You try to block users from accessing their mailboxes by disabling access to Outlook Web App in an on-premises Microsoft Exchange Server environment. For example, you use the Exchange Admin Center to disable Outlook Web App. Or, you run the following Exchange PowerShell cmdlet:
Set-CASMailbox <Identity> -OWAEnabled $False
You expect the user to receive the following message when he or she tries to access his or her mailbox through Outlook Web App:
Outlook Web App is currently disabled for user <EmailAddress>
However, currently, this setting isn't effective, and users can still access Outlook Web App. It's best to find an alternative method for limiting access to a user's mailbox.
Install Cumulative Update 2 (CU2) for Exchange Server 2013 in the on-premises Exchange Server environment. For more info about CU2 for Exchange 2013, see the following Microsoft Knowledge Base article:
2859928 Description of Cumulative Update 2 for Exchange Server 2013
To work around this issue, use Active Directory Users and Computers to disable mailbox access by removing the user’s ability to log on to the Active Directory environment. To do this, follow these steps:
Open Active Directory Users and Computers.
Locate the user whose information you want to edit. To do this, use the Find feature. Or, browse to the organizational unit to which the user belongs.
Double-click the user, and then, in the <UserName> Properties dialog box, click the Account tab.
Under Account options, select Account is disabled, and then click OK.
A common method to block a user's access to mailboxes is to disable the connection protocols, such as Outlook Web App, for that user. For example, administrators may want to do this in scenarios in which you want the user to have access to Exchange ActiveSync but not Outlook Web App.