Friday, December 4, 2015

Prevent Users from Changing Photo in OWA

Using Outlook Web App (OWA, or Outlook on the Web as it is now known), users can change/update their photo using two methods:
1.    By clicking on the Display Name (Exchange 2013) or user photo (Exchange 2016) in the main OWA window and then Change:
2.    Using the options menu and then account followed by Edit information... in Exchange 2013, or “My account” section:


Some companies do not like the idea of users updating their pictures themselves. There are already many posts out there on how to prevent users from changing their photo in OWA. However, some posts only say to change the SetPhotoEnabled parameter to False for all OWA virtual directories:
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -SetPhotoEnabled $False
If we now click on our display name or photo, the Change button is now gone:


The problem is that this method might only prevents users from clicking their photo to change their photo! It is possible that users can still change it through the options menu:

The reason why this might happen is because this setting only applies to mailboxes if they do not have an OWA Mailbox Policy applied to them! If they do, then we also need to update this policy, whether it is the Default policy or not. In this case I am updating all policies and applying the default one just to my account for testing:
Get-OWAMailboxPolicy | Set-OWAMailboxPolicy -SetPhotoEnabled $False
Set-CASMailbox nuno -OWAMailboxPolicy Default

Now the change button is finally gone:


  1. How do I apply this to all mailboxes? Set-CASMailbox nuno -OWAMailboxPolicy Default just does them one at a time!

    1. Hi Rick,

      Simply run: Get-Mailbox -ResultSize Unlimited | Set-CASMailbox -OWAMailboxPolicy Default