Entradas Etiquetadas ‘RBAC’

Disable E-Mail forwarding in OWA

viernes, 31 de mayo de 2013 Sin comentarios

owa logo

Hi, a few days ago a client of mine made a petition where he needed to be able to prohibit some users the option to forward their e-mails from Outlook Web App in Exchange Online.

The case is that on an Exchange On-Premises is very easy, but on Exchange Online there´s no visible option to do so but with PowerShell and RBAC it´s posible and wanted to share it with you.

First of all, we need to get our PowerShell environment ready for the use with Office365.

Login to tour Office365 subscription with Admin credentials with the following commands::

$LIveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $LIveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

Once we´re inside, we must enable Organization Customization in our subscription:


Create a new management role taking the base role as a base with the following command:

New-ManagementRole -Name Role_Name -Parent MyBaseOptions

Delete the forwarding attribute of the newly created role:

Set-ManagementRoleEntry Role_Name\Set-Mailbox -Parameters DeliverToMailboxAndForward -RemoveParameter

Create a new policy:

New-RoleAssignmentPolicy Policy_Name

Create a new management role assignment with the created role and policy:

New-ManagementRoleAssignment -Role Role_Name -Policy Policy_Name

Lastly, assign this configuration to the user we want to:

Get-Mailbox | Set-Mailbox -RoleAssignmentPolicy Policy_Name


If everything went ok, when the user logs in his Outlook Web App, it will be able to see on the right side the link to enable the e-mail forwarding option (image1), but different than a normal user (image2), the necessary fields to enable the forwarding will not appear (image3):








Until next time.