This video is a demonstration of how to use PowerShell commands in the Exchange admin shell to manage policies like allowable attachments for Outlook on the web.
- [Instructor] Exchange Server has included a web interface for quite a while now. A virtual folder in IIS on the Exchange client access server provides this flexible access and for a long time it's been named Outlook Web Access. Microsoft is in the process now of rebranding that feature to Outlook on the Web. They evidently aren't done with that process, however, because the policies to manage this access are still labeled Outlook Web App policies in the admin center.
We can find these policies under the permissions heading on the left and there we are, Outlook Web App policies. These policies will allow you to manage how this web portal is used and since the web connection is also used by devices it can manage how devices will interact as well. You'll notice as we get started that there is a default policy. It's worth pointing out that this default policy is not applied to any user by default. It's available and you can modify it and then you can apply it to any users you want, but until you do it doesn't really do anything, but just to get an idea of what you can do with a policy let's select the default policy and click the pencil icon to edit it.
Even though there are a few different screens here there's a very limited amount of things that you can change. There's only about 20 or so different settings and for the most part they're just yes, no check boxes, but I want to open the Exchange administration shell and run a command let to view all of the available settings. Once it loads all of the command lets and scripts for Exchange I'm going to run get OWA mailbox policy and then I'm going to add a parameter to look at the default policy.
When I hit enter on that it scrolled by pretty quickly, there's a much longer list of settings. Managing these policies from the command shell gives you a lot more flexibility in how Outlook on the Web can be used. Let's take a look at one of the setting available here. Allowed file types. This is a list of the extensions of files that will be allowed as attachments on our server. Let's scroll back down and let's create a new rule using the set OWA mailbox policy command let.
The first important parameter to add is the identity of the policy that we want to edit. In this case default and then we're going to specify a rule for anything in the list, but we've selected allowed file types. So hyphen and the name of the setting that I want to configure and then I can list the extensions inside single quotes and you have to remember to add the dot before the extension.
If you leave out any of these periods it will cause the command let to fail. Now obviously that would be a pretty restrictive list, but let me go ahead and apply it and see if it worked. I can run the get OWA mailbox policy for default one more time and then scroll back up and look at the allowed file types. Allowed file types, there is our much smaller list. Now there are other services to manage the security of infected files coming into the server, but this is a course on the client access services.
So this is far as we're going to take it for now. I mentioned that even this default policy is not applied to any users by default. If you want this policy or any other custom policy that you may create to apply to users you're going to need to specify them. One heads up as you plan your policies only one policy can be applied per user. You might want to document your common settings to help you create new policies that include all rule sets that need to be consistent throughout the organization.
Since we're already in the command shell I'm going to scroll down to the bottom and show you the command let to apply a policy to a user. In fact let me go ahead and clear the screen just to buy back a little bit of real estate here. The command that we're going to use is set CAS mailbox. Then we can specify the identity of an individual user. Let's say R. Robertson, and then we can add a parameter to specify the OWA mailbox policy of executives that we're going to apply to Mr. Robertson.
Now Mr. Robertson will only be allowed to send attachments that are Word documents and PDF files. We could do this kind of assignment from the web admin center as well. It's a setting of the user and not a property of the policy. So let's switch back over to the admin center, take a look at the recipients, and let's go ahead and apply this same policy to Janice. I could select this pencil icon or I could just look down the list on the right. What I'm looking for is email connectivity and from that section I can click on view details and I can browse for a web app mailbox policy to apply to this user.
There is the default policy. If I select okay and save it now Janice has the same restrictions on the types of attachments she can send. Now I could select as many users as I want here and the list to the right may change to bulk edit instead of being the name of the user, but it does give us a good opportunity to make changes for multiple users at the same time. It might be a good idea to select all users and apply a default policy and then go back to apply specific policies to the collections of users that need different settings.
This way you can use the restriction of one policy per user to your advantage. Now OWA has been a widely used interface for quite a while, but with the explosion of mobile devices a better solution has evolved. As we move forward we're going to take a look at OWA for devices.
- Planning namespaces
- Managing proxies and redirection
- Configuring client access
- Working with online servers
- Managing address lists and offline address books
- Allowing, blocking, and quarantining access
- Load balancing namespaces
- Troubleshooting POP/IMAP connectivity
- Troubleshooting Outlook Anywhere
- Resilient namespaces and URLs
- Configuring certificates for failover