Outlook Web App Mailbox Policies | Available Settings

 

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2011-12-01

Outlook Web App mailbox policies control users’ access to files and features in Outlook Web App. Administrators can use Outlook Web App mailbox policies to apply and standardize Outlook Web App settings for all the users in their organization. For example, you can prevent users from opening file attachments in Outlook Web App.

The list of Outlook Web App mailbox policy settings is extensive. Let’s look at the most interesting settings that can be configured by an Exchange Online administrator.

The settings are grouped together by category. Each setting corresponds to a parameter available on the Set-OwaMailboxPolicy cmdlet.

Before you begin

  • Not all parameters or settings are available in all organizations.
  • In Microsoft Office 365, licensing or subscription restrictions may override any settings you apply here. If you try to enable a feature that isn't permitted by the license or subscription type, that feature won't work in Outlook Web App.
  • Many features aren't available in the light version of Outlook Web App, so enabling or disabling those features only affects users in the standard version of Outlook Web App.
  • The version of Outlook Web App provided by the Microsoft datacenters to access cloud-based mailboxes doesn't allow users to select This is a public computer or This is a private computer when they open Outlook Web App. In cloud-based organizations, all Outlook Web App sessions are assumed to be performed on private computers. Therefore, any Outlook Web App mailbox policy parameters that contain the word Public don't affect Outlook Web App users in cloud-based organizations.
  • The settings you specify in Outlook Web App mailbox policies are enforced in Outlook Web App only. For example, if you disable a feature in Outlook Web App, that feature isn't disabled on the mailbox itself. If the user opens their mailbox in Microsoft Office Outlook, the feature isn't disabled.
  • Many of the Outlook Web App mailbox policy settings have default values of true or false. Valid input for these parameters is $true or $false.
Client settings

These settings control look and feel of Outlook Web App and what is available to users.

 

Parameter Default value Description

OwaLightEnabled

True

This parameter enables or disables the light version of Outlook Web App. When this parameter is set to $false, only the standard version of Outlook Web App is available to users. If the user's Web browser isn't compatible with the standard version of Outlook Web App, the user can't open their mailbox using Outlook Web App. Also, in the standard version of Outlook Web App, the option to use the blind and low vision experience is removed from the sign in page and from the General tab in Outlook Web App > Options > Settings.

Note   If the OwaLightEnabled and OwaPremiumEnabled parameters are both set to $false, users can't access their mailboxes using Outlook Web App in any Web browser. Users will receive the same error that's displayed when they try to open Outlook Web App in an incompatible Web browser.

OwaPremiumEnabled

True

This parameter enables or disables the standard version of Outlook Web App. When this value is set to $false, only the light version of Outlook Web App is available, even if the user's Web browser supports the standard version of Outlook Web App.

DefaultTheme

Blank ($null)

This parameter specifies the theme that's applied to all users in your organization. The theme determines the color scheme in Outlook Web App. The following themes and the corresponding theme names are available in Outlook Web App:

  • arctc   Arctic
  • autmn   Autumn Blaze
  • base   Outlook Web App
  • blib   Blibbet
  • blue-b   Blue\Blue
  • blue-o   Blue\Orange
  • bot   Botanical
  • cats   Herding Cats
  • cpck   Cupcake
  • dmsk   Damask
  • goth   Gothitech
  • grey-b   Grey\Blue
  • grey-o   Grey\Orange
  • grey-plm   Grey\Plum
  • grn-g   Green\Green
  • grn-o   Green\Orange
  • mix   Mixxer
  • paint   Finger Paints
  • pnk-b   Pink\Blue
  • pnk-g   Pink\Green
  • pnk-plm   Pink\Plum
  • pnk-pnk   Pink\Pink
  • space   It Came from Space
  • super   Super Sparkle Happy
  • violet   Violet
  • wntrlnd   Winterland
  • wrld   One World

When you specify a theme, that theme is applied when any of the following conditions are true:

  • ThemeSelectEnabled is $false.
  • ThemeSelectEnabled is $true, and the user has never opened their mailbox in Outlook Web App.
  • ThemeSelectEnabled is $true, the user has opened their mailbox in Outlook Web App, but they never selected a theme.

If you specify the value $null, the default theme that's applied to all users depends on your Exchange Online organization type. For example, in Live@edu organizations, when the DefaultTheme parameter is $null, the default theme is Outlook Web App. However, if you've configured co-branding for your Live@edu domain, the default theme is the co-branded theme. For more information, see Co-Brand Outlook Web App and Microsoft Services for Live@edu.

ThemeSelectionEnabled

True

This parameter allows users to select a theme in Outlook Web App, or prevents them from doing so.

Top of page

Sender Photos

These settings control the display of user photos in Outlook Web App. For more information, see Control Sender Photo Settings in Outlook Web App.

 

Parameter Default value Description

DisplayPhotosEnabled

True

This parameter controls the display of user photos. When this value is set to $false, no user photos are displayed.

SetPhotoEnabled

True

This parameter allows users to upload their own photo using Outlook Web App. When this value is set to $false, users can't change their photo using Outlook Web App.

SetPhotoURL

  • Live@edu   Blank ($null)
  • Office 365   https://portal.microsoftonline.com/EditProfile.aspx

This parameter sets a location where users can select their photo. If the value is blank ($null), users can select photos from their local computer.

Top of page

Folder settings

These settings show or hide standard mailbox folders that are normally available in Outlook Web App.

 

Parameter Default value Description

CalendarEnabled

True

This parameter shows or hides the Calendar folder.

ContactsEnabled

True

This parameter shows or hides the Contacts folder.

JournalEnabled

True

This parameter shows or hides the Journal folder.

NotesEnabled

True

This parameter shows or hides the Notes folder.

TaskEnabled

True

This parameter shows or hides the Tasks folder.

Top of page

Language settings

These settings configure the languages and character sets used in Outlook Web App. For a list of the valid language values, see Configure Language Settings for Outlook Web App.

Note   To make all Arabic, Asian, Hebrew, and Urdu text display correctly in Outlook Web App, support for languages that are read from right-to-left and script languages must be installed on the client computer. Other languages may also require that the appropriate language pack be installed on the client computer.

 

Parameter Default value Description

DefaultClientLanguage

0

This parameter specifies the default language for Outlook Web App. When the value is 0, the default language isn't defined. Users are prompted to choose a default language the first time that they sign in to Outlook Web App. If you specify the default language using this parameter, users aren't prompted to choose a language the first time they sign in.

If you specify the language, the names of the default mailbox folders in Outlook Web App are displayed in the specified language. Users can rename the mailbox folders and change the language after they sign in to Outlook Web App.

LogonAndErrorLanguage

0

This parameter specifies the language used for error messages in Outlook Web App when a user's current language setting can't be read. When the value is 0, the error message language isn't defined. This means Outlook Web App uses the language setting of the user's Web browser.

OutboundCharset

AutoDetect

This parameter specifies the message encoding for outgoing messages sent using Outlook Web App. Valid values for this parameter are:

  • AutoDetect   Examine the first 2 kilobytes (KB) of the outgoing message text and deduce the character set to use.
  • AlwaysUTF8   Always use UTF-8 encoded UNICODE characters on outgoing messages.
  • UserLanguageChoice   Use the Outlook Web App language setting to encode outgoing messages. This can cause problems when the Outlook Web App language is different that the language used in an individual message.

UseGB18030

False

This parameter controls the conversion settings for outgoing messages that use the GB2312 character set in Outlook Web App. If the OutboundCharset parameter is set to Autodetect, and if UseGB18030 is $true, outgoing messages encoded in GB2312 are automatically converted to GB18030.

UseISO885915

False

This parameter controls the conversion settings for outgoing messages that use the ISO-8859-1 character set in Outlook Web App. If the OutboundCharset parameter is set to Autodetect, and if UseISO885915 is $true, outgoing messages encoded in ISO-8859-1 are automatically converted to ISO- 8859-15. ISO-8859-1 is also known as Latin-1. ISO-8859-15 is also known as Latin-9.

Top of page

Feature settings

These settings enable or disable features in Outlook Web App.

 

Parameter Default value Description

DelegateAccessEnabled

True

This parameter enables or disables access to the mailbox by delegates using Outlook Web App. You assign delegate permissions to mailbox folders using the Delegate Access option in Microsoft Outlook.

ExplicitLogonEnabled

True

This parameter enables or disables access to the mailbox by other users using Outlook Web App. You assign permissions to mailboxes using the Set-MailboxPermissions cmdlet.

GlobalAddressListEnabled

True

This parameter shows or hides the shared address book in Outlook Web App. When this parameter is set to $false, only the Contacts folder is available to users in Outlook Web App.

ActiveSyncIntegrationEnabled

True

This parameter enables or disables integrated Exchange ActiveSync in Outlook Web App.

InstantMessagingEnabled

True

This parameter enables or disables instant messaging in Outlook Web App.

IRMEnabled

True

This parameter enables or disables Information Rights Management (IRM) features in Outlook Web App.

RecoverDeletedItemsEnabled

True

This parameter enables or disables the ability to recover deleted items in Outlook Web App. Deleted items refer to items that were deleted from the Deleted Items folder or items that were permanently deleted using Shift+Delete.

RemindersAndNotificationsEnabled

True

This parameter enables or disables reminders in Outlook Web App.

RulesEnabled

True

This parameter enables or disables the ability to manage server-side Inbox Rules in Outlook Web App.

SearchFoldersEnabled

True

This parameter enables or disables search folders in Outlook Web App. When this parameter is set to $false, the Search Folders icon remains visible in Outlook Web App, but no search folders are available.

SignaturesEnabled

True

This parameter enables or disables the ability to manage or apply e-mail signatures in Outlook Web App.

SilverlightEnabled

True

This parameter enables or disables Microsoft Silverlight features in Outlook Web App.

SpellCheckerEnabled

True

This parameter enables or disables the ability to manage or use the check spelling feature in Outlook Web App.

TextMessagingEnabled

True

This parameter enables or disables text messaging in Outlook Web App.

UMIntegrationEnabled

True

If it's enabled, this option lets users manage their Unified Messaging settings by using Outlook Web App.

Top of page

File and attachment settings

These settings control users’ access to files using Outlook Web App. Typically, files accessed by users in Outlook Web App are attachments in e-mail messages. Users can access files in Outlook Web App in the following ways:

  • Direct file access   These settings control direct access to files in Outlook Web App. For example, if a message contains an attachment, the user clicks on the file and is given the choice to open or save the file. You can control the types of files users are allowed to access, and you can control the actions that are available for a specific file types.
  • WebReady Document Viewing   This feature lets users view specific file types in their Web browser, even if the user doesn't have the applications required to open those file types.
Direct file access

Here are the different methods of including files in an e-mail message:

  • Attachments   The user clicks on the attachment to open or save it.
  • MIME embedded files   The files are embedded directly in the body of the message. Typically, MIME embedded files are image files.

You can control access to files based on the file extension or file type. The following actions are available:

  • Allow   Users can directly access these files in Outlook Web App. Typically, clicking on the file gives users the option to open or save the file. This list of file types is known as the Allow list.
  • Block   Users can't directly access these files in Outlook Web App. This list of file types is known as the Block list.
  • Force save   Users can access these files in Outlook Web App, but they must save them to their local computer. This list of file types is known as the Force Save list.

The same file type may be defined in multiple lists. When that happens, here's the order of precedence:

  • The Allow list overrides the Block list and the Force Save list.
  • The Block list overrides the Force Save list and is overridden by the Allow list.
  • The Force Save list is overridden by the Allow list and Block list.

It's important to understand that direct file access settings affect a user's ability to click on files and access them directly. A user's access to those same files using WebReady Document Viewing is completely separate. For example, if you add the file type .doc to the Block list, users can't click on attached .doc files to open or save them in Outlook Web App. However, users can still use WebReady Document Viewing to view .doc files in their Web browser.

The following parameters are available for direct file access.

 

Parameter Default value Description

DirectFileAccessOnPrivateComputersEnabled

True

This parameter enables or disables direct access to all file types in Outlook Web App. If this parameter is set to $false, users can't click on attachments in e-mail messages to open or save the files. The attachment is visible, but the link is grayed out.

AllowedFileTypes

.avi .bmp .doc .docm .docx .gif .jpg .mp3 .one .pdf .png .ppsm .ppsx .ppt .pptm .pptx .pub .rpmsg .rtf .tif .tiff .txt .vsd .wav .wma .wmv .xls .xlsb .xlsm .xlsx .zip

This parameter specifies the file types that users can directly access in Outlook Web App without restrictions.

BlockedFileTypes

.ade .adp .app .asp .aspx .asx .bas .bat .cer .chm .cmd .com .cpl .crt .csh .der .exe .fxp .gadget .hlp .hta .htc .inf .ins .isp .its .js .jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw .mda .mdb .mde .mdt .mdw .mdz .mht .mhtml .msc .msh .msh1 .msh1xml .msh2 .msh2xml .mshxml .msi .msp .mst .ops .pcd .pif .plg .prf .prg .ps1 .ps1xml .ps2 .ps2xml .psc1 .psc2 .pst .reg .scf .scr .sct .shb .shs .tmp .url .vb .vbe .vbs .vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh .xml

This parameter specifies the file types that users can't directly access in Outlook Web App.

Note   As explained earlier, the Block list overrides the Force Save list. By default, these files types are specified in the Block list but not in the Force Save list:

.der .htc .mht .mhtml .msh1 .msh1xml .msh2 .msh2xml .xml

ForceSaveAttachmentFilteringEnabled

False

This parameter enables or disables security checks for XML or HTML code in file types that are specified by the ForceSaveFileTypes parameter. When ForceSaveAttachmentFilteringEnabled is $false, file types in the Force Save list aren't checked for XML or HTML code.

ForceSaveFileTypes

.ade .adp .app .asp .aspx .asx .bas .bat .cer .chm .cmd .com .cpl .crt .csh .dcr .dir .exe .fxp .gadget .hlp .hta .inf .ins .isp .its .js .jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw .mda .mdb .mde .mdt .mdw .mdz .msc .msh .mshxml .msi .msp .mst .ops .pcd .pif .plg .prf .prg .ps1 .ps1xml .ps2 .ps2xml .psc1 .psc2 .pst .reg .scf .scr .sct .shb .shs .spl .swf .tmp .url .vb .vbe .vbs .vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh

This parameter specifies the file types that users can directly access in Outlook Web App. However, the Open option isn't available for these file types. The only option for these file types is Save.

Note   As explained earlier, the Block list overrides the Force Save list. By default, these files types are specified in the Force Save list but not in the Block list:

.dcr .dir .spl .swf

ActionForUnknownFileAndMIMETypes

ForceSave

This parameter specifies the direct file access option for file types that aren't specified in any of the file access lists. Valid values for this parameter are:

  • Allow
  • Block
  • ForceSave

AllowedMimeTypes

  • image/bmp
  • image/gif
  • image/jpeg
  • image/png

This parameter specifies the MIME embedded file types that users can directly access in Outlook Web App without restrictions.

BlockedMimeTypes

  • application/hta
  • application/javascript
  • application/msaccess
  • application/prg
  • application/x-javascript
  • application/xml text/javascript
  • text/scriplet
  • text/xml
  • x-internet-signup

This parameter specifies the MIME embedded file types that users can't directly access in Outlook Web App.

ForceSaveMimeTypes

  • Application/futuresplash
  • Application/octet-stream
  • Application/x-director
  • Application/x-shockwave-flash

This parameter specifies the MIME embedded file types that users can directly access in Outlook Web App. However, the Open option isn't available for these file types. The only option for these file types is Save.

Top of page

WebReady Document Viewing

WebReady Document Viewing converts specific file types into HTML and opens the file in the Web browser. If WebReady Document Viewing is available for a particular file type, a link titled Open in Browser appears next to the file. This link appears independently of the direct file access options that are configured for the file type. For example, the file type may be blocked by direct file access, but available for WebReady Document Viewing.

One of the most valuable aspects of WebReady Document Viewing is helping to reduce the potential security risk of storing opened or saved file attachments on the client computer. For example, you can force WebReady Document Viewing only and prevent direct file access in Outlook Web App.

The following file types are supported by WebReady Document Viewing.

 

Supported file types Supported MIME embedded file types
  • .doc
  • .docx
  • .dot
  • .pdf
  • .pps
  • .ppt
  • .pptx
  • .rtf
  • .xls
  • .xlsx
  • application/msword
  • application/pdf
  • application/vnd.ms-powerpoint
  • application/vnd.openxmlformats-officedocument.presentationml.presentation
  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
  • application/vnd.openxmlformats-officedocument.wordprocessingml.document
  • application/x-msexcel
  • application/x-mspowerpoint

Note   The lists of all supported files types are found in the WebReadyDocumentViewingSupportedFileTypes and WebReadyDocumentViewingSupportedMimeTypes parameters on the Get-OwaMailboxPolicy cmdlet. You can't arbitrarily add new or unknown file types for WebReady Document Viewing. However, you can remove supported file types so those files aren't available in WebReady Document Viewing.

The following parameters are available for WebReady Document Viewing.

 

Parameter Default value Description

ForceWebReadyDocumentViewingFirstOnPrivateComputers

False

This parameter forces WebReady Document Viewing first for supported file types in Outlook Web App. If this parameter is set to $true and the file is supported by WebReady Document Viewing, the file is converted to HTML and opened in the Web Browser. If the DirectFileAccessOnPrivateComputersEnabled parameter is set to $true, the user can click a provided link to open or save the file.

WebReadyDocumentViewingForAllSupportedTypes

True

This parameter enables WebReady Document Viewing for all supported file types. If you want to reduce the file types that are eligible for WebReady Document Viewing, set this parameter to $false and use the WebReadyFileTypes and WebReadyMimeTypes parameters to specify the eligible file types.

WebReadyDocumentViewingOnPrivateComputersEnabled

True

This parameter enables or disables WebReady Document Viewing for all supported file types in Outlook Web App. If this parameter is set to $false Open in Browser isn't available for supported file types.

WebReadyFileTypes

.doc .docx .dot .pdf .pps .ppt .pptx .rtf .xls .xlsx

This parameter specifies the supported file types for WebReady Document Viewing. The file types specified by this parameter are used only when the WebReadyDocumentViewingForAllSupportedTypes is $false.

WebReadyMimeTypes

  • application/msword
  • application/pdf
  • application/vnd.ms-powerpoint
  • application/vnd.openxmlformats-officedocument.presentationml.presentation
  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
  • application/vnd.openxmlformats-officedocument.wordprocessingml.document
  • application/x-msexcel
  • application/x-mspowerpoint

This parameter specifies the supported MIME embedded file types for WebReady Document Viewing. The file types specified by this parameter are used only when the WebReadyDocumentViewingForAllSupportedTypes is $false.

Top of page

 
Related help topics
Loading...
No resources were found.