Cancelling Exchange password prompt still shows all my e-mails

I've set my Exchange account to "Always prompt for logon credentials" thinking that it would prevent people from being able to get to my messages.

However, I've noticed that when you simply click on "Cancel" when getting the password prompt, Outlook still shows all my messages.

How can I password protect my Exchange mailbox?

Password buttonIt is a common misconception that setting the “Always prompt for logon credentials” option protects the mailbox from unauthorized access.

While it does protect you from certain abuse (no messages can be sent), it does not prevent people from accessing already cached content.

Protected connection and not the mailbox

In reality, what this option does is prompting you for your username and password to set up a connection with Exchange even when you are already logged in otherwise.

For instance, if you are using a computer that is joined to a domain and you’ve logged in with your domain username and password, you normally would not be prompted for your credentials for any of the resources that are part of that domain. As the Exchange server is usually part of that domain, your connection to the Exchange server would be automatically authenticated by the credentials that you have used to log on to your workstation.

Exchange - Always prompt for logon credentials
Setting the option: Always prompt for logon credentials.

Note: This option is not available when connecting to Exchange via the MAPI over HTTP protocol.

Lock your workstation when you’re away

The best protection against unauthorized access to your mailbox would be to lock your computer when you are away for a short time or to completely log off when away for a longer time. This will also protect all your other data that you have access to like for instance, on your Desktop, private folders, network shares or via other applications.

The quickest way to lock your computer is via the keyboard shortcut Windows Logo Key + L

Disable your cache on shared computers

If you are on a shared computer, locking the computer might not always be possible. In that case, it would be wise not to let Outlook cache your Exchange mailbox data on that machine and set the option “Always prompt for logon credentials”.

When you’d now close Outlook, people would not be able to log on to your Exchange mailbox or to read anything from the cache by pressing “Cancel” as there simply would not be anything cached.

To disable Cached Exchange Mode for your Exchange account:

  1. Open Account Settings
    • Outlook 2003 and Outlook 2007
      Tools-> Account Settings…
    • Outlook 2010, Outlook 2013 and Outlook 2016
      File-> Account Settings-> Account Settings…
  2. Double click on your Exchange account.
  3. Disable the option: Use Cached Exchange Mode
  4. Click Next and then Finish to confirm the change.

To set the option “Always prompt for logon credentials”:

  1. Open Account Settings
    • Outlook 2003 and Outlook 2007
      Tools-> Account Settings…
    • Outlook 2010, Outlook 2013 and Outlook 2016
      File-> Account Settings-> Account Settings…
  2. Double click on your Exchange account.
  3. Click on More Settings…
  4. Select the tab Security.
  5. Enable the option: “Always prompt for logon credentials”.