When Exchange 2003 came out, it offered Outlook Anywhere, although it was called “RPC/HTTPS”. This was an all or nothing service. In other words, if you set up Outlook Anywhere on the server then every user was able to use it. This poses a data security risk because users could connect to their mailbox from any Outlook client and download a copy of their mailbox, without using VPN or any other security checks on the remote system.
In Exchange 2007 (after SP1) and 2010, Outlook Anywhere permissions and capabilities are more granular. You can set up Outlook Anywhere within the environment and then limit the ability on a per user basis.