Microsoft Exchange/Office365

Allow Password change for specific users in Exchange Server

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related Microsoft Mail 3.5.

This becomes very useful and most probably used as security policy in certain companies to prevent AD password resets over the Internet (although all communication is encrypted by SSL-certificates, yes, safety precautions need to be taken into consideration.

Whenever you wish to deny password change within OWA, but not for all users in Exchange 2013/2016/2019, follow these steps below.

Create a new custom OWA security policy
Link the new custom OWA security policy to a mailbox / multiple mailboxes

To achieve this, logon to Exchange Admin Center

Navigate to Permissions / Outlook Web App Policies.

Here you will notice the default policy,
– Open its properties, you will see all OWA security features are enabled by default.

Create a new policy by clicking on the plus sign (+) icon.
Give it a descriptive name of Block Change Password
Remove the flag from the Change Password feature here, and save the policy.

In the next step, we will apply this new policy to a single mailbox as follows

Go to Recipients.
Select the individual mailbox you want to get this policy applied.
In the right pane, go to Email Connectivity.
Select View Details.

Notice the field is empty, actually meaning the default policy gets applied.

Click Browse and
Select the new custom Block Password Change policy

When next this specific user logs on via the OWA, He/she will notice the change password setting is no available to him anymore.

In the last step, we would like to apply this new policy to multiple mailbox users. Kindly follow these steps below.

Go to Recipients and select the multiple mailbox users for whom you want to get this policy applied.
In the right pane, go to Outlook Web App.
Select Assign a policy. 
This will open the Bulk assign Outlook Web App window.

You will notice the field is empty, which means, the default policy gets applied. .

Click Browse.
Select the new custom Block Password Change policy we created earlier

Now when your mailbox users go to login to OWA, they will notice the change password setting is not available anymore.

To see how users can have their passwords changed via OWA, see https://techdirectarchive.com/2016/04/14/668/

On how to disable Password Change for all Users Exchange server 2013/2016/2019 . I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x