Archive for August, 2011

Disabling Forwarding for an Outlook Live domain and Removing Forwarding Options from the OWA

Note: Good friend and colleague of mine Jim Muir wrote an article on how to disable forwarding in Live@edu. I’ve volunteered to re-publish it, so all credits for this content are going to Jim!

User Driven Options

Users can create inbox rules to automatically forward messages to e-mail addresses
outside an organization. Depending on an customer’s policies, they may choose
to prevent the forwarding of all such messages or to prevent the delivery of a
subset of auto-forwarded messages.

Administrator Driven Options

Disabling Forwarding for an Outlook Live domain

To accomplish this, IT Admins must first disable forwarding in the domain using Powershell. For instructions to install Powershell and connect it to the Outlook Live service, follow the online
instructions.
Once connected, use the -AutoForwardEnabled parameter which controls automatic message forwarding to remote domains.

Set-RemoteDomain Default -AutoForwardEnabled $false

If a rollback is required, use the same Powershell command with the parameter for –AutoForwardEnabled to $true.

Removing Forwarding Options from the OWA UI

There are three locations in the OWA UI that pertain to forwarding e-mail.

The first location

for forwarding appears in the OWA UI in the account section under the section called Shortcuts to other things you can do as shown here:

The second location

is within the “My Account” options page. When a user clicks on the “Forward your e-mail” link, the “My Account” options appear with the Forwarding section enabled. In the Forwarding section, there is a field to enter the address to forward the e-mail to and a tick box to enable a user to keep a copy of the forwarded message in the Outlook Web App.

The third location

appears as in the Organize E-Mail section when a user clicks the New drop down menu and selects the option Create a new rule for arriving messages which creates a new inbox rule. In the New Inbox Rule window, an option appears for Redirect the message to…

In order to remove these options from the user interface, IT Admins need to use Windows Powershell. IT Admins should remove the forwarding options from all three locations. If an IT admin wishes to turn off forwarding for all users in their domain, they should edit the DefaultMailboxPlan policy. If an IT admin wishes to apply this role to a small number of users, they will need to explicitly create a role assignment policy instead of using the default assignment policy.

In the example provided below, the default mailbox plan policy is used to turn off the forwarding features for all users. Assuming that the IT admin is connected to the service with Windows Powershell , follow these instructions:

  1. Create a new custom role name and base it off the default mailbox plan
    New-ManagementRole -Parent MyBaseOptions_DefaultMailboxPlan -Name
  2. Remove the DeliverToMailboxAndForward, ForwardingAddress and ForwardingSmtpAddress parameters from the mailboxes for the role Set-ManagementRoleEntry \Set-Mailbox -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress –RemoveParameter
    NOTE: Outlook Live administrators have additional RBAC roles assigned. If you need to turn off the forwarding feature for an administrator account, you will need to clean up the DeliverToMailboxAndForward, ForwardingAddress and ForwardingSmtpAddress parameters for each role assignment.
  3. Remove the ForwardAsAttachementTo, ForwardTo and RedirectTo parameters from the inbox rules for the role
    Set-ManagementRoleEntry \New-InboxRule -Parameters ForwardAsAttachmentTo,ForwardTo,RedirectTo –RemoveParameter
    NOTE: Removing the ForwardAsAttachementTo, ForwardTo and RedirectTo parameters from the inbox rules also removes the option to set an inbox rule to forward the message as a text message.
  4. Assign the role to the default mailbox plan policy
    New-ManagementRoleAssignment -Policy RoleAssignmentPolicy-DefaultMailboxPlan -Role
  5. Remove the previous management role assignment
    Remove-ManagementRoleAssignment MyBaseOptions_DefaultMailboxPlan-RoleAssignmentPolicy-DefaultMail
  6. The administrator is asked to confirm the removal. Type Y to remove.

Once confirmed

the OWA UI will not display the forwarding options in the three locations outlined above

  1. My Account user interface
  2. Connected Accounts user interface
  3. New Inbox Rule interface

If a rollback is required, use the same PowerShell commands but instead of using the -RemoveParameter switch, use –AddParameter.