Conditional Access in Outlook on the web for Exchange Online

Conditional Access in Outlook on the web for Exchange Online


Connect to Exchange Online using PowerShell, this script for MFA enabled Admin Users.


#Import the module, requires that you are an administrator and are able to run the script

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+”\Apps\2.0\”) -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1)

#connect specifying username, if you already have authenticated to another module, you actually do not have to authenticate

Connect-EXOPSSession -UserPrincipalName

#This will make sure when you need to reauthenticate after 1 hour that it uses existing token and you don’t have to write password and stuff


Script Link


Check your Org wide OWAMailbox Policy


Output like this, by default its off.

ConditionalAccessPolicy                             : Off

ConditionalAccessFeatures                           : {}


Now check your OWAMailboxPloicy identity.

Get-OwaMailboxPolicy | Select Identity






Now Configure OWAMailboxPolicy with Conditional Access Read-only mode.

Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -ConditionalAccessPolicy ReadOnly

This will be output after configurations.

ConditionalAccessPolicy                             : ReadOnly

ConditionalAccessFeatures                           : {Offline,




Now Configure Conditional access policy in Azure AD. (AAD P1 needed for conditional access)

This is end-users experience. User alexw | there are only two possible ways Preview or Save to OneDrive for business which is fully complaint storage place and controlled by Org IT teams.

So, organizations allow users to work but in restricted mode from unmanaged devices.


Stay tuned for more……..


Recent Articles

How to configure restriction for Users from creation of Office 365 groups, Plans & Microsoft teams.

Connect-AzureAD Create new Security Group "AllowedtoCreateGroups" Get-AzureADGroup -SearchString "AllowedtoCreateGroups" $GroupName = "<SecurityGroupName>" $AllowGroupCreation = "False" Connect-AzureAD $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $template = Get-AzureADDirectorySettingTemplate | Where-object...

Attack Simulator for Office 365

Microsoft has released Attack Simulator (currently in Preview) to allow Office 365 Global Administrators to simulate phishing campaigns and other attack simulations. Prerequisites ·       Your organization’s email...

What is Advanced Threat Analytics?

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber-attacks and insider threats. How ATA...

How to remove Office 365 Groups permanently ?

  Hi Guys, Here is process how to remove office 365 groups or soft deleted groups from your office 365 tenant. Step-1 you need to connect with Azure...

How to solve the issue of guest users access in Office 365 when you applied restriction on office 365 groups creation tenant wide?

Connect-AzureAD via powerShell Run the following command: $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified"} See if you already have an AzureADDirectorySetting object,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox