Disable E-Mail forwarding in OWA
Hi, a few days ago a client of mine made a petition where he needed to be able to prohibit some users the option to forward their e-mails from Outlook Web App in Exchange Online.
The case is that on an Exchange On-Premises is very easy, but on Exchange Online there´s no visible option to do so but with PowerShell and RBAC it´s posible and wanted to share it with you.
First of all, we need to get our PowerShell environment ready for the use with Office365.
Login to tour Office365 subscription with Admin credentials with the following commands::
$LIveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Once we´re inside, we must enable Organization Customization in our subscription:
Enable-OrganizationCustomization
Create a new management role taking the base role as a base with the following command:
New-ManagementRole -Name Role_Name -Parent MyBaseOptions
Delete the forwarding attribute of the newly created role:
Set-ManagementRoleEntry Role_Name\Set-Mailbox -Parameters DeliverToMailboxAndForward -RemoveParameter
Create a new policy:
New-RoleAssignmentPolicy Policy_Name
Create a new management role assignment with the created role and policy:
New-ManagementRoleAssignment -Role Role_Name -Policy Policy_Name
Lastly, assign this configuration to the user we want to:
Get-Mailbox user@domain.com | Set-Mailbox -RoleAssignmentPolicy Policy_Name
If everything went ok, when the user logs in his Outlook Web App, it will be able to see on the right side the link to enable the e-mail forwarding option (image1), but different than a normal user (image2), the necessary fields to enable the forwarding will not appear (image3):
Image1:
Image2:
Image3:
Until next time.