A user can log on to a mailbox by using Outlook for Mac 2011 unexpectedly in an Exchange Server 2010 environment

Applies to: Exchange Server 2010 StandardExchange Server 2010 Enterprise


Consider the following scenario:
  • You enable access to Exchange Web Services (EWS) in a Microsoft Exchange Server 2010 environment.
  • You disable access to a mailbox for Microsoft Outlook for Mac 2011 in Exchange Web Services. To do this, you run the Set-CasMailbox or Set-OrganizationConfig cmdlet and set the EwsAllowMacOutlook parameter to false in the Exchange Management Console.
  • A user uses Outlook for Mac 2011 to log on to the mailbox through Exchange Web Services.
In this scenario, the user can log on to the mailbox unexpectedly. 


This issue occurs because the user agent string for which EWS searches is set to Microsoft-MacOutlook instead of MacOutlook.


To resolve this issue, install the following cumulative update:
2661854 Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2


To work around this issue, run the following cmdlet in the Exchange Management Console:
Set-CasMailbox -Identity MailboxIdParameter -EwsEnabled:$true -EwsApplicationAccessPolicy EwsBlockList -EwsBlockList “*MacOutlook*”

More Information

For more information about the Set-OrganizationConfig command, visit the following Microsoft website:
For more information about the Set-CASMailbox command, visit the following Microsoft website: