I have enabled the Outlook Web App for a few users in Exchange 2016, and it only works when the user is on the internal network. If the user is accessing OWA from the outside network, archived emails never open, and we get the error "Something went wrong and we couldn't start this add-in" Is there something in particular needed to be done to enable the Outlook Web App to work in OWA externally through a firewall. I cannot find any documentation regarding this setup.
the office mail app needs to be deployed with the BaseURL parameter as described here.
Users in the organization may access the Enterprise Vault server externally, with no direct access. In this case, the manifest file must point to the URL of the server that provides external access. The same server would also be used for internal access. For example, the server may be a Microsoft Forefront Threat Management Gateway (TMG) server.
The following example shows how to use the BaseURL parameter with the
OfficeMailAppManifest.aspx page to configure the manifest file to point to a server that provides external access.
The backtick character (') is the PowerShell line-continuation character.
Add-Type -AssemblyName System.Web $Mbx = get-mailbox "mailbox" New-App -OrganizationApp -DefaultStateForUser:enabled -Url ' ("http://EV_server/EnterpriseVault/OfficeMailAppManifest.aspx?LegacyMbxDn=" + [System.Web.HttpUtility]::UrlEncode($Mbx.LegacyExchangeDN) + "&BaseURL=https://external_access_server/EnterpriseVault")
mailbox is the name of any mailbox that is enabled for archiving.
EV_server is the name of any Enterprise Vault server in your site. This Enterprise Vault server is not necessarily the one that is used to load the Office Mail App. The Enterprise Vault server that is used to load the Office Mail App for all users is the server that is specified in the BaseURL parameter.
external_access_server is the name of the server that provides external access.
So the enterprise server needs a public IP and url, so I'm guessing only port 443 open.
I was hoping it would work with just public access to the Exchange Server used for OWA