PowerShell | Help & additional information
Running PowerShell commands in Office 365 based environment
To be able to run the PowerShell commands specified in the current article, you will need to create a remote PowerShell with Azure Active Directory or Exchange Online. In case that you need help with the process of creating a Remote PowerShell session, you can use the links on the bottom of the Article.
One of the most conspicuous advantages of Exchange server is, his ability to “expose” the Exchange mailbox to a various type mail client and to various mail protocols.
By default, Exchange server is configured to allow Exchange clients to use all the available mail protocols using all the supported mail clients.
In some scenarios, we as Exchange Administrator, need to “prevent” Exchange client from using a specific protocol or a specific mail client.
For example, in a scenario in which our client experiences strange problems such as mail that disappear or other problems.
To be able to locate the specific mail client that is causing this problem, we can implement a troubleshooting method in which we disable all the available mail protocol beside one protocol such as – OWA mail client, and then verify if the problem still occurs.
The rest of the process is implemented by enabling each time additional mail client until we locate the not functioning or problematic mail client.
The following table includes a summary of the mail protocol and mail client that we review in the current article:
| Web Base Based client | |
| Disable OWA clients access | -OWAEnabled $False |
| Mobile Based mail client | |
| Disable ActiveSync mail client access to Exchange mailbox | -ActiveSyncEnabled $False |
| Disable OWA for mobile device mail client access to Exchange mailbox | -OWAforDevicesEnabled $False |
| Outlook mail client | |
| Disable Outlook mail client access to Exchange mailbox | -MAPIEnabled $False |
| Disable Outlook mail client access to Exchange WEB services (EWS) | -EwsAllowOutlook $False |
| Exchange Web Services client | |
| Disable ALL mail client access to Exchange WEB services (EWS) | -EwsEnabled $False |
| “Internet” mail clients – POP3 and IMAP4 | |
| Disable POP3 mail client access to Exchange mailbox | -PopEnabled $False |
| Disable IMAP4 mail client access to Exchange mailbox | -ImapEnabled $False |
| Exchange MAC client | |
| Disable Microsoft Entourage mail client access to Exchange mailbox | -EwsAllowEntourage $False |
| Disable MicrosoftOutlook for Mac mail client access to Exchange mailbox | -EwsAllowMacOutlook $False |
| Disable Access to Remote PowerShell | |
| Disable Exchange client access to Exchange using Remote PowerShell | -RemotePowerShellEnabled $False |
Note – I have added a reference to a scenario in which we want to disable the option of Exchange client to create a Remote PowerShell session.
Disable Exchange recipient mailbox access | Various protocols and mail clients
Disable OWA clients access to Exchange mailbox
The OWAEnabled parameter enables or disables access to the mailbox by using Outlook on the web. The default value is $True.
To disable Exchange Online recipient access to OWA protocol, we set the OWAEnabled value to $False
Disable OWA clients access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -OWAEnabled $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -OWAEnabled $False |
Disable OWA clients access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -OWAEnabled $False |
Disable to ActiveSync (Mobile client) clients access to Exchange mailbox
The ActiveSyncEnabled parameter enables or disables Exchange ActiveSync for the mailbox.
The default value is $True.
To disable Exchange Online recipient access to ActiveSync protocol, we set the ActiveSyncEnabled value to $False
Disable ActiveSync (Mobile client) access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -ActiveSyncEnabled $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -ActiveSyncEnabled $False |
Disable ActiveSync (Mobile client) access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -ActiveSyncEnabled $False |
Disable Outlook clients (MAPI clients) access to Exchange mailbox
The MAPIEnabled parameter enables or disables access to the mailbox by using MAPI clients (for example, MicrosoftOutlook). The default value is $True.
To disable Outlook (MAPI clients) protocol, we set the MAPIEnabled value to $False
Disable Outlook clients (MAPI client) access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -MAPIEnabled $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -MAPIEnabled $False |
Disable Outlook clients (MAPI client) access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -MAPIEnabled $False |
Disable Exchange Web Services clients access to Exchange mailbox
The EwsEnabled parameter enables or disables access to the mailbox by using Exchange Web Services clients. The default value is $True.
To disable Exchange Web Services clients protocol, we set the EwsEnabled value to $False
Disable Exchange Web Services client access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -EwsEnabled $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -EwsEnabled $False |
Disable Exchange Web Services client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -EwsEnabled $False |
Disable POP3 clients access to Exchange mailbox
The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. The default value is $True.
To disable Exchange Online recipient access to POP3 protocol, we set the PopEnabled value to $False
Disable POP3 client access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -PopEnabled $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -PopEnabled $False |
Disable POP3 client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -PopEnabled $False |
Disable IMAP4 clients access to Exchange mailbox
The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. The default value is $True.
To disable Exchange Online recipient access to IMAP4 protocol, we set the ImapEnabled value to $False
Disable IMAP4 client access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -ImapEnabled $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -ImapEnabled $False |
Disable IMAP4 client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -ImapEnabled $False |
Disable Microsoft Outlook client EWS access to Exchange mailbox
The EwsAllowOutlook parameter enables or disables access to the mailbox by MicrosoftOutlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.
The default value is $True.
To disable Exchange Microsoft Outlook client EWS access, we set the EwsAllowOutlook value to $False
Disable Microsoft Outlook client EWS access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -EwsAllowOutlook $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -EwsAllowOutlook $False |
Disable Microsoft Outlook client EWS access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -EwsAllowOutlook $False |
Disable Microsoft Entourage clients (Mac client) access to Exchange mailbox
The EwsAllowEntourage parameter enables or disables access to the mailbox by Microsoft Entourage clients that use Exchange Web Services (for example, Entourage 2008 for Mac, Web Services Edition).
The default value is $True.
To disable Exchange Online Mac recipient access to Entourage protocol, we set the EwsAllowEntourage value to $False
Disable Microsoft Entourage clients (Mac client) client access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -EwsAllowEntourage $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -EwsAllowEntourage $False |
Disable Microsoft Entourage clients (Mac client) client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -EwsAllowEntourage $False |
Disable MicrosoftOutlook for Mac clients access to Exchange mailbox
The EwsAllowMacOutlook parameter enables or disables access to the mailbox by MicrosoftOutlook for Mac clients that use Exchange Web Services (for example, Outlook for Mac 2011 or later). The default value is $True.
To disable Exchange Online Mac recipient access Microsoft Outlook for Mac protocol, we set the EwsAllowMacOutlook value to $False
Disable MicrosoftOutlook for Mac client access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -EwsAllowMacOutlook $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -EwsAllowMacOutlook $False |
Disable MicrosoftOutlook for Mac client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -EwsAllowMacOutlook $False |
Disable OWA for mobile device clients access to Exchange mailbox
The OWAforDevicesEnabled parameter enables or disables access to the mailbox by using Outlook on the web for devices. The default value is $True.
To disable Exchange Online recipient access to Outlook on the web for devices protocol, we set the OWAforDevicesEnabled value to $False
Disable OWA for mobile device client access to Exchange mailbox | Single mailbox
PowerShell command syntax
1 | Set-CASMailbox <Mailbox> -OWAforDevicesEnabled $False |
PowerShell command Example
1 | Set-CASMailbox Bob@o365info.com -OWAforDevicesEnabled $False |
Disable OWA for mobile device client access to Exchange mailbox | Bulk – All Exchange recipient with mailbox except Exchange Administrator
PowerShell command Example
1 | Get-user | Where-Object {($_.RecipientTypeDetails -eq 'UserMailbox') -and ($_.Title -ne ‘Exchange Admin’)} | Set-CASMailbox -OWAforDevicesEnabled $False |
Disable Access to Remote PowerShell
The RemotePowerShellEnabled parameter enables or disables access to Exchange Online using Remote PowerShell session. The default value is $True.
To disable Remote PowerShell, we set the RemotePowerShellEnabled value to $False
Display information about mailbox access protocols
View the standard access protocol settings | Single mailbox
PowerShell command syntax
1 | Get-CASMailbox <Mailbox> |
PowerShell command Example
1 | Get-CASMailbox Bob |
View the MAC client access protocol settings | Single mailbox
PowerShell command syntax
1 | Get-CASMailbox <Mailbox> | FT EwsAllowMacOutlook, EwsAllowEntourage |
PowerShell command Example
1 | Get-CASMailbox Bob | FT EwsAllowMacOutlook, EwsAllowEntourage |
View Remote PowerShell access settings | Single mailbox
PowerShell command syntax
1 | Get-User <USER> | FT RemotePowerShellEnabled |
PowerShell command Example
1 | Get-User Bob | FT RemotePowerShellEnabled |
View (display) information about standard access protocol settings | All Exchange USERS mailboxes
PowerShell command Example
1 | Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Get-CASMailbox |
View (display) about standard access protocol settings | All Exchange USERS mailboxes
PowerShell command Example
1 | Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Get-CASMailbox |
View (display) information about Exchange recipient which their OWA access is Disabled
PowerShell command Example
1 | Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).OWAEnabled -eq $False } |
View (display) information about Exchange recipient which their ActiveSync access is Disabled
PowerShell command Example
1 | Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).ActiveSyncEnabled -eq $False } |
View (display) information about Exchange recipient which their Outlook (MAPI) access is Disabled
PowerShell command Example
1 | Get-MailBox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Where-Object {(Get-CASMailbox -Identity $_.alias).MAPIEnabled -eq $False } |
PowerShell menu script that will help you to Disable or Enable mail access protocols such as -OWA, Outlook AnyWhere, ActiveSync and more for a single Exchange Online mailbox.
You can read more detailed information about the PowerShell commands that are used in the script in the article: Disable Access to Service by using PowerShell
Getting started with Office 365 PowerShell
Get more information about the Naming Conventions that are used in the PowerShell articles – Help and additional information – o365info.com PowerShell articles
To get more information about the required remote PowerShell commands that you need to use for connecting to Exchange Online, read the following article:
Connect to Exchange Online by using Remote PowerShell
To get more information about the required software component + the remote PowerShell commands that you need to use for connecting Azure Active Directory, read the following article: Part 2: Connect to Office 365 by using Remote PowerShell
If you are new in the PowerShell world, you can read more information about how to start working with PowerShell in Office 365 based environment in the following article series: Getting started with Office 365 PowerShell – Part 1, Part 2, Part 3.
In case that you need more information about how to use the o365info PowerShell scripts that I add to the PowerShell articles, you can read the article – How to run and use o365info PowerShell menu script
It is important for us to know your opinion on this article
PowerShell command syntax – Office 365 | Article series index
It’s a way to achieve immortality.
Dalai Lama
Hey great info but lots of typos:
“Set-Set-CASMailbox -MAPIEnabled $False”
Good article. I’m facing a few of these issues as
well..