-->
The most recent is the May 2013 update which can be found here: Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 May 2013 Update As Dmitry mentioned, you will need to.
Messaging Application Programming Interface (MAPI) over HTTP is a transport protocol that improves the reliability and stability of the Outlook and Exchange connections by moving the transport layer to the industry-standard HTTP model. This allows a higher level of visibility of transport errors and enhanced recoverability. Additional functionality includes support for an explicit pause-and-resume function. This enables supported clients to change networks or resume from hibernation while maintaining the same server context.
Implementing MAPI over HTTP does not mean that it is the only protocol that can be used for Outlook to access Exchange. Outlook clients that are not MAPI over HTTP capable can still use Outlook Anywhere (RPC over HTTP) to access Exchange through a MAPI-enabled Client Access server.
In Exchange 2016 and Exchange 2019, MAPI over HTTP can be applied across your entire organization, or at the individual mailbox level.
Benefits of MAPI over HTTP
MAPI over HTTP offers the following benefits to the clients that support it:
- Enables future innovation in authentication by using an HTTP based protocol.
- Provides faster reconnection times after a communications break because only TCP connections (not RPC connections) need to be rebuilt. Examples of a communication break include:
- Device hibernation
- Changing from a wired network to a wireless or cellular network
- Offers a session context that is not dependent on the connection. The server maintains the session context for a configurable period of time, even if the user changes networks.
MAPI over HTTP when upgrading Exchange
In Exchange 2016 or later, MAPI over HTTP is enabled by default at the organization level, although you still need to configure the virtual directories as described in Configure MAPI over HTTP for users to take advantage of it.
The scenarios where MAPI over HTTP is enabled or disabled by default at the organization level are described in the following table:
Exchange 2019 | Exchange 2016 | |
---|---|---|
Upgrading from an Exchange 2016 environment | MAPI over HTTP is enabled by default | n/a |
Upgrading from an environment that contains any Exchange 2013 servers | MAPI over HTTP is disabled by default | MAPI over HTTP is disabled by default |
Upgrading from an Exchange 2010 environment | n/a | MAPI over HTTP is enabled by default |
During the upgrade from an organization that contains Exchange 2013 servers, administrators will receive the MAPI over HTTP isn't enabled [WarnMapiHttpNotEnabled] readiness check warning, and enabling MAPI over HTTP post-installation is recommended. In any organization that contains Exchange 2013 servers, MAPI over HTTP won't be enabled by default, and administrators will need to follow the steps in Configure MAPI over HTTP to enable it.
Supportability and Prerequisites
Consider the following requirements to enable MAPI over HTTP.
Supportability
Use the following matrix to verify that your clients and servers support MAPI over HTTP.
Product | Exchange 2019 | Exchange 2016 | Exchange 2013 SP1 | Exchange 2013 RTM | Exchange 2010 SP3 |
---|---|---|---|---|---|
Outlook 2013 SP1 and all later versions of Outlook | MAPI over HTTP Outlook Anywhere | MAPI over HTTP Outlook Anywhere | MAPI over HTTP Outlook Anywhere | Outlook Anywhere | RPC Outlook Anywhere |
Outlook 2010 SP2 with updates KB2956191 and KB2965295 (April 14, 2015) | MAPI over HTTP Outlook Anywhere | MAPI over HTTP Outlook Anywhere | MAPI over HTTP Outlook Anywhere | Outlook Anywhere | RPC Outlook Anywhere |
Outlook 2013 RTM | Outlook Anywhere | Outlook Anywhere | Outlook Anywhere | Outlook Anywhere | RPC Outlook Anywhere |
All earlier versions of Outlook | Outlook Anywhere | Outlook Anywhere | Outlook Anywhere | Outlook Anywhere | RPC Outlook Anywhere |
Prerequisites
The following conditions are required for clients and servers to support MAPI over HTTP with Exchange Server. Once the following prerequisites are in place, see Configure MAPI over HTTP to enable it in your organization.
- Supported Outlook clients (see the table in the previous section).
- .NET Framework 4.5.2 or later. Note that this is no longer an issue for Exchange 2016 CU5 or later. For more information about the .NET Framework requirements for Exchange 2016, see Supported .NET Framework versions for Exchange 2016.
A mail-enabled security group can be used to distribute messages as well as to grant access permissions to resources in Active Directory. For more information, see Recipients.
What do you need to know before you begin?
- Estimated time to complete: 2 to 5 minutes.
- You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the 'Distribution groups' entry in the Recipients permissions topic.
- For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts for the Exchange admin center.
Tip
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Online or Exchange Online Protection.
Create a mail-enabled security group
Use the EAC to create a security group
- In the EAC, navigate to Recipients > Groups.
- Click New > Security group.
- On the New security group page, complete the following fields:
- * Display name: Use this box to type the display name. This name appears in the shared address book, on the To: line when email is sent to this group, and in the Groups list in the EAC. The display name is required and should be user-friendly so people recognize what it is. It also must be unique in the forest.
NoteIf a group naming policy is applied, you must follow the naming constraints enforced for your organization. For more information, see Create a distribution group naming policy. If you want to override your organization's group naming policy, see Override the distribution group naming policy.- * Alias: Use this box to type the alias for the security group. The alias can't exceed 64 characters and must be unique in the forest. When a user types the alias on the To: line of an email message, it resolves to the group's display name.
- Description: Use this box to describe the security group so people know what the purpose of the group is.
- Organizational unit: You can select an organizational unit (OU) other than the default (which is the recipient scope). If the recipient scope is set to the forest, the default value is set to the Users container in the Active Directory domain that contains the computer on which the EAC is running. If the recipient scope is set to a specific domain, the Users container in that domain is selected by default. If the recipient scope is set to a specific OU, that OU is selected by default.To select a different OU, click Browse. The dialog box displays all OUs in the forest that are within the specified scope. Select the desired OU, and then click OK.
- * Owners: By default, the person who creates a group is the owner. All groups must have at least one owner. You can add owners by clicking Add.
- Members: Use this section to add members and to specify whether approval is required for people to join or leave the group.Group owners don't have to be members of the group. Use Add group owners as members to add or remove the owners as members.To add members to the group, click Add . When you've finished adding members, click OK to return to the New security group page.Select the Owner approval is required check box if you want the group owners to receive user requests to join the group. If you select this option, members can only be removed by the group owners.
- When you've finished, click Save to create the security group.
Note
By default, all new mail-enabled security groups require that all senders be authenticated. This prevents external senders from sending messages to mail-enabled security groups. To configure a mail-enabled security group to accept messages from all senders, you must modify the message delivery restriction settings for that group.
Use Exchange Online PowerShell to create a security group
This example creates a security group with an alias fsadmin and the name File Server Managers. The security group is created in the default OU, and anyone can join this group with approval by the group owners.
For more information about using Exchange Online PowerShell to create mail-enabled security groups, see New-DistributionGroup.
How do you know this worked?
To verify that you've successfully created a mail-enabled security group, do one of the following:
- In the EAC, navigate to Recipients > Groups. The new mail-enabled security group is displayed in the group list. Under Group Type, the type is Security group.
- In Exchange Online PowerShell, run the following command to display information about the new mail-enabled security group.
Change mail-enabled security group properties
Use the EAC to change mail-enabled security group properties
- In the EAC, navigate to Recipients > Groups.
- In the list of groups, click the security group that you want to view or change, and then click Edit .
- On the group properties page, click one of the following sections to view or change properties.
General
Use this section to view or change basic information about the group.
- * Display name: This name appears in the address book, on the To: line when email is sent to this group, and in the Groups list. The display name is required and should be user-friendly so people recognize what it is. It also has to be unique in your domain.
- * Alias: This is the portion of the email address that appears to the left of the at (@) symbol. If you change the alias, the primary SMTP address for the group will also be changed, and contain the new alias. Also, the email address with the previous alias will be kept as a proxy address for the group.
- Description: Use this box to describe the group so people know what the purpose of the group is. This description appears in the address book and in the Details pane in the EAC.
- Hide this group from address lists: Select this check box if you don't want users to see this group in the address book. If this check box is selected, a sender has to type the group's alias or email address on the To: or Cc: lines to send mail to the group.TipConsider hiding security groups because they're typically used to assign permissions to group members and not to send email.
- Organizational unit: This read-only box displays the organizational unit (OU) that contains the security group. You have to use Active Directory Users and Computers to move the group to a different OU.
Ownership
Use this section to assign group owners. The group owner can add members to the group, and approve or reject requests to join the group. By default, the person who creates a group is the owner. All groups must have at least one owner.
You can add owners by clicking Add . You can remove an owner by selecting the owner and then clicking Remove .
Membership
Use this section to add or remove members. Group owners don't have to be members of the group. Under Members, you can add members by clicking Add . You can remove a member by selecting a user in the member list and then clicking Remove .
Membership approval
Use this section to specify whether owner approval is required for users to join the group. If you select the Owner approval is required check box, the group owner or owners receive an email requesting approval to join the group. As previously mentioned, only owners can remove members from the group.
Note
This option will not work with mail-enabled security groups because of security-related limitations.
Delivery management
Use this section to manage who can send email to this group.
- Only senders inside my organization: Select this option to allow only senders in your organization to send messages to the group. This means that if someone outside of your organization sends an email message to this group, it will be rejected. This is the default setting.
- Senders inside and outside of my organization: Select this option to allow anyone to send messages to the group.You can further limit who can send messages to the group by allowing only specific senders to send messages to this group. Click Add and then select one or more recipients. If you add senders to this list, they are the only ones who can send mail to the group. Mail sent by anyone not in the list will be rejected.To remove a person or a group from the list, select them in the list and then click Remove .ImportantIf you've configured the group to allow only senders inside your organization to send messages to the group, email sent from a mail contact will be rejected, even if they're added to this list.
Message approval
Use this section to set options for moderating the group. Moderators approve or reject messages sent to the group before they reach the group members.
- Messages sent to this group have to be approved by a moderator: This check box isn't selected by default. If you select this check box, incoming messages will be reviewed by the group moderators before delivery. Group moderators can approve or reject incoming messages.
- Group moderators: To add group moderators, click Add . To remove a moderator, select the moderator, and then click Remove . If you've selected 'Messages sent to this group have to be approved by a moderator' and you don't select a moderator, messages to the group will be sent to the group owners for approval.
- Senders who don't require message approval: To add people or groups that can bypass moderation for this group, click Add . To remove a person or a group, select the item, and then click Remove .
- Select moderation notifications: Use this section to set how users are notified about message approval.
- Notify all senders when their messages aren't approved: This is the default setting. Senders inside and outside your organization will be notified when their messages aren't approved.
- Notify senders in your organization when their messages aren't approved: When you select this option, only people or groups in your organization are notified when a message that they sent to the group isn't approved by a moderator.
- Don't notify anyone when a message isn't approved: When you select this option, notifications aren't sent to message senders whose messages aren't approved by the group moderators.
Email options
Use this section to view or change the email addresses associated with the group. This includes the group's primary SMTP addresses and any associated proxy addresses. The primary SMTP address (also known as the reply address) is displayed in bold text in the address list, with the uppercase SMTP value in the Type column.
- Add: Click Add to add a new email address for this mailbox. Select one of following address types:
- SMTP: This is the default address type. Click this button and then type the new SMTP address in the * Email address box.NoteTo make the new address the primary SMTP address for the group, select the Make this the reply address check box. This check box is displayed only when the Automatically update email addresses based on the email address policy applied to this recipient check box isn't selected.
- Custom address type: Click this button and type one of the supported non-SMTP email address types in the * Email address box.NoteWith the exception of X.400 addresses, Exchange doesn't validate custom addresses for correct formatting. You must make sure that the custom address you specify complies with the format requirements for that address type.
- Edit: To change an email address associated with the group, select it in the list, and then click Edit .NoteTo make an existing address the primary SMTP address for the group, select the Make this the reply address check box. As previously mentioned, this check box is displayed only when the Automatically update email addresses based on the email address policy applied to this recipient check box isn't selected.
- Remove: To delete an email address associated with the group, select it in the list, and then click Remove .
- Automatically update email addresses based on the email address policy applied to this recipient: Select this check box to have the recipient's email addresses automatically updated based on changes made to email address policies in your organization. By default, this box is selected.
MailTip
Use this section to add a MailTip to alert users of potential issues before they send a message to this group. A MailTip is text that's displayed in the InfoBar when this group is added to the To, Cc, or Bcc lines of a new email message. For example, you could add a MailTip to large groups to warn potential senders that their message will be sent to lots of people.
Note
MailTips can include HTML tags, but scripts aren't allowed. The length of a custom MailTip can't exceed 175 displayed characters. HTML tags aren't counted in the limit.
Group delegation
Use this section to assign permissions to a user (called a delegate) to allow them to send messages as the group or send messages on behalf of the group. You can assign the following permissions:
- Send As: This permission allows the delegate to send messages as the group. After this permission is assigned, the delegate has the option to add the group to the From line to indicate that the message was sent by the group.
- Send on Behalf: This permission also allows a delegate to send messages on behalf of the group. After this permission is assigned, the delegate has the option to add the group in the From line. The message will appear to be sent by the group and will say that it was sent by the delegate on behalf of the group.
To assign permissions to delegates, click Add under the appropriate permission to display the Select Recipient page, which displays a list of all recipients in your Exchange organization that can be assigned the permission. Select the recipients you want, add them to the list, and then click OK. You can also search for a specific recipient by typing the recipient's name in the search box and then clicking Search .
Use Exchange Online PowerShell to change security group properties
Use the Get-DistributionGroup and Set-DistributionGroup cmdlets to view and change properties for security groups. Advantages of using Exchange Online PowerShell are the ability to change the properties that aren't available in the EAC and to change properties for multiple security groups. For information about which parameters correspond to which distribution group properties, see the following topics:
Here are some examples of using Exchange Online PowerShell to change security group properties.
This example displays a list of all security groups in the organization.
This example changes the primary SMTP address (also called the reply address) for the Seattle Administrators security group from [email protected] to [email protected]. The previous reply address will be kept as a proxy address.
This example hides all security groups in the organization from the address book.
How do you know this worked?
To verify that you've successfully changed properties for a security group, do the following:
- In the EAC, select the group and then click Edit to view the property or feature that you changed. Depending on the property that you changed, it might be displayed in the Details pane for the selected group.
- In Exchange Online PowerShell, use the Get-DistributionGroup cmdlet to verify the changes. One advantage of using Exchange Online PowerShell is that you can view multiple properties for multiple groups. In the example above where all security groups were hidden from the address book, run the following command to verify the new value.