What are some methods to disable or restrict access to the Exchange GlobalAddressList, and why might an organization want to do this?

Administrators can disable the GlobalAddressList by modifying address list permissions, removing the list from the Offline Address Book, or using the Exchange Admin Center to hide users from the address list. Organizations may disable it to reduce information leakage during penetration techniques or to comply with data privacy requirements. More advanced techniques include restricting MAPI over HTTP and disabling OWA address book access, though these settings must be carefully balanced against user functionality.