Skip to content

Outlook Connectivity


About this Document

In this document we explain how to configure MAPI over HTTP on the AXS GUARD reverse proxy server. This document was last updated on 28 Jan 2019.

Outlook clients that are not MAPI over HTTP capable can still use Outlook Anywhere (RPC over HTTP) to access Exchange through a MAPI-enabled Client Access server.


Application Server Requirements

The use of MAPI over HTTP requires all Exchange 2013 Client Access Servers to be updated to Exchange Server 2013 SP1 (or later). The feature is disabled by default in SP1 so you can get the servers updated without anyone noticing any changes. If you are an Office 365 Exchange Online customer you won’t have anything to worry about on the service side of deployment.

Client Requirements

Outlook clients must be updated to use MAPI over HTTP. Office 2013 SP1 or Office 365 ProPlus February update (SP1 equivalent for ProPlus) are required for MAPI over HTTP. It is recommend you deploy the May Office 2013 public update or the April update for Office 365 ProPlus to eliminate the restart prompt when MAPI/HTTP is enabled for users.

Outlook 2010 was updated to support MAPI over HTTP in the January 2015 Public Update, and additional fixes for it were released in the April 2015 Public Update.

Prior version clients will continue to work as-is using Outlook Anywhere. Outlook Anywhere is the supported connection method for those clients. Microsoft did not backport MAPI over HTTP to Outlook 2007 or earlier versions.

DNS Requirements

Outlook clients make use of the Autodiscover functionality provided by Exchange to connect to mailboxes. When the client is started, it attempts to resolve or to locate the Autodiscover Exchange service for the given mail domain.

Any FQDN returned by the Autodiscover service must also be available as an external DNS record when accessing mail from the Internet (outside the corporate network or domain). If not, the client’s auto-configuration will fail and it will not be able to establish connections with the Exchange server.


Note that basic authentication is required for MAPI and EWS services, as NTLM is suppressed by default by the reverse proxy. See the official Microsoft documentation for additional information about how to configure your Exchange server for basic authentication.

AXS Guard-side Configuration

Connection Settings

  1. Go to Reverse Proxy > HTTP(S) > Servers

  2. Create a new server entry with the following settings:

    • Application: OWA-2016.

    • External hostname: (use the appropriate external name for your domain).

Connection Tab

Security Settings

Security Tab

Authentication Settings

Authentication Tab