Microsoft Exchange/Office365

Block Change Password for Specific Exchange Users

Christianby
Leave a Comment on Block Change Password for Specific Exchange Users
Block Change Password

The above feature is handy and probably used as a security policy in certain companies to prevent AD password resets over the Internet (although SSL certificates encrypt all communication, then! Who are we to argue with a security officer, right?). You might have a case in which you want to block the change password feature within OWA, but not for all users. In that case, you need to change a few settings on the Exchange 2013 server.

Create a new custom OWA security policy
Link the new custom OWA security policy to a mailbox / multiple mailboxes
Here’s how to achieve this:

From within the Exchange Admin Center, go to Permissions / Outlook Web App Policies.

Observe the existing default policy; upon opening its properties, you’ll find all OWA security features enabled by default.

Now let’s create a new policy by clicking on the plus sign (+) icon.
Let’s give it a descriptive name of Block Change Password.
– Remove the flag from the Change Password feature here, and save the policy.
In the next step, we will apply this new policy to a single mailbox as follows:

Navigate to Recipients, then choose the desired mailbox. Apply the policy to the selected individual. In the right pane, go to Email Connectivity.

Select View Details.
– You will notice the field is empty, meaning the default policy gets applied. Click Browse… and select the new custom Block Password Change policy.
When logging into OWA for that specific mailbox user, you will notice the change password setting is not available anymore.

In the last step, we will apply this new policy to multiple mailbox users as follows:
– Navigate to Recipients, then choose multiple mailbox users to apply the policy to.
– In the right pane, go to Outlook Web App.
-Select Assign a policy. This will open the Bulk assign Outlook Web App window.

Notice the field is empty, actually meaning the default policy gets applied.
– Click Browse and select the new custom Block Password Change policy we created earlier.
– Now when your mailbox users go to login to OWA, they will notice the change password setting is not available anymore

Tags:

Written by Christian

My name is Christian with the following awards: Veeam Legend | VMware vExpert | Cisco Champion and VUG Africa Leader. I am the Founder and Editor of TechDirectArchive. My blog posts cover instruction guides, how-to, troubleshooting tips, and tricks on Windows, Linux, Mac, Databases, hardware, Cloud, Network Devices, and Information security.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x