Why won't they let me use Outlook?
December 12, 2007 11:17 AM   Subscribe

Any particular reason a company would not allow access to MS Exchange via Outlook and/or cell phone only allow access via Outlook Web Mail?

I am working for a small company and they are forcing me to use Outlook Web Mail. I want to use Outlook 2007 to manage my contacts, calendar, etc. I asked he IT guy and he says no way.
What is the point of having MS Exchange server if you can only access via IE? Moreover, I can't even change column widths in Web Mail. Or add contacts. This seems totally weird to me?

So I'll ask to community, is there any legit reason NOT to allow any employee to access Exchange via Outlook and/or phone (Blackberry/Treo)?
posted by thinktwice to Computers & Internet (28 answers total)
Firewalling? Maybe they want the bulk of their network traffic to go through the web?
posted by Blazecock Pileon at 11:26 AM on December 12, 2007

Best answer: I usually love my IT people, but there are a few insane IT people out there. Maybe he doesn't want to pay for Outlook licenses? Or maybe he's just insane.
posted by GuyZero at 11:32 AM on December 12, 2007

Simplicity of deployment, support and administration.
posted by Good Brain at 11:32 AM on December 12, 2007

Do you really think you're going to convince your network guys to change the policy by showing them what random people on the internet think of their setup?

You have provided no details of your environment. I can bet the IT guys have their reasons for doing things the way they do, and if you want to change that you're better off talking to them and management rather than ask strangers to justify your company's IT policies with no detail or background on them.
posted by splice at 11:33 AM on December 12, 2007

Since it's a small company, there's probably a small IT staff and they don't have the resources to manage Outlook any other way. With web-only access, there's a lot less to troubleshoot.
posted by misterioso at 11:33 AM on December 12, 2007

You really didn't give enough information for a great answer. If you're talking about accessing your Exchange server via the public interwebs, it could be they are running an older, unsupported version of Exchange that they don't want to allow direct connections to due to unpatched security issues.

The Treo/Blackberry question is similar. If they are running Exchange 2000, for example, there is no built in support for Microsoft or Blackberry's push technology. You can do Blackberry on Exchange 2000, but it's gonna cost several thousand dollars for the software.

Or, as GuyZero said, it could be that the company doesn't want to pay for Outlook licenses or client access licenses for the server.

I betcha if you dig deep enough, there is a reason. While there are some insane IT people, most are not, and often they are stuck dealing with trade-offs, compromises and rock vs. hardplace criteria that the end users have no way of knowing.
posted by grumpy at 11:43 AM on December 12, 2007

I can think of a lot of reasons.

1. Its a small company. They dont have the resources, time, or money (or the knowledge) to do what you are asking. That could be setting up rpc over http or providing a vpn for you to do this. For all you know the exchange server is in bangladore.

2. Lack of client access licenses.

3. They dont want you to have unfettered access to their smtp/mapi transport. Webmail makes spamming trojans tougher to implement.

4. They may not have an exchange server, but lease hosted exchange from someone and may only know how to do webmail. This kind of thing is more common at small places.

5. Laziness, stupiditiy, incompetence, bad management. IT people come in all shapes and sizes.
posted by damn dirty ape at 11:50 AM on December 12, 2007

Always remember the primary rule of IT -- it is easier to support one mail client than ten.
posted by tkolar at 11:51 AM on December 12, 2007

Perhaps they plan on migrating away from Exchange to a more open/standard platform or maybe something like Google Apps for Your Domain and don't want people to get too dependent on the Outlook calendaring bells and whistles.

I agree there is probaby an cost of administration overhead that outlook brings to the desktop client. Also the thought of connecting an older version of Exchange to the internet gives me the heebyjeebies.
posted by jrishel at 11:54 AM on December 12, 2007

As a workaround, can you forward all your email to a Gmail or Yahoo account? Then you can use Outlook 2007 as a POP/IMAP client.
posted by COD at 12:06 PM on December 12, 2007

Response by poster: First, They have Microsoft Office Outlook Web Access 2003 so we're not dealing with an older version.
Second, The address is xxx.com/exchange so I am assuming they have Exchange server 2003. I may be wrong on that one but let's assume.
Third, I have my own MS Office and just need the server addresses. I don't care if they don't give me support for my Outlook. I am an MCSE and can take care of myself.
I am just trying to figure out why in the world you would have an Exchange server and then cripple your users? Why not just setup an POP server and be done with it?

Lastly, I am not going to show this to anyone. I am just curious to see if I am the only one that thinks they are nuts!
posted by thinktwice at 12:19 PM on December 12, 2007

Response by poster: Oh, and no they won't allow me to forward the email either. I get three font choices and a plain text sig to play with.
posted by thinktwice at 12:21 PM on December 12, 2007

I am an MCSE and can take care of myself.

To be honest, having worked technical support for years, someone mentionning an MCSE as validation that they know what they're doing is a bad sign.

As far as you're question goes, is it then a fact that you're not going to get a definitive answer and you're just looking for moral support? This is not what AskMefi is for.

Not knowing anything about your actual IT policies and requirements, there is no way for anyone to make a call one way or the other.
posted by splice at 12:28 PM on December 12, 2007 [4 favorites]

Oh, and no they won't allow me to forward the email either. I get three font choices and a plain text sig to play with.

Some would argue that is 2 font choices too many.

As for while your company doesn't offer Outlook, my guess it is inertia or cut down on licenses or a simplicity play.
posted by mmascolino at 12:39 PM on December 12, 2007

Lastly, I am not going to show this to anyone. I am just curious to see if I am the only one that thinks they are nuts!

You haven't given us enough information to say whether they are being unreasonable or not.
posted by mmascolino at 12:42 PM on December 12, 2007

You're not nuts, but you're nuts.

If the company has the licenses and the staff to support everything (and by "support", I mean the back end of things; you using a client doesn't magically make everything work.)

However, if there are licensing or staffing or firewall or security issues, asking them to break those policies just for you isn't reasonable.

If you can do your job with webmail, great; if you can't, you should take it up with your boss, not your IT person.
posted by davejay at 1:03 PM on December 12, 2007

Response by poster: Heck I'm gonna suggest we go back to USPS, Paper and faxes. ;)
posted by thinktwice at 1:11 PM on December 12, 2007

I am an MCSE and can take care of myself.

I'm seconding splice on this one. Your MSCE means nothing except that you once passed a multiple choice test -- you may know what you're doing, but many people with MSCE's don't. Your bringing it up as justification that you can "take care of yourself" will make anyone who's made a living supporting desktop users cringe. And no, it certainly wouldn't make them want to bend the rules for you.

Because if you really could "take care of yourself", you wouldn't be asking, and you'd probably be able to guess from the MX records whether your company outsources its mail. Did you even try mail.companyname.com?

But to answer your question, here are a handful of completely legitimate reasons for the scenario you describe:

- The IT staff doesn't want to train/support people on Outlook (and if some schmuck in sales sees you using it...) Helpdesk is a cost center, always, and supporting additional applications (especially ones as powerful and exploitable as outlook) raises that cost, always.

- Outlook does not have a very good security record, and while its use as an attack vector for virii has declined, it's still a pretty big target for the phishermen and such. Perhaps your company has decided that avoiding risk by using the locked-down web client is more suitable than a more flexible, but inherently more risky solution.

- Years ago, an outlook-spread worm paralyzed the company during what would have been one of the best quarters before or since. The Boss hasn't forgotten this and has banned it from his environment out of spite.

- Your small company is outsourcing your email to someone that charges more for non-web access, and your company can't justify the additional expense (see also: Outlook client licenses). If you can make a business case that your contact list problems are costing the company more than it is saving...

- Your company or one of its clients has specific data privacy requirements, and transmitting potentially proprietary information in the clear across an untrusted network (like the cellular company that services your Treo, or AT&T, who is known to be running data-taps on Internet backbones) violates that.

- Many people uncheck the "leave mail on server" box on their POP client. This may be incompatible with your company's backup and/or retention policies, or may be more costly than you realize. How many times should IT be expected to go to backups because a mailbox was emptied on Christmas morning by a user with his brand new iPhone?

- I suspect from "I have my own MS Office and just need the addresses" that you'd like to be able to access your mail, using Outlook, on your personal machine (at home, perhaps) -- a machine that IT has no control over, and can not assume is malware-free. Imagine for a moment that your home machine became part of a spammer's botnet when your nephew ran that pirated copy of Grand Theft Auto, and your machine is 0wned -- you'll have just given that botnet the login credentials to your company's mail server. This is the sort of thing that keeps sysadmins up at night, and can cost companies millions.
posted by toxic at 1:18 PM on December 12, 2007 [3 favorites]

The way to get IT to change their minds about something is never, ever, ever to show that their current thinking is daft. You could bring in Captain Logic to prove that they should run the server as you like it, and it won't make a blind bit of difference.

If you want to get them to do something, find a good business reason for it. A really good IT team will move heaven and earth to make something vital happen, the shitty ones will at least have a go at it.

Is there a business reason for you to have 27 fonts, an HTML sig and resizable columns?
posted by bonaldi at 1:28 PM on December 12, 2007

Do you really think you're going to convince your network guys to change the policy by showing them what random people on the internet think of their setup?

To be honest, having worked technical support for years, someone mentionning an MCSE as validation that they know what they're doing is a bad sign.

Do you really think you're answering someone's question by brow-beating them about their motivation and credentials?

thinktwice - Same situation here. The explanation I got was because of security issues. Ironically we were DOSed last night and they are cleaning up a huge mess right now. I can't imagine how much worse it could have been with Exchange.
posted by KevinSkomsvold at 1:42 PM on December 12, 2007

Maybe they don't want people downloading their emails to their local computer.

More likely, they don't have the CALs to support Outlook client access.

Most likely. they don't want to have to support your installation of Outlook if the local mailbox crashes. Corporate IT standards FTW.
posted by MCTDavid at 2:23 PM on December 12, 2007

A mail architecture that uses Outlook Web has a lower support burden than it would with the Outlook client.
posted by rhizome at 3:58 PM on December 12, 2007

As a lot of others have said, it is probably due to CALs. Not sure why they couldn't have just explained that to an MCSE though.

Or, forcing web access only ensures that the mail doesn't walk out the building.
posted by purephase at 5:19 PM on December 12, 2007

Your copy of MS Office is not their copy of MS Office, it is therefore out of band with licensing for you to use it to access their Exchange server.

As an IT guy, anytime someone wants to bring in their PC, join it to my domain, and use it as their primary workstation, my answer is no. Because you could take any data you wanted, leave in a huff, and take it with you. The same is true of your laptop. If you need a laptop, we will provide it. You will return it when you leave.

Outlook-native viruses cannot run in Explorer browser windows, as a general rule. OWA is safer. It certainly does suck, but it is safer.

Outlook over RPC is great. Exceptionally useful implementation. Especially if you want to export your mailbox to a PST file while offsite.
posted by disclaimer at 8:11 PM on December 12, 2007

Response by poster: Well I've learned much here. I'm an idiot. Microsoft has deemed me an idiot as well. You all win! Your welcome. Regarding security and browsers, wouldn't Active X on IE qualify as a huge vulnerability?
posted by thinktwice at 8:40 PM on December 12, 2007

Best answer: I for one do not believe you are an idiot. I believe your IT department may in fact be staffed by one. Microsoft is certainly staffed by them, and so if they have deemed you an idiot, well, roll with it, because I'm an MCP and therefore I'm on the idiot bus with you.

Just because I've given you a number of reasons that your IT guy might want you to only use OWA, doesn't mean they are good reasons in a real-life sense. OWA flat out sucks. I wouldn't recommend it for anything but desperate measures.

By the way - they're solving exactly nothing, with regard to licensing, by using OWA. Each OWA user still consumes a CAL, and Outlook is bundled with Exchange for the number of CALs they own, so "licensing" isn't the answer.

There are only two real reasons you're in this situation:

- Your IT department doesn't trust you to keep corporate data in your copy of Outlook. This could be because they don't trust you personally or professionally, or they don't trust your version of Outlook. I tend to believe it's the latter because you'd like to use Outlook 2007 and they're unfamiliar with that version.

- They believe their support costs are lowered by using OWA, and that's probably true. They probably are. They would be further lowered by turning off the Exchange server altogether, and considering the level of IT support that would attempt to justify a lowered cost by using OWA instead of Outlook, please don't recommend it to them, because they make take it as a valid course of action. In general, the support cost savings from using OWA are probably not lower anyway, because they have to take so many complaint calls from people that the savings are a wash.

Anyway, I feel for your plight and I'm sorry you have a weird IT department.

Regarding security on the browser, yep, ActiveX is a vulnerability, but the controls used by OWA are known ones and can be trusted. Any viruses sent through OWA aren't going to be able to install themselves via the browser unless they specifically target OWA vectors, and those are pretty tightly controlled.

And, considering the environment you're in, I'd bet the IT department sees IE vulnerabilities as your problem and not theirs: as long as the corporate AV software is doing its job to protect the enterprise, what happens on your PC in your browser isn't their issue...until you get some spyware. So it is a short-sighted view.
posted by disclaimer at 1:57 PM on December 13, 2007

Response by poster: I was being snarky. disclaimer has the best take on this by far. My point was being missed entirely. I would use any version of Outlook. I will just bypass the whole thing. Setup my own server, with my own similar domain and use it. My customers don't really care if it's xxxxyyyy.com or xxxxzzzz.com. They just want the deal. Pyrrhic victory for IT! yeah!!!!
posted by thinktwice at 3:40 PM on December 13, 2007

This is later on, but there is one cost that may not be factored in. The cost of Office. Outlook is bundled along with Office so they would require an Office license for everyone that wants to use Outlook.

I know disclaimer's post makes you feel better but simply maligning your IT department/person without actually talking to them is unfair. For all you know, it was a decision made by the upper administration that even they're not fond of but have no choice but to tow-the-line.

Much easier to just blame the "weird" IT folks though.
posted by purephase at 9:06 PM on December 18, 2007

« Older Make me laugh   |   chords in "the kiss" by Judee Sill Newer »
This thread is closed to new comments.