Allow Password change for specific users in Exchange 2013/2016/2019

This becomes very useful and most probably used as security policy in certain companies to prevent AD password resets over the Internet (although all communication is encrypted by SSL-certificates, yes, safety precautions need to be taken into consideration.

Whenever you wish to deny password change within OWA, but not for all users in Exchange 2013/2016/2019, follow these steps below.

Create a new custom OWA security policy
Link the new custom OWA security policy to a mailbox / multiple mailboxes

To achieve this, logon to Exchange Admin Center

Navigate to Permissions / Outlook Web App Policies.

Here you will notice the default policy,
– Open its properties, you will see all OWA security features are enabled by default.

Create a new policy by clicking on the plus sign (+) icon.
Give it a descriptive name of Block Change Password
Remove the flag from the Change Password feature here, and save the policy.

In the next step, we will apply this new policy to a single mailbox as follows

Go to Recipients.
Select the individual mailbox you want to get this policy applied.
In the right pane, go to Email Connectivity.
Select View Details.

Notice the field is empty, actually meaning the default policy gets applied.

Click Browse and
Select the new custom Block Password Change policy

When next this specific user logs on via the OWA, He/she will notice the change password setting is no available to him anymore.

In the last step, we would like to apply this new policy to multiple mailbox users. Kindly follow these steps below.

Go to Recipients and select the multiple mailbox users for whom you want to get this policy applied.
In the right pane, go to Outlook Web App.
Select Assign a policy. 
This will open the Bulk assign Outlook Web App window.

You will notice the field is empty, which means, the default policy gets applied. .

Click Browse.
Select the new custom Block Password Change policy we created earlier

Now when your mailbox users go to login to OWA, they will notice the change password setting is not available anymore.

To see how users can have their passwords changed via OWA, see https://techdirectarchive.com/2016/04/14/668/

On how to disable Password Change for all Users Exchange server 2013/2016/2019 https://techdirectarchive.com/2020/01/28/how-to-disable-password-change-for-all-users-exchange-server-2013-2016-2019/

2 thoughts on “Allow Password change for specific users in Exchange 2013/2016/2019

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s