Preventing users from attaching files to messages via OWA

This seems like a relatively new addition to the service, but it is now possible to block users from attaching files when composing messages in OWA. To set those restrictions, you will need to use the OWA mailbox policy cmdlets, and toggle the value of the ClassicAttachmentsEnabled parameter. Here’s an example:

Set-OwaMailboxPolicy OwaMailboxPolicy-Default -ClassicAttachmentsEnabled $false

or to set it on all OWA mailbox policies:

Get-OwaMailboxPolicy |Set-OwaMailboxPolicy -ClassicAttachmentsEnabled $false

As with other settings controlled via OWA Mailbox policies, you will need to assign the policy to any users you want to apply the restrictions to, or if the policy is already applied, wait for replication to occur. Once this happens, any affected user will be unable to attach files sourced from the local device and will be presented with the following error message when they try to do so:

OWA error message

Do note that the Attach button will still remain active, as well as all it’s submenus. And, the user will still be prompted whether they want to upload the file and share is at OneDrive link, or attach it directly, unless they have select a default action already. Which brings us to the next scenario, namely blocking attaching files from OneDrive for Business, either directly or as link, as well as blocking attachments from other cloud providers and blocking the option to save attachments directly to OneDrive. All of these can be restricted via additional parameters of the OWA mailbox policy object, as follows:

  • OneDriveAttachmentsEnabled: Allow or block attaching files directly from OneDrive for Business. Default value is True.
  • ClassicAttachmentsEnabled: Allow or block attaching files from the local device. Default value is True.
  • ReferenceAttachmentsEnabled: Allow or block the use of “cloudy attachments” or the “send as link to file” functionality. Default value is True.
  • ThirdPartyAttachmentsEnabled: This parameter is now deprecated, see below.
  • ThirdPartyFileProvidersEnabled: Allow or block attachments from third-party services, such as Box, DropBox and so on. Default value is False.
  • SaveAttachmentsToCloudEnabled: Allow or block saving an attachment directly to OneDrive for Business. Default value is True.

The end user experience with any of these configured is very similar to what’s shown on the screenshot above. The Attach button will remain active, and so will all its submenus and any related dialogs. Only after you finish the process, you will be informed that the file cannot be attached. In other words, there’s definitely a lot of room for improvement, but even in it’s current state, the feature will make some companies happy.

For additional information about the different types of restrictions you can configure, refer to the Set-OwaMailboxPolicy cmdlet help.

One last thing – the new OWA UI does NOT currently support these restrictions.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.