with SSL.

Basic Password Authentication.

With this option, users are prompted for a password each time a connection is made to the Exchange server. In addition, if users are not using Secure Sockets Layer (SSL), the password is sent in clear text. This can pose a security risk.

You can provide increased security by using Group Policy to disable the user interface for Outlook Anywhere settings, so users cannot change the options.

The Outlook template and other ADM files can be downloaded from 2007 Office System Administrative Templates (ADM) on the Microsoft Download Center.

To lock down Outlook Anywhere settings in the user interface by using Group Policy

  1. In Group Policy, load the Office Outlook 2007 template (Outlk12.adm).

  2. To customize Cached Exchange Mode options, under User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange, double-click the policy that you want to set. For example, double-click Configure RPC over HTTP user interface options.

  3. Click Enabled.

  4. Select an option from the Choose UI State when OS can support feature drop-down list.

  5. Click OK.

The settings you can configure for controlling the Outlook Anywhere user interface are shown below.

Option Description

Hidden

User interface options are not displayed.

All config UI enabled

All Outlook Anywhere configuration options are displayed.

Enable only On/Off control but not config

Users can enable or disable Outlook Anywhere but cannot change other settings.

Enable config UI when settings are pre-deployed

When Outlook Anywhere has been configured for users, settings are configurable by using the user interface.

Disable but show all config UI

Outlook Anywhere configuration settings are displayed but dimmed and disabled.

More about configuring Outlook Anywhere

In a local area network (LAN), Outlook communicates with Exchange servers using direct network (TCP/IP) access, also known as RPC over TCP/IP. This method provides quick, efficient access to a corporate network.

Remote users who are accessing Exchange need a VPN connection, which allows users to go through the corporate firewall and login to the corporate network. A VPN is more complex and enables access to more network services than those that are required for just e-mail access.

Office Outlook 2007 offers a simpler alternative to VPN connections: Outlook Anywhere. With this feature, users can have security-enhanced access to their Exchange Server accounts from the Internet when they are working outside your organization's firewall. Users do not need special connections or hardware, such as smart cards and security tokens. They can still access their Exchange accounts, even if the Exchange server and client computer behind the firewall are on different networks.

Outlook Anywhere works by having an Exchange Server front-end computer configured as an RPC proxy server. This RPC proxy server then specifies which ports to use to communicate with the network's domain controller, global catalog (GC) servers, and all Exchange servers that the client user requires. The Exchange group in your organization must first deploy Outlook Anywhere for the Exchange servers you use, and then you can configure user accounts that access those Exchange servers to use Outlook Anywhere.

Software requirements

There are several requirements for this feature:

  • Microsoft Windows Vista, or Windows XP with Service Pack 1 and the Q331320 hotfix (or a later service pack) installed on users' computers

  • Office Outlook 2007 or Outlook 2003

  • Microsoft Exchange Server 2003 or later e-mail accounts

  • Microsoft Windows Server 2003 or later (required for server components only)

NoteNote:

We highly recommend that this feature is used with Outlook user profiles configured to use Cached Exchange Mode.

Understanding Outlook Anywhere configuration settings

Before you configure Outlook Anywhere for Outlook, you need the URL for the Exchange proxy server that is configured for Outlook Anywhere. This URL should be available from your organization's Exchange administrator.

There are additional settings for Outlook Anywhere in the OCT for configuring the connection type and the authentication method described earlier. If necessary, you can change these settings to fit special circumstances in your organization. However, the default values for these options are likely to provide a good experience for users and to help provide secure connections to your network. We recommend that you do not change the options.

In addition, we recommend that you lock down these options by disabling the Outlook Anywhere settings in the Outlook user interface.

Deploying Outlook Anywhere after deploying Outlook

You can update an Outlook installation to configure Outlook Anywhere or make changes to an existing Outlook Anywhere installation by using the OCT. Run the OCT and configure the changes you want to make to your Outlook installation, then save the customization file and deploy it to your users.

For more information about updating settings in existing Outlook installations, see Update an Outlook 2007 configuration by using the Office Customization Tool.

Outlook Anywhere configuration with Exchange 2007

If your messaging server is Microsoft Exchange Server 2007, you can use the Office Outlook 2007 AutoDiscover feature to automatically configure Outlook Anywhere. For more information about automatic account configuration, see Whitepaper: Outlook Automatic Account Configuration.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Office Resource Kit information.

See Also