Policy Management in new Outlook for Windows
Admins provide Windows users in your organization with standard policies for new Outlook. These policies maintain security, productivity, and data integrity by using Exchange PowerShell cmdlets and Cloud Policy.
Most policies configure the features that are available for the mailbox accounts in their organization and help protect company data and customize the user experience. These policies affect the configuration of any Outlook app where the organization mailbox is present.
You can manage most features with Exchange PowerShell cmdlets. However, for features that span multiple Microsoft 365 experiences, like Loop and in-product Feedback, as well as settings for Diagnostic Data and Connected Experiences, you should use Cloud Policy.
Important
Several App-wide settings, including Theme, Text Size and Spacing, and Diagnostic Data and Connected Experiences are associated with the first account added in new Outlook. This account is considered as the primary account.
While policies can be applied to any organization account in new Outlook, management of app-wide settings requires the designated account to be set as primary. For example, Theme, Diagnostic Data, and Connected Experiences.
Most features like Focused Inbox and Loop are specific to each account. If you disable these features, they turn off only for that account. However, in new Outlook, other features are disabled at the organization level, for example, if any account has in-product feedback disabled, the feature becomes unavailable for all accounts.
Most of the mailbox policies apply to both Outlook on the web (formerly known as Outlook Web App or OWA) and Monarch, so you can't enable them on one client but not the other.
Allow only corporate mailboxes to be added
Admins should use the following parameters on the Set-OwaMailboxPolicy cmdlet to allow only corporate mailboxes to be added to the new Outlook:
The
AllowedOrganizationAccountDomains
parameter specifies one or more account domains that can be added in Outlook. Check the syntax at Set-OwaMailboxPolicy -AllowedOrganizationAccountDomains.The
PersonalAccountsEnabled
parameter specifies whether users are allowed to add their personal email accounts. Check the syntax at Set-OwaMailboxPolicy -PersonalAccountsEnabled.
Set Primary Account
Users can change the primary account in Settings > Accounts > Email accounts > Manage for the account they want to designate as primary.
The ChangeSettingsAccountEnabled
parameter on the Set-OwaMailboxPolicy cmdlet allows admins to set the organization account as primary to ensure their policies are applied. Check the syntax at Set-OwaMailboxPolicy -ChangeSettingsAccountEnabled.
Disable automatic updating of weather location
The WeatherEnabled
parameter on the Set-OwaMailboxPolicy cmdlet enables or disables weather information in the calendar in Outlook on the web. Check the syntax at Set-OwaMailboxpolicy -WeatherEnabled.
Disable Focused Inbox
The FocusedInboxOn
parameter on the Set-OrganizationConfig cmdlet turns off Focused Inbox in your organization. However, it doesn't block the availability of the feature for users. They can still re-enable Focused Inbox in their email clients. For more information, see Configure Focused Inbox for everyone in your organization.
Configure Junk settings
Admins can use the Set-JunkEmailConfiguration cmdlet to foster an agile and adaptable IT infrastructure that's well-equipped to meet the diverse needs of a modern workforce. Admins can use that cmdlet to manage the safelist collection (Safe Senders list, Safe Recipients list, and Blocked Senders list) on individual mailboxes. For more information, see Set-MailboxJunkEmailConfiguration.
Tip
We typically recommend that organizations use the Standard and Strict preset security policies. But admins can modify the default ant-spam policy or create custom anti-spam policies to adjust bulk email thresholds or create global allow and block lists.
Disable signatures
Admins can use either of the following methods to prevent Outlook on the web users from manually creating email signatures:
Exchange PowerShell: Use the
SignaturesEnabled
parameter with the value$false
on the Set-OwaMailboxPolicy cmdlet. Check the syntax at Set-OwaMailboxPolicy -SignaturesEnabled).Exchange admin center (EAC) On the Outlook web app policies page at https://admin.exchange.microsoft.com/#/owapolicies, click on the name of the policy > select Manage Features in the Features section > expand the User experience section > uncheck Email signature, and then select Save changes.
For more information, see Create a mailbox policy in Exchange Online for Outlook on the web and the new Outlook for Windows.
Specify calendar first day of week
Set-MailboxCalendarConfiguration is another cmdlet for managing various features and capabilities for Calendar, including: Working Hours, Work Week, Shorten appointments and meetings, and more.
For more information, see Set-MailboxCalendarConfiguration.
Automatically configure account based on Active Directory Primary SMTP address
We recommend that admins configure the new policy for easier account set up on managed devices and to guarantee that company policies are always respected. This policy setting allows admins to control the Primary Account in Outlook for Windows.
Admins can set the policy Require the Primary Account to match the Windows signed-in account through the Microsoft Intune admin center > Apps > Policies for Office Apps.
If this policy is enabled, the primary SMTP address used to sign in to Windows is suggested the first time a user adds their account to new Outlook for Windows and the user can't change it.
If you disable or don't configure this policy setting, users aren't restricted in their choice of Primary Account.
By default, no default email address is suggested.
If the user already added their personal accounts before this policy was enabled, the personal accounts are disabled when this policy is detected.
Admins can use this setting with the PersonalAccountsEnabled
parameter value $false
on the Set-OwaMailboxPolicy to block users from adding their personal accounts to new Outlook.
Important
This feature uses OneAuth. Therefore, Microsoft Entra ID, Workplace join, or Office activation on Local Active Directory Join environments is required.
Specify what attachments can be downloaded
By default, new Outlook for Windows allows you to open attached Word, Excel, PowerPoint, text files, and many media files directly. The files you open vary depending on the account settings. Admins can configure the list of allowed filename extensions using the AllowedFileTypes
and BlockedFileTypes
parameters on the Set-OwaMailboxPolicy cmdlet. Check the syntax at Set-OwaMailboxPolicy -AllowedFileTypes and Set-OwaMailboxPolicy -BlockedFileTypes.
Disable non-Microsoft online attachments
The AdditionalStorageProvidersAvailable
parameter on the Set-OwaMailboxPolicy cmdlet specifies other storage providers (for example, Box, Dropbox, Facebook, Google Drive, Egnyte, personal OneDrive) for attachments in Outlook on the web. Check the syntax at Set-OwaMailboxPolicy -AdditionalStorageProvidersAvailable.
Disable Offline mode
The OfflineEnabledWin
parameter on the Set-OwaMailboxPolicy cmdlet allows or blocks the new Outlook for Windows from being used offline. Check the syntax at Set-OwaMailboxPolicy -OfflineEnabledWin.
Enable Location Suggestions
The PlacesEnabled
parameter on the Set-OwaMailboxPolicy cmdlet enables or disables Places in Outlook on the web. Places in Microsoft 365 lets users search, share, and map location details by using Bing. Check the syntax at Set-OwaMailboxPolicy -PlacesEnabled.
Enable a default Theme
A theme defines the colors, fonts, and images that are displayed to users in Outlook on the web and new Outlook for Windows. Admins can use the list of default themes from Default Outlook on the web themes in Exchange Server to find and select a default theme. Check the syntax at Set-OwaMailboxPolicy -DefaultTheme.
Disable Suggested Replies
The WebSuggestedRepliesDisabled
parameter on the Set-OrganizationConfig enables or disables Suggested Replies in Outlook on the web and new Outlook for Windows. Check the syntax at Set-OrganizationConfig -WebSuggestedRepliesDisabled.
Disable Microsoft Loop
Loop components in Outlook are portable, editable pieces of content that stay in sync across all the places they're shared.
For more information, see Manage Loop components in OneDrive and SharePoint.
Disable Diagnostic Data and Connected Experiences
Organizations can control whether connected experiences or diagnostic data can be sent from the new Outlook for Windows. This capability is part of our commitment to giving you the information and controls over your privacy.
For more information, see Use policy settings to manage privacy controls for Microsoft 365 Apps for enterprise.
Disable In-product feedback
New Outlook provides in-product feedback that can be managed as part of Microsoft 365 wide settings for Feedback in Cloud Policy:
For more information, see Manage Microsoft feedback for your organization.
Disable Contact Support in the new Outlook for Windows
Disable contact support is configured via Cloud Policy for a Microsoft 365 organization from the Microsoft 365 Apps admin center, specifically on the Office Policies page.
When you create a policy, after providing a name and setting a scope, you can search for new outlook from the Policies screen. It brings up all the available policies for new Outlook for Windows. One of those policies is Allow access to Contact Support in the new Outlook. This policy can be configured as Disabled to disable the Contact Support option under the Help menu in new Outlook.
Disable toggle from classic Outlook for Windows
Some organizations could use a policy to block the toggle from appearing in the classic Outlook for Windows until they're ready to migrate. For guidance on this policy, see Enable or disable access to the new Outlook for Windows.
While this policy hides the toggle within the application, it doesn't block the mailbox from being added to the new Outlook for Windows. A separate Exchange policy can be used to block organization mailboxes from being added to new Outlook. For guidance on this policy, see Enable or disable access to the new Outlook for Windows.
Users can enable new Outlook via the toggle from the built-in Mail and Calendar application in Windows. To block new Outlook from these applications, organizations can block users from downloading and/or installing new Outlook using Intune or other management solutions.
Admins can use the UniversalOutlookEnabled
parameter value $false
on the CASMailbox cmdlet to block organization accounts from using the built-in Mail and Calendar app in Windows. Check the syntax at Set-CASMailbox -UniversalOutlookEnabled.