Allow Password change for specific users in Exchange Server

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related Microsoft Mail 3.5. In this article, we shall discuss “Allow Password change for specific users in Exchange Server”. Please see how to Block Change Password for Specific Exchange Users, and how to disable Password Change for all Users Exchange Server 2013,2016 and 2019.

This becomes very useful and is most probably used as a security policy in certain companies to prevent AD password resets over the Internet (although all communication is encrypted by SSL certificates. Yes, safety precautions need to be taken into consideration.

Deny password change within OWA

Whenever you wish to deny password change within OWA, but not for all users in Exchange 2013/2016/2019, follow these steps below.

Create a new custom OWA security policy
Link the new custom OWA security policy to a mailbox / multiple mailboxes

To achieve this, log in to the Exchange Admin Center

Navigate to Permissions / Outlook Web App Policies.

Here you will notice the default policy, and open its properties. You will see all OWA security features are enabled by default.

Create a new policy by clicking on the plus sign (+) icon.
- Give it a descriptive name of Block Change Password
- Remove the flag from the Change Password feature here, and save the policy.

Apply this new policy to a single mailbox

In the next step, we will apply this new policy to a single mailbox as follows

Go to Recipients.
- Select the individual mailbox you want to get this policy applied.
- In the right pane, go to Email Connectivity.
- Select View Details.

Notice the field is empty, actually meaning the default policy gets applied.

Click Browse and select the new custom Block Password Change policy

When this specific user logs on via the OWA, He/she will notice the change password setting is not available to him anymore.

In the last step, we would like to apply this new policy to multiple mailbox users. Kindly follow the steps below.

Go to Recipients and select the multiple mailbox users for whom you want to get this policy applied.
- In the right pane, go to Outlook Web App.
- Select Assign a policy. 

This will open the Bulk assign Outlook Web App window. You will notice the field is empty, which means, the default policy gets applied.

Click Browse.
Select the new custom Block Password Change policy we created earlier

Now when your mailbox users go to log in to OWA, they will notice the change password setting is not available anymore.

I hope you found this blog post helpful on how to allow Password change for specific users in Exchange Server. Please let me know in the comment session if you have any questions.