Outlook Web App Mailbox Policies | Available Settings

Applies to: Office 365 for professionals and small businesses, Office 365 for enterprises, Live@edu

Topic Last Modified: 2011-12-01

Outlook Web App mailbox policies control users’ access to files and features in Outlook Web App. Administrators can use Outlook Web App mailbox policies to apply and standardize Outlook Web App settings for all the users in their organization. For example, you can prevent users from opening file attachments in Outlook Web App.

The list of Outlook Web App mailbox policy settings is extensive. Let’s look at the most interesting settings that can be configured by an Exchange Online administrator.

The settings are grouped together by category. Each setting corresponds to a parameter available on the Set-OwaMailboxPolicy cmdlet.

Client settings
Sender Photos
Folder settings
Language settings
Feature settings
File and attachment settings
- Direct file access
- WebReady Document Viewing

Before you begin

Not all parameters or settings are available in all organizations.
In Microsoft Office 365, licensing or subscription restrictions may override any settings you apply here. If you try to enable a feature that isn't permitted by the license or subscription type, that feature won't work in Outlook Web App.
Many features aren't available in the light version of Outlook Web App, so enabling or disabling those features only affects users in the standard version of Outlook Web App.
The version of Outlook Web App provided by the Microsoft datacenters to access cloud-based mailboxes doesn't allow users to select This is a public computer or This is a private computer when they open Outlook Web App. In cloud-based organizations, all Outlook Web App sessions are assumed to be performed on private computers. Therefore, any Outlook Web App mailbox policy parameters that contain the word Public don't affect Outlook Web App users in cloud-based organizations.
The settings you specify in Outlook Web App mailbox policies are enforced in Outlook Web App only. For example, if you disable a feature in Outlook Web App, that feature isn't disabled on the mailbox itself. If the user opens their mailbox in Microsoft Office Outlook, the feature isn't disabled.
Many of the Outlook Web App mailbox policy settings have default values of true or false. Valid input for these parameters is $true or $false.

Client settings

These settings control look and feel of Outlook Web App and what is available to users.

Parameter	Default value	Description
OwaLightEnabled	True	This parameter enables or disables the light version of Outlook Web App. When this parameter is set to `$false`, only the standard version of Outlook Web App is available to users. If the user's Web browser isn't compatible with the standard version of Outlook Web App, the user can't open their mailbox using Outlook Web App. Also, in the standard version of Outlook Web App, the option to use the blind and low vision experience is removed from the sign in page and from the General tab in Outlook Web App > Options > Settings. Note If the OwaLightEnabled and OwaPremiumEnabled parameters are both set to `$false`, users can't access their mailboxes using Outlook Web App in any Web browser. Users will receive the same error that's displayed when they try to open Outlook Web App in an incompatible Web browser.
OwaPremiumEnabled	True	This parameter enables or disables the standard version of Outlook Web App. When this value is set to `$false`, only the light version of Outlook Web App is available, even if the user's Web browser supports the standard version of Outlook Web App.
DefaultTheme	Blank (`$null`)	This parameter specifies the theme that's applied to all users in your organization. The theme determines the color scheme in Outlook Web App. The following themes and the corresponding theme names are available in Outlook Web App: arctc Arctic autmn Autumn Blaze base Outlook Web App blib Blibbet blue-b Blue\Blue blue-o Blue\Orange bot Botanical cats Herding Cats cpck Cupcake dmsk Damask goth Gothitech grey-b Grey\Blue grey-o Grey\Orange grey-plm Grey\Plum grn-g Green\Green grn-o Green\Orange mix Mixxer paint Finger Paints pnk-b Pink\Blue pnk-g Pink\Green pnk-plm Pink\Plum pnk-pnk Pink\Pink space It Came from Space super Super Sparkle Happy violet Violet wntrlnd Winterland wrld One World When you specify a theme, that theme is applied when any of the following conditions are true: ThemeSelectEnabled is `$false`. ThemeSelectEnabled is `$true`, and the user has never opened their mailbox in Outlook Web App. ThemeSelectEnabled is `$true`, the user has opened their mailbox in Outlook Web App, but they never selected a theme. If you specify the value `$null`, the default theme that's applied to all users depends on your Exchange Online organization type. For example, in Live@edu organizations, when the DefaultTheme parameter is `$null`, the default theme is Outlook Web App. However, if you've configured co-branding for your Live@edu domain, the default theme is the co-branded theme. For more information, see Co-Brand Outlook Web App and Microsoft Services for Live@edu.
ThemeSelectionEnabled	True	This parameter allows users to select a theme in Outlook Web App, or prevents them from doing so.

Top of page

Sender Photos

These settings control the display of user photos in Outlook Web App. For more information, see Control Sender Photo Settings in Outlook Web App.

Parameter	Default value	Description
DisplayPhotosEnabled	True	This parameter controls the display of user photos. When this value is set to `$false`, no user photos are displayed.
SetPhotoEnabled	True	This parameter allows users to upload their own photo using Outlook Web App. When this value is set to `$false`, users can't change their photo using Outlook Web App.
SetPhotoURL	Live@edu Blank ($null) Office 365 https://portal.microsoftonline.com/EditProfile.aspx	This parameter sets a location where users can select their photo. If the value is blank (`$null`), users can select photos from their local computer.

Top of page

Folder settings

These settings show or hide standard mailbox folders that are normally available in Outlook Web App.

Parameter	Default value	Description
CalendarEnabled	True	This parameter shows or hides the Calendar folder.
ContactsEnabled	True	This parameter shows or hides the Contacts folder.
JournalEnabled	True	This parameter shows or hides the Journal folder.
NotesEnabled	True	This parameter shows or hides the Notes folder.
TaskEnabled	True	This parameter shows or hides the Tasks folder.

Top of page

Language settings

These settings configure the languages and character sets used in Outlook Web App. For a list of the valid language values, see Configure Language Settings for Outlook Web App.

Note To make all Arabic, Asian, Hebrew, and Urdu text display correctly in Outlook Web App, support for languages that are read from right-to-left and script languages must be installed on the client computer. Other languages may also require that the appropriate language pack be installed on the client computer.

Parameter	Default value	Description
DefaultClientLanguage	0	This parameter specifies the default language for Outlook Web App. When the value is 0, the default language isn't defined. Users are prompted to choose a default language the first time that they sign in to Outlook Web App. If you specify the default language using this parameter, users aren't prompted to choose a language the first time they sign in. If you specify the language, the names of the default mailbox folders in Outlook Web App are displayed in the specified language. Users can rename the mailbox folders and change the language after they sign in to Outlook Web App.
LogonAndErrorLanguage	0	This parameter specifies the language used for error messages in Outlook Web App when a user's current language setting can't be read. When the value is 0, the error message language isn't defined. This means Outlook Web App uses the language setting of the user's Web browser.
OutboundCharset	AutoDetect	This parameter specifies the message encoding for outgoing messages sent using Outlook Web App. Valid values for this parameter are: AutoDetect Examine the first 2 kilobytes (KB) of the outgoing message text and deduce the character set to use. AlwaysUTF8 Always use UTF-8 encoded UNICODE characters on outgoing messages. UserLanguageChoice Use the Outlook Web App language setting to encode outgoing messages. This can cause problems when the Outlook Web App language is different that the language used in an individual message.
UseGB18030	False	This parameter controls the conversion settings for outgoing messages that use the GB2312 character set in Outlook Web App. If the OutboundCharset parameter is set to `Autodetect`, and if UseGB18030 is `$true`, outgoing messages encoded in GB2312 are automatically converted to GB18030.
UseISO885915	False	This parameter controls the conversion settings for outgoing messages that use the ISO-8859-1 character set in Outlook Web App. If the OutboundCharset parameter is set to `Autodetect`, and if UseISO885915 is `$true`, outgoing messages encoded in ISO-8859-1 are automatically converted to ISO- 8859-15. ISO-8859-1 is also known as Latin-1. ISO-8859-15 is also known as Latin-9.

Top of page

Feature settings

These settings enable or disable features in Outlook Web App.

Parameter	Default value	Description
DelegateAccessEnabled	True	This parameter enables or disables access to the mailbox by delegates using Outlook Web App. You assign delegate permissions to mailbox folders using the Delegate Access option in Microsoft Outlook.
ExplicitLogonEnabled	True	This parameter enables or disables access to the mailbox by other users using Outlook Web App. You assign permissions to mailboxes using the Set-MailboxPermissions cmdlet.
GlobalAddressListEnabled	True	This parameter shows or hides the shared address book in Outlook Web App. When this parameter is set to `$false`, only the Contacts folder is available to users in Outlook Web App.
ActiveSyncIntegrationEnabled	True	This parameter enables or disables integrated Exchange ActiveSync in Outlook Web App.
InstantMessagingEnabled	True	This parameter enables or disables instant messaging in Outlook Web App.
IRMEnabled	True	This parameter enables or disables Information Rights Management (IRM) features in Outlook Web App.
RecoverDeletedItemsEnabled	True	This parameter enables or disables the ability to recover deleted items in Outlook Web App. Deleted items refer to items that were deleted from the Deleted Items folder or items that were permanently deleted using Shift+Delete.
RemindersAndNotificationsEnabled	True	This parameter enables or disables reminders in Outlook Web App.
RulesEnabled	True	This parameter enables or disables the ability to manage server-side Inbox Rules in Outlook Web App.
SearchFoldersEnabled	True	This parameter enables or disables search folders in Outlook Web App. When this parameter is set to `$false`, the Search Folders icon remains visible in Outlook Web App, but no search folders are available.
SignaturesEnabled	True	This parameter enables or disables the ability to manage or apply e-mail signatures in Outlook Web App.
SilverlightEnabled	True	This parameter enables or disables Microsoft Silverlight features in Outlook Web App.
SpellCheckerEnabled	True	This parameter enables or disables the ability to manage or use the check spelling feature in Outlook Web App.
TextMessagingEnabled	True	This parameter enables or disables text messaging in Outlook Web App.
UMIntegrationEnabled	True	If it's enabled, this option lets users manage their Unified Messaging settings by using Outlook Web App.

Top of page

File and attachment settings

These settings control users’ access to files using Outlook Web App. Typically, files accessed by users in Outlook Web App are attachments in e-mail messages. Users can access files in Outlook Web App in the following ways:

Direct file access These settings control direct access to files in Outlook Web App. For example, if a message contains an attachment, the user clicks on the file and is given the choice to open or save the file. You can control the types of files users are allowed to access, and you can control the actions that are available for a specific file types.
WebReady Document Viewing This feature lets users view specific file types in their Web browser, even if the user doesn't have the applications required to open those file types.

Direct file access

Here are the different methods of including files in an e-mail message:

Attachments The user clicks on the attachment to open or save it.
MIME embedded files The files are embedded directly in the body of the message. Typically, MIME embedded files are image files.

You can control access to files based on the file extension or file type. The following actions are available:

Allow Users can directly access these files in Outlook Web App. Typically, clicking on the file gives users the option to open or save the file. This list of file types is known as the Allow list.
Block Users can't directly access these files in Outlook Web App. This list of file types is known as the Block list.
Force save Users can access these files in Outlook Web App, but they must save them to their local computer. This list of file types is known as the Force Save list.

The same file type may be defined in multiple lists. When that happens, here's the order of precedence:

The Allow list overrides the Block list and the Force Save list.
The Block list overrides the Force Save list and is overridden by the Allow list.
The Force Save list is overridden by the Allow list and Block list.

It's important to understand that direct file access settings affect a user's ability to click on files and access them directly. A user's access to those same files using WebReady Document Viewing is completely separate. For example, if you add the file type .doc to the Block list, users can't click on attached .doc files to open or save them in Outlook Web App. However, users can still use WebReady Document Viewing to view .doc files in their Web browser.

The following parameters are available for direct file access.

Parameter	Default value	Description
DirectFileAccessOnPrivateComputersEnabled	True	This parameter enables or disables direct access to all file types in Outlook Web App. If this parameter is set to `$false`, users can't click on attachments in e-mail messages to open or save the files. The attachment is visible, but the link is grayed out.
AllowedFileTypes	.avi .bmp .doc .docm .docx .gif .jpg .mp3 .one .pdf .png .ppsm .ppsx .ppt .pptm .pptx .pub .rpmsg .rtf .tif .tiff .txt .vsd .wav .wma .wmv .xls .xlsb .xlsm .xlsx .zip	This parameter specifies the file types that users can directly access in Outlook Web App without restrictions.
BlockedFileTypes	.ade .adp .app .asp .aspx .asx .bas .bat .cer .chm .cmd .com .cpl .crt .csh .der .exe .fxp .gadget .hlp .hta .htc .inf .ins .isp .its .js .jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw .mda .mdb .mde .mdt .mdw .mdz .mht .mhtml .msc .msh .msh1 .msh1xml .msh2 .msh2xml .mshxml .msi .msp .mst .ops .pcd .pif .plg .prf .prg .ps1 .ps1xml .ps2 .ps2xml .psc1 .psc2 .pst .reg .scf .scr .sct .shb .shs .tmp .url .vb .vbe .vbs .vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh .xml	This parameter specifies the file types that users can't directly access in Outlook Web App. Note As explained earlier, the Block list overrides the Force Save list. By default, these files types are specified in the Block list but not in the Force Save list: .der .htc .mht .mhtml .msh1 .msh1xml .msh2 .msh2xml .xml
ForceSaveAttachmentFilteringEnabled	False	This parameter enables or disables security checks for XML or HTML code in file types that are specified by the ForceSaveFileTypes parameter. When ForceSaveAttachmentFilteringEnabled is `$false`, file types in the Force Save list aren't checked for XML or HTML code.
ForceSaveFileTypes	.ade .adp .app .asp .aspx .asx .bas .bat .cer .chm .cmd .com .cpl .crt .csh .dcr .dir .exe .fxp .gadget .hlp .hta .inf .ins .isp .its .js .jse .ksh .lnk .mad .maf .mag .mam .maq .mar .mas .mat .mau .mav .maw .mda .mdb .mde .mdt .mdw .mdz .msc .msh .mshxml .msi .msp .mst .ops .pcd .pif .plg .prf .prg .ps1 .ps1xml .ps2 .ps2xml .psc1 .psc2 .pst .reg .scf .scr .sct .shb .shs .spl .swf .tmp .url .vb .vbe .vbs .vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh	This parameter specifies the file types that users can directly access in Outlook Web App. However, the Open option isn't available for these file types. The only option for these file types is Save. Note As explained earlier, the Block list overrides the Force Save list. By default, these files types are specified in the Force Save list but not in the Block list: .dcr .dir .spl .swf
ActionForUnknownFileAndMIMETypes	ForceSave	This parameter specifies the direct file access option for file types that aren't specified in any of the file access lists. Valid values for this parameter are: Allow Block ForceSave
AllowedMimeTypes	image/bmp image/gif image/jpeg image/png	This parameter specifies the MIME embedded file types that users can directly access in Outlook Web App without restrictions.
BlockedMimeTypes	application/hta application/javascript application/msaccess application/prg application/x-javascript application/xml text/javascript text/scriplet text/xml x-internet-signup	This parameter specifies the MIME embedded file types that users can't directly access in Outlook Web App.
ForceSaveMimeTypes	Application/futuresplash Application/octet-stream Application/x-director Application/x-shockwave-flash	This parameter specifies the MIME embedded file types that users can directly access in Outlook Web App. However, the Open option isn't available for these file types. The only option for these file types is Save.

Top of page

WebReady Document Viewing

WebReady Document Viewing converts specific file types into HTML and opens the file in the Web browser. If WebReady Document Viewing is available for a particular file type, a link titled Open in Browser appears next to the file. This link appears independently of the direct file access options that are configured for the file type. For example, the file type may be blocked by direct file access, but available for WebReady Document Viewing.

One of the most valuable aspects of WebReady Document Viewing is helping to reduce the potential security risk of storing opened or saved file attachments on the client computer. For example, you can force WebReady Document Viewing only and prevent direct file access in Outlook Web App.

The following file types are supported by WebReady Document Viewing.

Supported file types	Supported MIME embedded file types
.doc .docx .dot .pdf .pps .ppt .pptx .rtf .xls .xlsx	application/msword application/pdf application/vnd.ms-powerpoint application/vnd.openxmlformats-officedocument.presentationml.presentation application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.wordprocessingml.document application/x-msexcel application/x-mspowerpoint

Note The lists of all supported files types are found in the WebReadyDocumentViewingSupportedFileTypes and WebReadyDocumentViewingSupportedMimeTypes parameters on the Get-OwaMailboxPolicy cmdlet. You can't arbitrarily add new or unknown file types for WebReady Document Viewing. However, you can remove supported file types so those files aren't available in WebReady Document Viewing.

The following parameters are available for WebReady Document Viewing.

Parameter	Default value	Description
ForceWebReadyDocumentViewingFirstOnPrivateComputers	False	This parameter forces WebReady Document Viewing first for supported file types in Outlook Web App. If this parameter is set to `$true` and the file is supported by WebReady Document Viewing, the file is converted to HTML and opened in the Web Browser. If the DirectFileAccessOnPrivateComputersEnabled parameter is set to `$true`, the user can click a provided link to open or save the file.
WebReadyDocumentViewingForAllSupportedTypes	True	This parameter enables WebReady Document Viewing for all supported file types. If you want to reduce the file types that are eligible for WebReady Document Viewing, set this parameter to `$false` and use the WebReadyFileTypes and WebReadyMimeTypes parameters to specify the eligible file types.
WebReadyDocumentViewingOnPrivateComputersEnabled	True	This parameter enables or disables WebReady Document Viewing for all supported file types in Outlook Web App. If this parameter is set to `$false` Open in Browser isn't available for supported file types.
WebReadyFileTypes	.doc .docx .dot .pdf .pps .ppt .pptx .rtf .xls .xlsx	This parameter specifies the supported file types for WebReady Document Viewing. The file types specified by this parameter are used only when the WebReadyDocumentViewingForAllSupportedTypes is `$false`.
WebReadyMimeTypes	application/msword application/pdf application/vnd.ms-powerpoint application/vnd.openxmlformats-officedocument.presentationml.presentation application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.wordprocessingml.document application/x-msexcel application/x-mspowerpoint	This parameter specifies the supported MIME embedded file types for WebReady Document Viewing. The file types specified by this parameter are used only when the WebReadyDocumentViewingForAllSupportedTypes is `$false`.

Top of page