Outlook Web App - Everything OWA

Frequently Asked Questions

Adding Hyperlinks to Signatures in OWA

Adding a hyperlink to a signature in OWA is not as straightforward as you might think. If you want to include a hyperlink, but don't want to show the entire URL, you need to type the text first, and then click on the hyperlink button.

  1. Login to OWA
  2. Open Options and navigate to Settings
  3. Under mail, edit the email signature
  4. Highlight the text you would like to hyperlink and click the link button OWA Hyperlink Button
  5. Enter the URL into the Hyperlink window and click OK

OWA Hyperlink Window

The link will now be included in your OWA Signature:

Hyperlink in Signature

OWA Updates help with Chrome issue in Office 365 but not for on-premises versions

By Tony Redmond,

By now you're probably well aware that Google depreciated the showModalDialog method in version 37 of their Chrome browser and caused some problems for Outlook Web App (OWA) and Exchange Administration Center (EAC), both of which use the method to display modal screens to collect user input. Well, there's good news and bad news to report on that topic.

Google remains adamant that the problem is with Microsoft's use of what Google considers to be an outdated and possibly insecure method. Google will fix problems in Chrome if they believe that they are real bugs - and proved that they would do so when fixing the recent issue that caused OWA to be unable to display calendar appointments.

The good news is that some relief is on the horizon because Microsoft is busily eliminating the use of the offending method. For example, the new OWA options implementation inside Office 365 introduces a different approach to displaying and gathering user options. So far I haven't encountered any problems using OWA with Chrome version 38, so that's a good sign - albeit a single-user test.


The bad news is that these OWA improvements are only available in Office 365 and there's no sign of similar progress in either EAC or OWA for on-premises Exchange yet. Don't hold your breath for an update in Exchange 2013 CU7 because I doubt that any change will happen there, even if its release was delayed last week.

To read the full article, go to: WindowsITPro

Copy and Paste causes crash in Internet Explorer 9

Trying to copy and paste into the body of an email in Office 365 while using Internet Explorer 9 prompts for clipboard access.

Prompt for Clipboard Access

Pressing allow or block causes OWA to crash with an Internet Explorer has stopped working message.

Internet Explorer 9 Crash

This is an Internet Explorer 9 issue and since Office 365 is designed to work with the current or immediately previous version of Internet Explorer, it is recommended to upgrade to the latest version of IE.

If unable to upgrade at this time, the following workaround will help:

  1. Go to Internet Options
  2. Click the Security Tab
  3. Click on the Internet zone
  4. Click the Custom Level button
  5. Scroll down until you see the Scripting heading
  6. Under the Scripting heading, find Allow Programmatic clipboard access
  7. Click Enable
  8. Click OK
  9. Click Yes on the warning box.

Copy and paste should now be enabled in OWA.

For more information refer to the Office 365 forum

OWA on Android Devices

By default when accessing Outlook Web App on an Android device users are forced to use OWA light.

By making a slight change to the URL used to access OWA, users can load the full OWA experience from their Android device.

From a smartphone, use the following URL: https://<servername>/owa/?layout=tnarrow

Adding ?layout=tnarrow will give you a narrow view for the phone.

From a tablet or device with a larger screen than a smartphone, use the following URL: https://<servername>/owa/?layout=twide

Adding ?layout=twide will give you a wide view for tablet use.

Preview causes crash in IE10 on Windows 8

Messageware OWA Desktop users with an Office 365 account using Internet Explorer 10 on a Windows 8 x64bit operating system may experience a crash when previewing Microsoft Office document attachments in Outlook Web App.

To prevent this occurrence there are two options available to the user:

  1. Uninstall Cumulative Security Update for Internet Explorer 10 for Windows 8 x64 bit Systems (KB2962872)
    1. Go to Control Panel
    2. Click Uninstall a program
    3. Click View installed updates
    4. Find Security Update for Microsoft Windows (KB2962872)
    5. Double click the KB
    6. Click Yes to confirm the uninstallation
    7. Restart required
  1. Enable SmartScreen Filter in Internet Explorer Security Settings
    1. Open Internet Explorer
    2. Navigate to Internet Options
    3. Select the Advanced tab
    4. Scroll down to find Enable SmartScreen Filter and uncheck the box to Disable the filter
    5. Click Apply and OK to save changes.

Disable SmartScreen Filter

Working with Contact Notes in Outlook 2013

When opening a contact in Business-Card view, the Outlook user does not have access to any Notes included with the contact.

Outlook Contact - Business Card view

When opening the same contact with People view, the Notes field is populated:

Using Outlook Web App Offline on a shared computer

If you have set up your computer to use Outlook Web App offline, and then log into OWA with a different account, the App cache of any offline user on the machine will be cleared.

The new user logging in will be presented with the following message:

John Smith has set up this computer to be able to use Outlook Web App offline. If you sign into Outlook Web App, John Smith will no longer be able to use mail offline.

The use then has the choice to cancel their sign in or to sign in anyway.

OWA Offline Message

OAB Improvements in Exchange 2013 Cumulative Update 5

By Ross Smith IV,

Dedicated OAB Generation Mailboxes in Cumulative Update 5

CU5 moves away from the previous model where an OAB generation mailbox generates all the OAB's in the organization. While an OAB generation mailbox can continue to generate multiple OABs (the default behavior when you deploy Exchange 2013), what's new in CU5 is that an OAB can only be assigned to a single OAB generation mailbox.

This architectural change addresses the aforementioned deficiencies:

  • By allowing administrators to define where an OAB is generated.
  • By removing the capability to have multiple instances of the same OAB, mitigating the scenario where a client could hit a different OAB instance triggering a full OAB download.

From a connectivity perspective, Autodiscover provides back an OAB URL for the site in which the user's mailbox is located. That URL resolves to a Client Access server which proxies the request to the linked OAB generation mailbox that is responsible for generating the requested OAB.

As a result, Contoso can now display the following OAB architecture:

Redmond users will now only download the Redmond OAB from the Redmond AD site and Portland users will only download the Portland OAB from the Portland AD site. Neither set of users will have an OAB full download as a result of traveling between locations because the users will always be referred back to the Mailbox server hosting the OAB generation mailbox that contains their OAB.

To read the full article, go to: The Exchange Team Blog

Calendar delegation in Outlook Web App

By Office 365 Team,

Molly has asked Alex to watch over her calendar while she is out. In order to give others access to her calendar, she needs to first share her calendar with them and then give them delegate permissions. She starts by clicking SHARE in the top right corner of the calendar module. She can also do this by right-clicking her calendar to open a context menu where she can click share calendar.

She then types in Alex's name, and if he doesn't immediately show up, she can search for him in Contacts & Directory.

Alex is now added to the list, and she can select which permissions she wants him to have. In this case, she wants him to be a Delegate.

A couple of things to note here. We inform you that a delegate is going to get copies of all your meeting requests. This is so they can respond on your behalf without having to open your calendar or inbox to do so. Appointments you have marked Private are by default not viewable by a delegate, although we give you the option to allow this.

Once Molly is done here, Alex will get an email confirming the permissions she has given him. You'll notice that she changed the subject to "Please monitor my calendar while I'm out" as a customized reminder to him. Once everything is all set, she clicks SEND at the top.

Now Molly can take her leave with the peace of mind that Alex has everything he needs to manage her calendar.

But what about when she returns? Does Alex still need to have delegate permissions to her calendar? Maybe he does, maybe he doesn't, or maybe he just needs to see her calendar but not respond to any of her meeting requests. Molly can configure all of these scenarios. She simply right-clicks her calendar and selects permissions.

From here Molly can see that Alex has delegate permissions and Sara can see full details. If she wants, she can just remove Alex by clicking the x on his card or she can choose to downgrade his permissions to something less, like "Full details" or "Limited details."

Molly can also configure how her meeting requests are to be handled. Her delegates will always get a copy of the meeting request and will be allowed to respond on her behalf. The question is, what does she want to see in her own inbox? Does she want to be able to respond to meeting requests for herself? If so, she can select "Both delegate and me." If she just wants to know that she has a meeting request but doesn't want to take action on it, then she can select "Delegate only. Send me notifications." Lastly, if she doesn't want to be bothered with meeting requests at all, she can select "Delegate only."

Molly can also configure delegate access to her calendar from her tablet device. She can open up Outlook Web App with a compatible mobile browser or OWA for iPad, and follow the same set of commands.

As you can see, delegate access configuration is a powerful feature. It's something Outlook users have had for a long time, but now it's also available on Outlook Web App.1 This provides users even more options to ensure their work gets done, even when they're on vacation or leave.

To read the full article, go to:

Configuring delegate access in Outlook Web App

By Office 365 Team,

Let's say you're about to go on vacation and you don't want to distract yourself from your fun, so you've decided to turn work email off on your phone and leave your laptop at home for this trip. Even though you're off having a good time, it's still business as usual in the office, and someone needs to check your email and calendar to make sure everything runs smoothly while you're away. This is where delegate access comes in. Whether you need your coworker to check your inbox or your admin to manage your calendar, the ability to give delegate access to your Exchange Online data is important. Historically, the ability to configure delegate access was available only in Outlook. Now, you're able to configure both folder permissions and calendar delegation directly from Outlook Web App 2013 and Office 365

Let's take a quick look at how this works.

Folder permissions in Outlook Web App

Molly is planning to take some time off from work and needs Alex to cover for her. With Outlook Web App, she can quickly and easily give Alex permissions to view and modify the messages in her mailbox.

To share one of her mail folders with Alex (her inbox, in this case), Molly just needs to right-click it and select "permissions."

This brings up the folder permissions dialog box.

At the top of the dialog box is a list of people other than Molly who currently have permissions to view the folder. In this case, since this is the first time Molly's changed her folder permissions, there's no one in the list yet.

To give Alex permissions to her inbox, Molly clicks the PLUS SIGN (+) at the top left of the dialog box and then types Alex's name.

After selecting Alex and clicking add, Molly can choose from several predefined permissions settings in the drop-down menu or, if she prefers, she can configure custom permissions.

Once she has set Alex's permissions appropriately, she just needs to click ok and she's done.

If Molly wants to give Alex permissions to view any folder other than her inbox, there's one more step. After setting permissions for the folder she wants to share, she also needs to click her mailbox's root folder ("Molly Dempsey") and grant permissions to that as well.

Again, this is necessary only if she wants to share a folder other than her inbox.

Now let's take a look at Alex's inbox. In order to see Molly's mail, Alex needs to right-click his mailbox's root folder ("Alex Darrow") and select add shared folder.

He then simply needs to enter Molly's name, and he's done-he can view and, if she has allowed him, modify the contents of her inbox. He can tell he's in Molly's inbox because her name appears at the top of the message list.

Once he's set himself up to view Molly's mail on his desktop, Alex can also view her mail on his tablet and phone! He can open up Outlook Web App with a compatible mobile browser or with an app such as OWA for iPhone or OWA for iPad. He then just needs to tap the folder button at the bottom of the screen. This will bring up a list of his folders, as well as the folder that Molly has shared with him.

At that point, he can click Molly's inbox and view it like any other folder.

To read the full article, go to:

More FAQs...


Microsoft fixes FREAK vulnerability in Patch Tuesday update

Included in the latest Patch Tuesday release is a fix for the FREAK vulnerability that could help attackers intercept secured network communications.

Discovered earlier this month, FREAK (Factoring attack on RSA_EXPORT Keys) provides a way for an attacker to intercept SSL-encrypted traffic (Secure Sockets Layer) as it moves between clients and servers.

The problem stems from export restrictions imposed by the U.S. government in the early 1990's, which prohibited software makers from shipping products with strong encryption overseas.

The vulnerability that has recently surfaced, allows attackers to downgrade the security of connections from strong encryption to that of the weaker export-grade encryption. Servers or clients that accept the RSA_Export cipher suites are at risk. The RSA_Export keys can be downgraded by preforming a man-in-the-middle-attack that interferes with the set-up process of an encrypted connection. Although there are defenses in the SSL/TLs protocol to prevent such tampering, they can be worked around. The weaker, 512-bit keys can be revealed using today's powerful computers, and the data traffic can then be decrypted.

Today's protocols use longer encryption keys, and the standard is 2,048-bt RSA. The 512-bit keys were considered secure two decades ago, but an attacker could recover the key they need quite easily today using a public cloud service.

These vulnerabilities can affect Microsoft Exchange Outlook Web App (OWA), where a user could be fooled into clicking on a maliciously crafted email link that directs them to the OWA site, and then extends the user's access privileges on that machine to the attacker.

While the FREAK flaw itself resides in SSL, Microsoft has fixed the SSL implementations in its own software through MS15-031.

The critical bulletins for both Explorer (MS15-018) and Office (MS15-022) address flaws that would let an attacker take remote control of a machine. Although not ranked as critical, MS15-026 should be examined by administrators who oversee Exchange servers to counter the vulnerability to OWA mentioned above.

New Outlook Mobile App for Apple and Android

With the launch of the new Outlook Mobile App into the Apple and Android stores, there are a number of new security concerns from the Microsoft Exchange community. Perhaps the gravest concern for those using the new App are that Microsoft stores email credentials in, and transfers company email data through the cloud (initially Amazon Web Services). That "may" be fine for companies already using the Microsoft and Amazon clouds, but for many security conscious organizations it's not approved and may be a violation of their security policies.

For organizations that want to block or quarantine the app from connecting to their Exchange or Office 365 environments until it can be further evaluated, we've included the steps below.

Read more about controlling device access at TechNet ( )

Read more news about organizations blocking the Outlook Mobile App with a quick google search. Here are the first two from our search:

University of Wisconsin: (Security alert issued for Outlook mobile app)

EU Parliament: (EU parliament bans Outlook app over cloudy security)

Controlling Exchange device access using the ActiveSync Allow/Block/Quarantine list

  1. Log in to the Exchange Control Panel (ECP) (https://yourdomain/ecp or https://yourdomain/owa and select Options > See all options)
  2. In ECP, make sure you are managing My Organization. Be aware that user accounts that are not Exchange Admins won't see the "My Organization" option
  3. Select Phone & Voice> ActiveSync Access tab. This is the Allow/Block/Quarantine configuration screen.
  4. To create a new rule, select New from the Device Access Rules section.
  5. It's important to note that when making a new rule that you select the device family or the model, but not both. The Outlook app is identified in ActiveSync management screens with the device family outlook-iOS-Android/1.0
  6. Select to Block or Quarantine devices of the selected family when trying to connect.

ActiveSync Allow/Block/Quarantine List

Microsoft Updates for Exchange Server 2013

Earlier this week Microsoft released the latest Cumulative Update for Exchange Server 2013. CU7 contains fixes for customer reported issues and minor feature improvements in the area of backup. It also included support for Legacy Public Folders. Microsoft is encouraging all customers who backup their Exchange databases to upgrade to Cumulative Update 7 as soon as possible and to complete a full back up once the upgrade has been completed.

More details can be found at:

Release of Microsoft CU7 for Exchange 2013 Delayed

The Exchange Team decided to hold the release of Cumulative Update 7 for Exchange 2013 until December. The decision was made to provide time to resolve an issue in the Installer package used with Exchange Server 2013, where in some instances OWA files would be corrupted by installation of a Security Update.

While it is believed the installer defect is limited to Exchange Server 2013, they are also evaluating previous versions of Exchange Server and are delaying the planned 2007 and 2010 releases as well.

For more information please see The Exchange Team Blog

Cyber-attacks launched against Outlook Web App users

logon screen

An attack campaign using advanced cyber-espionage techniques launched against Office 365's Outlook Web App users in an attempt to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets.

The group behind the attack used an interesting technique against organizations using OWA; for each attack they used JavaScript code to make it appear that the victims OWA sessions ended while at the same time, tricking them into re-entering their log-in credentials by redirecting victims to fake OWA log-in pages.

Further reading material can be found at PC World

Third party OWA Security software can be found at

OWA for Android now available on select devices

By The Office Team,

At the Microsoft Exchange Conference (MEC) in March, we announced that we'll be bringing a native OWA mobile app to Android phones. Today, we're pleased to announce a pre-release of this app available in the Google Play Store.

During this pre-release, we'll be gathering feedback, fixing bugs and making sure the app is ready for prime time! The app distribution will be limited to a few devices to begin with. We'll be adding new device support regularly, so if your device isn't supported right now, check back often. Also, let us know which devices we should add next by voting here. Learn more about the background behind OWA for Android on this week's Garage Series.

Can I use OWA for Android?

Here are the requirements to use OWA for Android:

  • Your device must be running Android 4.4 Kit Kat or higher.
  • Your mailbox must be running on Office 365 for business. (This does not include Office 365 Personal, Office 365 Home or
  • Your device size is considered "small' or "normal" by Android OS

To read the full article, go to: Office Blogs

Released: Exchange Server 2013 Cumulative Update 5

By The Exchange Team,

The Exchange team has announced the availability of our most recent quarterly servicing update to Exchange Server 2013. Cumulative Update 5 for Exchange Server 2013 and updated UM Language Packs are now available on the Microsoft Download Center. Cumulative Update 5 represents the continuation of our Exchange Server 2013 servicing and builds upon Exchange Server 2013 Service Pack 1. The release includes fixes for customer reported issues, minor product enhancements and previously released security bulletins. A complete list of customer reported issues resolved in Exchange Server 2013 Cumulative Update 5 can be found in Knowledge Base Article KB2936880. Customers running any previous release of Exchange Server 2013 can move directly to Cumulative Update 5 today. Customers deploying Exchange Server 2013 for the first time may skip previous releases and start their deployment with Cumulative Update 5 as well.

To read the full article, go to: The Exchange Team Blog

Third-party transport agents cannot be loaded correctly in Exchange Server 2013

After you install Microsoft Exchange Server 2013 Service Pack 1 (SP1) or you upgrade an existing Microsoft Exchange Server 2013 installation to Exchange Server 2013 SP1, third-party or custom-developed transport agents cannot be installed correctly. Additionally, the Microsoft Exchange Transport service (MSExchangeTransport.exe) cannot start automatically. Specifically, you cannot enable third-party products that rely on transport agents. For example, you cannot enable anti-malware software or custom-developed transport agents.

When the installation fails, you also receive an error message that resembles the following:

The TransportAgentFactory type must be the Microsoft .NET class type of the transport agent factory.

Microsoft has developed a PowerShell script that corrects a formatting error in the configuration files that govern the Transport Extensibility that is built into Exchange Server 2013. To have us apply this script for you so that Transport Extensibility and third-party products that use this capability function correctly, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Let me fix it myself" section.

To read the full article, go to: Microsoft Support

Released: Exchange Server 2013 Service Pack 1

By The Exchange Team, Technet

Exchange Server 2013 Service Pack 1 (SP1) is now available for download! Please make sure to read the release notes before installing SP1. The final build number for Exchange Server 2013 SP1 is 15.00.0847.032.

SP1 has already been deployed to thousands of production mailboxes in customer environments via the Exchange Server Technology Adoption Program (TAP). In addition to including fixes, SP1 provides enhancements to improve the Exchange 2013 experience. These include enhancements in security and compliance, architecture and administration, and user experiences. These key enhancements are introduced below.

Security and Compliance

SP1 provides enhancements improving security and compliance capabilities in Exchange Server 2013. This includes improvements in the Data Loss Prevention (DLP) feature and the return of S/MIME encryption for Outlook Web App users.

DLP Policy Tips in Outlook Web App - DLP Policy Tips are now enabled for Outlook Web App (OWA) and OWA for Devices. These are the same Policy Tips available in Outlook 2013. DLP Policy Tips appear when a user attempts to send a message containing sensitive data that matches a DLP policy. Learn more about DLP Policy Tips.

DLP Document Fingerprinting - DLP policies already allow you to detect sensitive information such as financial or personal data. DLP Document Fingerprinting expands this capability to detect forms used in your organization. For example, you can create a document fingerprint based on your organization's patent request form to identify when users are sending that form, and then use DLP actions to properly control dissemination of the content. Learn more about DLP Document Fingerprinting.

DLP sensitive information types for new regions - SP1 provides an expanded set of standard DLP sensitive information types covering an increased set of regions. SP1 adds region support for Poland, Finland and Taiwan. Learn more about the DLP sensitive information types available.

S/MIME support for OWA - SP1 also reintroduces the S/MIME feature in OWA, enabling OWA users to send and receive signed and encrypted email. Signed messages allow the recipient to verify that the message came from the specified sender and contains the only the content from the sender. This capability is supported when using OWA with Internet Explorer 9 or later. Learn more about S/MIME in Exchange 2013.

To read the full article, go to:

Exchange 2013 SP1 - mixture of new and completed features

By Tony Redmond, WindowsITPro

Three months after they shipped Exchange 2013 CU3, Microsoft has announced the release of Exchange 2013 SP1, or cumulative update 4 (CU4) to its friends. The announcement will no doubt come as pleasant relief to those who insist that no Microsoft server product can ever be installed until the first service pack appears. Like waiting for the first cuckoo of spring to sing before planting, such a well-worn adage is challenged in an era when the demands of the cloud mandates that on-premises customers receive quarterly updates, but some people find it hard to shift old habits. In any case, build 847.32 aka Exchange 2013 SP1 is now available for download.

To make sure that those running older versions of Exchange are not left out, Microsoft has also released Rollup Update 13 for Exchange 2007 SP3 and Rollup Update 5 for Exchange 2010 SP3.

I won't bore you with the details of how to install Exchange 2013 SP1 because the upgrade from CU3 was easy (at least for me). A schema extension is required to accommodate new objects and cmdlets and the consequent updates to RBAC roles, so be sure to include this step in your planning. The normal caveats about preparing DAG member servers by putting them into maintenance mode before starting the upgrade and shutting down all Exchange components like EMS and EAC apply. My upgrades occurred without trauma, which was a nice surprise. The sole caveat is to check that all services come back online after the upgrade as the transport services can be picky about restarting.

Looking through the set of features and updates provided in Exchange 2013 SP1, we find a mixture of finishing off important components and extending new functionality. Adding S/MIME support back for Outlook Web App (OWA) is an example of the former; providing the ability to add custom sensitive data types through document fingerprinting for Data Loss Prevention (DLP) is an example of the latter. The full list of updated functionality in SP1 is shown below. Where appropriate, the features are also available to users of Exchange Online in Office 365. In fact, the nature of the development process is that new functionality is slip-streamed into production in the cloud some weeks before it is made available to on-premises customers in an update like SP1. It is therefore quite possible that you have been able to use upgraded functionality for some time, even if you never realized it.

To read the full article, go to:

More Articles...

Use Ctrl+Shift+R to "Reply all" to the selected message.


Will tablet and Smart phone use be a big part of your OWA 2013 deployment?