Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-03-19
After you create a Unified Messaging (UM) mailbox policy, you can view and configure a variety of settings. For example, you can configure Unified Messaging features like Voice Mail Preview or Play on Phone and other security-related options such as Protected Voice Mail and PIN policy settings.
Looking for other management tasks related to UM mailbox policies? Check out Managing UM Mailbox Policies.
Prerequisites
A UM dial plan has been created. For detailed steps, see Create a UM Dial Plan.
What Do You Want to Do?
Use the EMC to view or configure UM mailbox policy properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.
- In the console tree, navigate to Organization
Configuration > Unified Messaging.
- In the work pane, click the UM Mailbox Policies tab, and
then select the UM mailbox policy that you want to configure.
- In the action pane, click Properties.
- Use the General
tab to view and configure settings for a UM mailbox policy. For
example, you can view the dial plans associated with the UM mailbox
policy or disable missed call notifications for users who are
associated with a specific UM mailbox policy.
When you modify the settings on a UM mailbox policy, the settings are applied to all users who are associated with the UM mailbox policy. UM mailbox policies let you apply a common set of settings to a collection or group of mailboxes. You must create a UM mailbox policy before you can enable users for Unified Messaging. You can view or configure the following:
- Associated UM dial plan Displays the
name of the dial plan associated with the UM mailbox policy. This
is the name of the dial plan displayed in the Shell.
When a new UM mailbox policy is created, it must be associated with a dial plan. After the UM mailbox policy is created and associated with a dial plan, the settings defined on the mailbox policy are applied to the users who are associated with the dial plan. By default, when you create a UM dial plan using the Shell, it will also create a UM mailbox policy.
A UM mailbox policy can't be changed after it's associated with a dial plan.
- Modified Displays the date of the last
modification or change made to the UM mailbox policy.
- Maximum greeting duration (minutes) Use
this text box to enter the maximum number of minutes that users who
are associated with the UM mailbox policy can use when they record
their voice mail greeting. You can modify this setting after the UM
mailbox policy is created. Only numeric characters are allowed. The
valid range for the greeting is from 1 through 10 minutes. The
default setting is 5 minutes.
- Allow missed call notifications Select
this check box to enable or disable missed call notifications for
users associated with the UM mailbox policy.
A missed call notification is an e-mail message sent to a user's mailbox when the user doesn't answer an incoming call. This is a different e-mail message than the e-mail message that contains the voice mail message left for a user.
Typically, when a user misses an incoming call, the user receives two e-mail messages: an e-mail message that contains the voice mail message and a missed call notification message.
By default, missed call notifications are enabled when a UM mailbox policy is created.
- Allow Message Waiting Indicator Select
this check box to enable or disable Message Waiting Indicator for
users associated with the UM mailbox policy. Message Waiting
Indicator is a feature found in most legacy voice mail systems. In
its most common form, it lights a lamp on the voice mail
subscriber’s phone to indicate the presence of a new voice mail.
Message Waiting Indicator can also be a text message sent to the
UM-enabled user's mobile phone. If this option is disabled on the
UM IP gateway, this feature isn't available to UM-enabled users
associated with the UM mailbox policy. This option isn't available
to UM-enabled users who have a mailbox on a Microsoft Exchange 2007
server. The default setting is enabled.
- Allow inbound faxes Select this check
box to enable or disable inbound faxes for users associated with
the UM mailbox policy. By default, when you enable users for
Unified Messaging, they can receive faxes. However, there may be
situations when users can't receive faxes, because the ability to
receive faxes has been disabled on their mailbox. If this option is
disabled on the UM dial plan, UM-enabled users associated with the
UM mailbox policy won't be able to receive faxes. The default
setting is disabled.
After you have enabled the Allow inbound faxes setting, you will need to specify the URI for the partner fax server. If the Unified Messaging mailbox policy is associated with UM servers that use TCP and TLS, you will need to enter URIs for both TCP and TLS.
- Allow Voice Mail Preview Select this
check box to enable or disable the Voice Mail Preview feature for
users associated with the UM mailbox policy. Enabling this setting
allows users to receive the text of a voice mail in the message
body of an e-mail or text message. If this option is disabled on
the UM dial plan, this feature won't be available to UM-enabled
users associated with the UM mailbox policy. This option isn't
available to UM-enabled users who have a mailbox on an Exchange
2007 Unified Messaging server. The default setting is enabled.
- Allow Outlook Voice Access Select this
check box to enable or disable access to Outlook Voice Access for
UM-enabled users who are associated with this UM mailbox policy.
Outlook Voice Access is a feature used by UM-enabled users to
access their Exchange 2007 or Exchange 2010 mailbox over a phone.
By default, this setting is enabled.
- Allow Play on Phone Select this check
box to enable or disable the Play on Phone feature for users
associated with the UM mailbox policy. This option is enabled by
default and allows users to play their voice mail messages over a
phone. The phone can be any phone, including an office or mobile
phone. This option isn't available to UM-enabled users who have a
mailbox on an Outlook 2007 Unified Messaging server.
- Allow users to configure call answering
rules Select this check box to allow users who
are associated with the UM mailbox policy to create call answering
rules. If this option is disabled on the UM dial plan, this feature
won't be available to UM-enabled users associated with the UM
mailbox policy. This option isn't available to UM-enabled users who
have a mailbox on an Exchange 2007 Unified Messaging server. The
default setting is enabled.
- Associated UM dial plan Displays the
name of the dial plan associated with the UM mailbox policy. This
is the name of the dial plan displayed in the Shell.
- Use the Message
Text tab to configure message text settings for users who are
associated with a UM mailbox policy. For example, you can specify
the e-mail message text sent to users after they reset their UM
PIN. You can configure the following:
- Text sent when a UM Mailbox is
enabled The text entered in this text box
appears in the e-mail message sent to users when they are enabled
for Unified Messaging. When a recipient's mailbox is enabled for
Unified Messaging, an e-mail message that welcomes the user to
Unified Messaging is sent to the user. This text box is limited to
512 characters. By default, no text is defined in this text
box.
This welcome message contains welcome text and the PIN information that the user will use to access the Unified Messaging system. The text entered in this text box is included at the bottom of this welcome message. You can use this text box to include information such as the Unified Messaging technical support telephone numbers or subscriber access numbers.
If text isn't entered in this text box, the default text generated by the Unified Messaging system is included in the e-mail message.
The text that you provide in this text box can be plain. It can also contain simple HTML formatting tags if you want to emphasize text or add hyperlinks to other content.
Example 1 If you have any questions or suggestions about voice mail service, please call the help desk at extension 4200.
Example 2 If you have any questions or suggestions about <b>voice mail service</b>, please call the help desk at extension 4200 or visit our Web site at <a href=”http://emp.contoso.com/itinfo/vmail”></a>.
- Text sent when a PIN is reset The text
entered in this text box is included in the e-mail message sent to
UM-enabled users when their UM PIN is reset.
A PIN is reset by the Unified Messaging system if the number of failed logon attempts exceeds 10 (by default) or if users reset their PIN using the Unified Messaging features included with Microsoft Office Outlook 2007, Exchange 2010, Outlook Web App, or Outlook Voice Access from a telephone. You can use this text box to include information such as security notices or other security-related information in the e-mail message.
If text isn't entered in this text box, the default text generated by the Unified Messaging system is included in the e-mail message.
This text box is limited to 512 characters. By default, no text is defined in this text box.
The text that you provide in this text box can be plain. It can also contain simple HTML formatting tags if you want to emphasize text or add hyperlinks to other content.
Example 1 If you have any questions or suggestions about voice mail service, please call the help desk at extension 4200.
Example 2 If you have any questions or suggestions about <b>voice mail service</b>, please call the help desk at extension 4200 or visit our Web site at <a href=”http://emp.contoso.com/itinfo/vmail”></a>.
- Text included with a voice message The
text entered in this text box is included in the e-mail message
sent to users when they receive a voice mail message from an
incoming caller. For example, this text can include disclaimers
that contain information about forwarding voice mail messages or
system security policies that describe the correct way to handle
voice mail messages in your organization.
If text isn't entered in this text box, the default text generated by the system is included in the e-mail message. This text box is limited to 512 characters. By default, no text is defined in this text box.
The text that you provide in this text box can be plain. It can also contain simple HTML formatting tags if you want to emphasize text or add hyperlinks to other content.
Example 1 If you have any questions or suggestions about voice mail service, please call the help desk at extension 4200.
Example 2 If you have any questions or suggestions about <b>voice mail service</b>, please call the help desk at extension 4200 or visit our Web site at <a href=”http://emp.contoso.com/itinfo/vmail”></a>.
- Text included with a fax message The
text entered in this text box is included in the e-mail message
sent to users when they receive an incoming fax message in their
Inbox. You can use this text box to include disclaimers that
contain information about forwarding fax messages or other system
security policies about the correct way to handle fax messages in
your organization.
If text isn't entered in this text box, the default text generated by the system is included in the e-mail message. This text box is limited to 512 characters. By default, no text is defined in this text box.
- Text sent when a UM Mailbox is
enabled The text entered in this text box
appears in the e-mail message sent to users when they are enabled
for Unified Messaging. When a recipient's mailbox is enabled for
Unified Messaging, an e-mail message that welcomes the user to
Unified Messaging is sent to the user. This text box is limited to
512 characters. By default, no text is defined in this text
box.
- Use the PIN
Policies tab to configure PIN settings for users who are
associated with a UM mailbox policy. Unified Messaging PINs enable
users to access their Inboxes by using a telephone. By configuring
settings on this page, you can specify the minimum number of digits
for a UM PIN or the number of failed logon attempts before users
are locked out of their UM mailbox.
Make sure that you plan carefully for the UM PIN policies that you implement in your environment. If you don't plan and implement the appropriate UM PIN policies, you may introduce security threats and mistakenly allow unauthorized access to your network. You can configure the following:
- Minimum PIN length Use this text box to
specify the minimum number of digits that a UM user's PIN can
contain. The default setting is six digits. The range is from 4
through 24 numeric digits. This setting can't be disabled.
Increasing the number of digits required for a PIN increases the level of security for your Unified Messaging system. Decreasing the number of digits required for a PIN reduces the level of security for your network. The fewer the digits that are required in a PIN, the easier it is for a potential attacker to guess a user's PIN.
If this setting is set too high, users might have problems remembering their PINs. However, if the setting is too low, you risk unauthorized access to the Unified Messaging system.
- PIN lifetime (days) Use this text box
to configure the number of days until the UM-enabled user's PIN
expires. After the PIN expires, the user must create a new UM PIN.
For most organizations, this value should be set to the default of
60 days.
The value of this setting can be from 0 through 999. If it's set to 0, PINs never expire. Setting this value too low can frustrate users because they are required to create and memorize new PINS too frequently.
- Number of previous PINs to disallow Use
this setting to set the number of unique PINs that users must use
before they can reuse an old PIN. For most organizations, this
value should be set to the default of 5, the number of PINs that
the system will remember. PIN history can't be disabled.
You can set this value from 1 through 20. Setting this value too high can frustrate users because it can be difficult to memorize many PINs. Setting it too low may introduce a security threat to your network.
- Allow common patterns in PIN Use this
setting to set PIN complexity requirements for Unified Messaging.
These complexity requirements are enforced on PIN changes or when
new PINs are created.
If this option is disabled, sequential and repeated numbers and the suffix of the mailbox extension will be rejected. If this option is enabled, only the suffix of the mailbox extension will be rejected.
As a security best practice, we recommend that you disable this setting. If this setting is disabled, user PINs can't contain the following:
Sequential numbers, such as 123456 or 456789.
Repeated numbers, such as 111111 or 8888888.
Suffix of the mailbox extension.
- Number of incorrect PIN entries before PIN is automatically
reset Use this text box to enter the number of
sequential unsuccessful or failed logon attempts that can occur
before the Unified Messaging system automatically resets a user's
PIN. For most organizations, this value should be set to the
default of 5 attempts.
The value of this setting can be from 0 through 999. If it's set to 0, this setting is disabled and the system won't automatically reset users' PINs. Setting this value too low can frustrate users; setting it too high gives malicious users more attempts to determine the PIN.
This setting must be set to a number lower than the number configured in the Number of incorrect PIN entries before UM mailbox is locked out setting. This setting is designed to help prevent a brute force attack on user PINs.
- Number of incorrect PIN entries before UM mailbox is locked
out Use this text box to enter the maximum
number of sequential unsuccessful or failed logon attempts before
users are locked out of their mailbox.
For example, if a user tries to log on to the mailbox unsuccessfully five times, based on the Failed logon attempts before automatic PIN reset setting, the system will reset the user's PIN. If the user tries to use the new PIN five more times unsuccessfully, the system will again reset the PIN. If the user tries to use this new PIN five more times unsuccessfully, the user is then locked out of the mailbox. After a user is locked out, an administrator must manually reset or unlock the mailbox for the user.
This value can be set from 1 through 999. Setting this value too low can frustrate users; setting it too high gives malicious users more attempts to determine the PIN. For most organizations, this value should be set to the default of 15 attempts.
This number must be greater than the number set in the Number of incorrect PIN entries before PIN is automatically reset setting. This setting is designed to help prevent a brute force attack on user PINs.
- Minimum PIN length Use this text box to
specify the minimum number of digits that a UM user's PIN can
contain. The default setting is six digits. The range is from 4
through 24 numeric digits. This setting can't be disabled.
- Use the Dialing
Restrictions tab on the UM mailbox policy properties to
configure dialing rules for UM-enabled users who are associated
with this UM mailbox policy. UM mailbox policies are required to
enable users for Unified Messaging. They are useful for applying
and standardizing Unified Messaging configuration settings for
UM-enabled users. You can create UM mailbox policies to apply a
common set of policies or security settings to a collection of
UM-enabled mailboxes.
You can use these settings to control the extension numbers that can be reached by UM-enabled users who are associated with the UM mailbox policy or to control the telephone numbers that can be dialed by UM-enabled users who are associated with the UM mailbox policy. You can configure the following:
- Allow calls to users within the same dial
plan Select this check box to allow UM-enabled
users who call in to a subscriber access number configured on a
dial plan and successfully log on to their mailbox to place calls
or transfer to users who have extension numbers associated with
another UM-enabled user within the same dial plan. By default, this
setting is enabled.
When you disable this setting, UM-enabled users who call in to a subscriber access number configured on a dial plan and successfully log on to their mailbox can place calls or transfer calls to users who aren't UM-enabled or to other extension numbers not associated with a UM-enabled user. However, they can't transfer to UM-enabled users who are within the same dial plan. This is because the Allow calls to extensions setting is enabled by default.
- Allow calls to extensions When this
setting is enabled, users who call in to a subscriber access number
configured on a dial plan and successfully log on to their mailbox
can place calls to users who aren't UM-enabled, to other extension
numbers not associated with a UM-enabled user, and to UM-enabled
users within the same dial plan. This is because the Allow calls
to users within the same dial plan setting is enabled by
default.
When this setting is disabled, users who call in to a subscriber access number configured on a dial plan and successfully log on to their mailbox can't place calls to users who aren't UM-enabled or to other extension numbers not associated with a UM-enabled user. However, they can place calls or transfer calls to extension numbers associated with UM-enabled users. This is because the Allow calls to users within the same dial plan setting is enabled by default. The Allow calls to extensions setting is enabled by default.
You can enable this setting in an environment where not all users have been UM-enabled. This setting is also useful when you want to allow users who call in to a subscriber access number configured on a dial plan to call extension numbers not associated with a UM-enabled user.
- Select allowed in-country/region rule groups from dial
plan Use this section to add or remove allowed
in-country/region dialing rule groups. By default, there are no
in-country/region dialing rule groups configured on UM mailbox
policies.
In-country/region dialing rule groups are used to allow or restrict the telephone numbers within a country or region that Outlook Voice Access users can dial. This helps prevent unnecessary or unauthorized telephone calls and charges.
To add in-country/region dialing rule groups, you must first create the appropriate in-country/region dialing rule groups on the dial plan associated with the UM mailbox policy, and then add the appropriate dialing rule entries on the dialing rule group. After you create the required dialing rule groups on the dial plan, you must then add the dialing rule groups to the list of dialing restrictions on the Dialing Restrictions tab on the UM mailbox policy.
In-country/region dialing rule groups can be used to enable a Unified Messaging server to allow or restrict access to telephone numbers within a country or region. This is applied to Outlook Voice Access users who have called in to a subscriber access number.
- Select allowed international rule groups from dial
plan Use this section to add or remove allowed
international dialing rule groups. By default, there are no
international dialing rule groups configured on UM mailbox
policies.
To add international dialing rule groups, you must first create the appropriate international dialing rule groups on the dial plan associated with the UM mailbox policy, and then add the appropriate dialing rule entries on the dialing rule group. After you create the required dialing rule groups, you must add the dialing rule groups to the dialing restrictions on the UM mailbox policy.
International dialing rule groups can be used to enable a Unified Messaging server to allow or restrict access to telephone numbers outside a country or region. This is applied to Outlook Voice Access users who have called in to a subscriber access number.
International dialing rule groups are used to allow or restrict the telephone numbers outside a country or region that Outlook Voice Access users can dial. This helps prevent unnecessary or unauthorized telephone calls and charges.
- Allow calls to users within the same dial
plan Select this check box to allow UM-enabled
users who call in to a subscriber access number configured on a
dial plan and successfully log on to their mailbox to place calls
or transfer to users who have extension numbers associated with
another UM-enabled user within the same dial plan. By default, this
setting is enabled.
- Use the
Protected Voice Mail tab to configure the following
settings:
- Protect voice messages from unauthenticated
callers Select one of the following options
from the drop-down list to determine whether an incoming call
answered by a Unified Messaging server will protect voice messages.
This setting applies to voice messages sent to UM-enabled users
when they don't answer their phone. This setting also applies to
voice messages sent directly to UM-enabled users when the caller
uses a UM auto attendant. This option isn't available to UM-enabled
users who have a mailbox on an Exchange 2007 Unified Messaging
server. You can configure the following:
None Use this setting to not have protection applied to any voice messages sent to UM-enabled users.
Private Use this setting when you want the Unified Messaging server to apply protection only to voice messages that have been marked as private by the caller.
All Use this setting when you want the Unified Messaging server to apply protection to all voice messages including those not marked as private.
- Protect voice messages from authenticated
callers Select one of the following options
from the drop-down list to determine whether an incoming call
answered by a Unified Messaging server will protect voice messages.
This setting applies to voice messages sent to UM-enabled users
when they don't answer their phone. This setting also applies when
callers log on to their mailbox using Outlook Voice Access, and
then create and send a voice message. This option isn't available
to UM-enabled users who have a mailbox on an Exchange 2007 Unified
Messaging server. You can configure the following:
None Use this setting to not have protection applied to any voice messages sent to UM-enabled users.
Private Use this setting when you want the Unified Messaging server to apply protection only to voice messages that have been marked as private by the caller.
All Use this setting when you want the Unified Messaging server to apply protection to all voice messages including those not marked as private.
- Allow multimedia playback of protected voice
messages Select this check box if you want to
force users who receive protected voice messages to use the Play on
Phone feature. Or, if the client software doesn't support rights
management, users must use Outlook Voice Access. The Play on Phone
feature only applies to clients using a version of Outlook that
supports rights management. For Outlook 2007 and earlier versions
that don't support rights management, and for Outlook Web App
clients, Outlook Voice Access is the only way that users can listen
to Protected Voice Mail.
The default setting requires all users associated with the UM mailbox policy to use the Play on Phone feature to listen to voice messages that are protected. By doing this, it prevents other people from hearing the voice message using a media player over computer speakers or using a media player on a mobile phone to hear the voice message. Even if this is enabled, a UM-enabled user can still use Outlook Voice Access to hear the Protected Voice Mail.
This is especially useful when UM-enabled users use public computers, laptops in public places, or their mobile phone's media player to listen to Protected Voice Mail that can contain private information. This option isn't available to UM-enabled users who have a mailbox on an Exchange 2007 Unified Messaging server.
- Specify the text to display to voice mail recipients who
have e-mail clients that don't support Windows Rights
Management Protected Voice Mail can only be
accessed by e-mail clients that support Information Rights
Management (IRM), or if a UM-enabled user uses Outlook Voice Access
to access the Protected Voice Mail message.
If a Protected Voice Mail is sent to an e-mail client that doesn't support IRM, the text that you include in this box will be sent to the user in an e-mail message. This information should include instructions about what to do to be able to receive the Protected Voice Mail.
- Protect voice messages from unauthenticated
callers Select one of the following options
from the drop-down list to determine whether an incoming call
answered by a Unified Messaging server will protect voice messages.
This setting applies to voice messages sent to UM-enabled users
when they don't answer their phone. This setting also applies to
voice messages sent directly to UM-enabled users when the caller
uses a UM auto attendant. This option isn't available to UM-enabled
users who have a mailbox on an Exchange 2007 Unified Messaging
server. You can configure the following:
Use the Shell to configure UM mailbox policy properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.
This example sets the PIN settings for users who are
associated with a UM mailbox policy named
MyUMMailboxPolicy.
 Copy Code |
|
|---|---|
Set-UMMailboxPolicy -identity MyUMMailboxPolicy -LogonFailuresBeforePINReset 8 -MaxLogonAttempts 12 -MinPINLength 8 -PINHistoryCount 10 -PINLifetime 60 -ResetPINText "The PIN that is used to allow you access to your mailbox using Outlook Voice Access has been reset." |
|
This example selects the in-country or region groups and international groups from those configured on the UM dial plan associated with the UM mailbox policy. UM-enabled users associated with this UM mailbox policy will be able to place outbound calls according to the rules defined on these groups.
| Copy Code |
|
|---|---|
Set-UMMailboxPolicy -identity MyUMMailboxPolicy -AllowDialPlanSubscribers $true -AllowedInCountryOrRegionGroups InCountry/RegionGroup1,InCount/RegionGroup2 -AllowedInternationalGroups InternationalGroup1,InternationalGroup2 -AllowExtensions $true |
|
This example configures the text of voice messages sent to UM-enabled users and the text included in an e-mail sent to a user who has been UM-enabled.
| Copy Code |
|
|---|---|
Set-UMMailboxPolicy -identity MyUMMailboxPolicy -UMEnabledText "You have been enabled for Unified Messaging." -VoiceMailText "You have received a voice message from Microsoft Exchange 2010 Unified Messaging." |
|
For more information about syntax and parameters, see Set-UMMailboxPolicy.
Use the Shell to view UM mailbox policy properties
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.
This example returns a formatted list of all UM mailbox policies in the Active Directory forest.
| Copy Code |
|
|---|---|
Get-UMMailboxPolicy | Format-List |
|
This example returns the properties and values for a UM mailbox policy named MyUMMailboxPolicy.
| Copy Code |
|
|---|---|
Get-UMMailboxPolicy -Identity MyUMMailboxPolicy |
|
For more information about syntax and parameters, see Get-UMMailboxPolicy.
Other Tasks
After you configure settings on a UM mailbox policy, you may also want to configure PIN security. For details, see Configuring PIN Security for a UM-Enabled User.