Hi
Our admins recently had to disable external access for Outlook while keeping ActiveSync for Mobile Clients working. This was done by placing the autodiscover service (autodiscover.ourexternaldomain.com) behind a TMG with two factor authentication, and also putting our mail.ourexternaldomain.com behind the same TMG. So, Outlook from outside the network can't connect anymore (it will show you the login/pass prompt but what it wants is the two factor credentials, not your domain credentials.. so essentially you can't connect anymore), and mobile client still work.
In addition, they've disabled the "Outlook anywhere" options (specifically, "Connect to Microsoft Exchange using HTTP" is not only grayed out, it is forced disabled) by GPO.
Unfortunately, that doesn't work for the handful that's already using Outlook 2013. There, even when the "Connect to Microsoft Exchange using HTTP" option is unchecked, the client will query autodiscover.ourexternaldomain.com, and eventually gets the response containing not only the EXCH protocol (which contains the internal urls), but also the EXPR protocol containing the public urls. That in turn re-enables "Connect to Microsoft Exchange using HTTP", so now clients, even when inside the organization will try to access the mail.ourexternaldomain.com which is behind the TMG, resulting in perpetual login prompts being displayed (the login actually comes from the TMG, not Exchange).
So, is there a way to force disable "Connect to Microsoft Exchange using HTTP" for Outlook 2013, preferably without changing anything on Exchange and the GPO. I guess I'm looking for the registry key that is set for outlook 2010. I checked up on the GPO for Outlook 2010 and it seems it sets HKCU/Software/Policies/Microsoft/Office/14.0/Outlook/RPC/ProxyServerFlags = 0. Doing the same for Outlook 2013 (so using the Office/15.0/Outlook/RPC key) results in outlook no longer being able to connect altogether.
When I manually remove the checkbox and restart Outlook, it first connects using the internal url, then after getting autodiscover it sets the checkbox "Connect to Microsoft Exchange using HTTP" again, and since the external url can be resolved from inside the network, I get the password prompts again even from inside the corporate network.
Is there a registry key combination that keeps outlook connecting but never using the http proxy?