Edit

Share via

Policy Management in new Outlook for Windows

  • Article

Admins provide Windows users in your organization with standard policies for new Outlook. These policies maintain security, productivity, and data integrity by using Exchange PowerShell cmdlets and Cloud Policy.

Most policies configure the features that are available for the mailbox accounts in their organization and help protect company data and customize the user experience. These policies affect the configuration of any Outlook app where the organization mailbox is present.

You can manage most features with Exchange PowerShell cmdlets. However, for features that span multiple Microsoft 365 experiences, like Loop and in-product Feedback, as well as settings for Diagnostic Data and Connected Experiences, you should use Cloud Policy.

Important

Several App-wide settings, including Theme, Text Size and Spacing, and Diagnostic Data and Connected Experiences are associated with the first account added in new Outlook. This account is considered as the primary account.

While policies can be applied to any organization account in new Outlook, management of app-wide settings requires the designated account to be set as primary. For example, Theme, Diagnostic Data, and Connected Experiences.

Most features like Focused Inbox and Loop are specific to each account. If you disable these features, they turn off only for that account. However, in new Outlook, other features are disabled at the organization level, for example, if any account has in-product feedback disabled, the feature becomes unavailable for all accounts.

Most of the mailbox policies apply to both Outlook on the web (formerly known as Outlook Web App or OWA) and Monarch, so you can't enable them on one client but not the other.

Allow only corporate mailboxes to be added

Admins should use the following parameters on the Set-OwaMailboxPolicy cmdlet to allow only corporate mailboxes to be added to the new Outlook:

Set Primary Account

Users can change the primary account in Settings > Accounts > Email accounts > Manage for the account they want to designate as primary.

Screenshot that shows how to change the primary account in Email accounts Settings.

The ChangeSettingsAccountEnabled parameter on the Set-OwaMailboxPolicy cmdlet allows admins to set the organization account as primary to ensure their policies are applied. Check the syntax at Set-OwaMailboxPolicy -ChangeSettingsAccountEnabled.

Disable automatic updating of weather location

The WeatherEnabled parameter on the Set-OwaMailboxPolicy cmdlet enables or disables weather information in the calendar in Outlook on the web. Check the syntax at Set-OwaMailboxpolicy -WeatherEnabled.

Disable Focused Inbox

The FocusedInboxOn parameter on the Set-OrganizationConfig cmdlet turns off Focused Inbox in your organization. However, it doesn't block the availability of the feature for users. They can still re-enable Focused Inbox in their email clients. For more information, see Configure Focused Inbox for everyone in your organization.

Configure Junk settings

Admins can use the Set-JunkEmailConfiguration cmdlet to foster an agile and adaptable IT infrastructure that's well-equipped to meet the diverse needs of a modern workforce. Admins can use that cmdlet to manage the safelist collection (Safe Senders list, Safe Recipients list, and Blocked Senders list) on individual mailboxes. For more information, see Set-MailboxJunkEmailConfiguration.

Tip

We typically recommend that organizations use the Standard and Strict preset security policies. But admins can modify the default ant-spam policy or create custom anti-spam policies to adjust bulk email thresholds or create global allow and block lists.

Disable signatures

Admins can use either of the following methods to prevent Outlook on the web users from manually creating email signatures:

  • Exchange PowerShell: Use the SignaturesEnabled parameter with the value $false on the Set-OwaMailboxPolicy cmdlet. Check the syntax at Set-OwaMailboxPolicy -SignaturesEnabled).

  • Exchange admin center (EAC) On the Outlook web app policies page at https://admin.exchange.microsoft.com/#/owapolicies, click on the name of the policy > select Manage Features in the Features section > expand the User experience section > uncheck Email signature, and then select Save changes.

For more information, see Create a mailbox policy in Exchange Online for Outlook on the web and the new Outlook for Windows.

Specify calendar first day of week

Set-MailboxCalendarConfiguration is another cmdlet for managing various features and capabilities for Calendar, including: Working Hours, Work Week, Shorten appointments and meetings, and more.

For more information, see Set-MailboxCalendarConfiguration.

Automatically configure account based on Active Directory Primary SMTP address

We recommend that admins configure the new policy for easier account set up on managed devices and to guarantee that company policies are always respected. This policy setting allows admins to control the Primary Account in Outlook for Windows.

Admins can set the policy Require the Primary Account to match the Windows signed-in account through the Microsoft Intune admin center > Apps > Policies for Office Apps.

If this policy is enabled, the primary SMTP address used to sign in to Windows is suggested the first time a user adds their account to new Outlook for Windows and the user can't change it.

If you disable or don't configure this policy setting, users aren't restricted in their choice of Primary Account.

By default, no default email address is suggested.

If the user already added their personal accounts before this policy was enabled, the personal accounts are disabled when this policy is detected.

Admins can use this setting with the PersonalAccountsEnabled parameter value $false on the Set-OwaMailboxPolicy to block users from adding their personal accounts to new Outlook.

Important

This feature uses OneAuth. Therefore, Microsoft Entra ID, Workplace join, or Office activation on Local Active Directory Join environments is required.

Specify what attachments can be downloaded

By default, new Outlook for Windows allows you to open attached Word, Excel, PowerPoint, text files, and many media files directly. The files you open vary depending on the account settings. Admins can configure the list of allowed filename extensions using the AllowedFileTypes and BlockedFileTypes parameters on the Set-OwaMailboxPolicy cmdlet. Check the syntax at Set-OwaMailboxPolicy -AllowedFileTypes and Set-OwaMailboxPolicy -BlockedFileTypes.

Disable non-Microsoft online attachments

The AdditionalStorageProvidersAvailable parameter on the Set-OwaMailboxPolicy cmdlet specifies other storage providers (for example, Box, Dropbox, Facebook, Google Drive, Egnyte, personal OneDrive) for attachments in Outlook on the web. Check the syntax at Set-OwaMailboxPolicy -AdditionalStorageProvidersAvailable.

Disable Offline mode

The OfflineEnabledWin parameter on the Set-OwaMailboxPolicy cmdlet allows or blocks the new Outlook for Windows from being used offline. Check the syntax at Set-OwaMailboxPolicy -OfflineEnabledWin.

Enable Location Suggestions

The PlacesEnabled parameter on the Set-OwaMailboxPolicy cmdlet enables or disables Places in Outlook on the web. Places in Microsoft 365 lets users search, share, and map location details by using Bing. Check the syntax at Set-OwaMailboxPolicy -PlacesEnabled.

Enable a default Theme

A theme defines the colors, fonts, and images that are displayed to users in Outlook on the web and new Outlook for Windows. Admins can use the list of default themes from Default Outlook on the web themes in Exchange Server to find and select a default theme. Check the syntax at Set-OwaMailboxPolicy -DefaultTheme.

Disable Suggested Replies

The WebSuggestedRepliesDisabled parameter on the Set-OrganizationConfig enables or disables Suggested Replies in Outlook on the web and new Outlook for Windows. Check the syntax at Set-OrganizationConfig -WebSuggestedRepliesDisabled.

Disable Microsoft Loop

Loop components in Outlook are portable, editable pieces of content that stay in sync across all the places they're shared.

For more information, see Manage Loop components in OneDrive and SharePoint.

Disable Diagnostic Data and Connected Experiences

Organizations can control whether connected experiences or diagnostic data can be sent from the new Outlook for Windows. This capability is part of our commitment to giving you the information and controls over your privacy.

Screenshot that shows how to turn on optional connected experiences in privacy settings.

For more information, see Use policy settings to manage privacy controls for Microsoft 365 Apps for enterprise.

Disable In-product feedback

New Outlook provides in-product feedback that can be managed as part of Microsoft 365 wide settings for Feedback in Cloud Policy:

Screenshot that shows how to provide in-product feedback through Feedback to Microsoft.

For more information, see Manage Microsoft feedback for your organization.

Disable Contact Support in the new Outlook for Windows

Disable contact support is configured via Cloud Policy for a Microsoft 365 organization from the Microsoft 365 Apps admin center, specifically on the Office Policies page.

Screenshot of the Configure Settings page in the Microsoft 365 Apps admin center. It shows the policy management process with steps for Basics, Scope, Policies, and Review and publish. The Policies section lists five policies related to the new Outlook, including their platforms, applications, and status, all marked as Not configured.

When you create a policy, after providing a name and setting a scope, you can search for new outlook from the Policies screen. It brings up all the available policies for new Outlook for Windows. One of those policies is Allow access to Contact Support in the new Outlook. This policy can be configured as Disabled to disable the Contact Support option under the Help menu in new Outlook.

Screenshot of Allow access to Contact Support in the new Outlook policy settings, showing default, enabled, and disabled configurations, and a note on diagnostic troubleshooting. The configuration setting is shown as Disabled.

Disable toggle from classic Outlook for Windows

Some organizations could use a policy to block the toggle from appearing in the classic Outlook for Windows until they're ready to migrate. For guidance on this policy, see Enable or disable access to the new Outlook for Windows.

While this policy hides the toggle within the application, it doesn't block the mailbox from being added to the new Outlook for Windows. A separate Exchange policy can be used to block organization mailboxes from being added to new Outlook. For guidance on this policy, see Enable or disable access to the new Outlook for Windows.

Users can enable new Outlook via the toggle from the built-in Mail and Calendar application in Windows. To block new Outlook from these applications, organizations can block users from downloading and/or installing new Outlook using Intune or other management solutions.

Admins can use the UniversalOutlookEnabled parameter value $false on the CASMailbox cmdlet to block organization accounts from using the built-in Mail and Calendar app in Windows. Check the syntax at Set-CASMailbox -UniversalOutlookEnabled.