Applies to: Exchange Server 2013, Exchange Online
Topic Last Modified: 2013-02-11
You can use the EAC or the Shell to view or configure the properties of an Outlook Web App virtual directory.
If you use the Shell to view the properties of an Outlook Web App virtual directory, the information returned is a subset of the information that's available. For example, if you use the Get-OWAVirtualDirectory cmdlet to view properties, Exchange returns the following information:
- Virtual directory name
- Server name
- Exchange server version
You can also retrieve information for a specific virtual directory on a specific server by using the available parameters. For more information about the parameters for the Get-OWAVirtualDirectory cmdlet, see Get-OwaVirtualDirectory.
If you use the EAC to view the properties of an Outlook Web App virtual directory, you'll be able to view most of the properties for the virtual directory that you’re viewing.
What do you need to know before you begin?
- Estimated time to complete each procedure: 10 minutes.
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Outlook Web App virtual directories" entry in the Clients and Mobile
Devices Permissions topic.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
What do you want to do?
Use the EAC to view or configure Outlook Web App virtual directory properties
- In the EAC, click Servers > Virtual
You can use the drop-down lists to select the server and virtual directory type. By default, all servers and virtual directories are displayed.
- In the result pane, click to select the virtual directory you
want to view or edit, then click Edit.
- On the
General tab, you can view the properties of the Outlook Web
App default website and specify an external URL and an internal
URL. View or select the following options:
- Server (Read-only.) Server
displays the name of the server that hosts the Outlook Web App
- Version (Read-only.) Version
displays the version of the Exchange server that the virtual
directory is on.
- Web site (Read-only.) Web site
displays the name of the website.
- Outlook Web App version (Read-only.)
Outlook Web App version displays the Exchange server
- Modified (Read-only.) Modified
displays the last date and time that the virtual directory was
- Internal URL In this text box, specify
the URL used to access this website from an internal network. An
internal URL is configured automatically during Exchange 2013
Setup. The default internal URL setting for an Internet-facing or
non-Internet-facing server is https://<Computer
- External URL In this text box, specify
the URL used to access the website from the Internet. By default,
External URL is blank. For Internet-facing Client Access
servers, External URL should be set to the value published
in DNS for that Active Directory site. For Exchange 2013 servers
that don't have an Internet presence, the External URL
setting should remain blank.
- Server (Read-only.) Server displays the name of the server that hosts the Outlook Web App virtual directory.
- On the
Authentication tab, specify the authentication methods,
sign-in format, and sign-in domain.
- Use one or more standard authentication
methods Select this option to use one or more
of the following standard authentication methods:
Integrated Windows authentication This method requires that users have a valid Windows Server 2008 or Windows Server 2012 user account name and password to access information. Users aren't prompted for their account names and passwords. Instead, the server negotiates with the Windows security packages installed on the client computer. Integrated Windows authentication enables the server to authenticate users without prompting them for information and without transmitting information that isn't encrypted over the network. For this method to work, the client computer must be a member of the same domain as the servers running Exchange, or of a domain that's trusted by the domain that the Exchange server is in.
Digest authentication for Windows domain servers This method transmits passwords over the network as a hash value for additional security. Digest authentication can be used only in Windows Server 2008 and Windows Server 2012 domains for users who have an account that's stored in Active Directory. For more information about Digest authentication, see the Windows Server documentation.
Basic authentication (password is sent in clear text) This method is a simple authentication mechanism defined by the HTTP specification that encodes a user's sign-in name and password before the user's credentials are sent to the server. To make sure that the password is as secure as possible, you should use Secure Sockets Layer (SSL) encryption between client computers and the server that has the Client Access server role installed.
- Use forms-based
authentication Forms-based authentication
provides enhanced security for Outlook Web App virtual directories.
Forms-based authentication creates a sign-in page for Outlook Web
App. You can configure the type of sign-in prompt used by
forms-based authentication. For example, you can configure
forms-based authentication to require users to provide their domain
and user name information, in the domain\user name format on the
Outlook Web App sign-in page.
Important: Forms-based authentication won't provide a secure channel unless SSL is enabled.
Domain\user name This requires the user to enter their domain and user name in the format domain\user name. For example, for a user named Kweku in the domain Contoso, the sign-in would be contoso\kweku.
User principal name (UPN) If the user principal name (UPN) sign-in format is specified, the User name box on the Outlook Web App sign-in page guides users to enter their email address, for example, firstname.lastname@example.org. If a user's UPN isn't identical to the email address, the user can't access Outlook Web App by using the PrincipalName sign-in prompt. It's a best practice to use the PrincipalName sign-in prompt only if users' UPNs match their email addresses.
User name only The user enters their user name only, without the domain name, for example, Kweku. If you use the User name only sign-in prompt for forms-based authentication, you must also specify the Logon Domain property. The Logon Domain property determines the default domain to use when a user tries to sign in to Outlook Web App. For example, if the default domain is Contoso, and a domain user named Kweku signs in to Outlook Web App, only Kweku must be entered as the user name. The server will use the default domain Contoso. If the user isn't a member of the Contoso domain, the domain and user name must be entered.
- Use one or more standard authentication methods Select this option to use one or more of the following standard authentication methods:
- On the
Features tab, specify the features that you want to enable
or disable for Outlook Web App users on a virtual directory.
Note: Features settings for individual users override virtual directory settings. You can change segmentation settings for individual users by using the Set-CASMailbox cmdlet or by using Outlook Web App mailbox policies. For more information, see Outlook Web App Mailbox Policies.
Note: The option to enable or disable the standard version of Outlook Web App by using the Premium client check box has been deprecated and will be removed from the settings. The standard version of Outlook Web App is always enabled.
On the File access tab, use the check boxes to configure the
file access and viewing options for users. File access lets a user
open or view the contents of files attached to an email
File access can be controlled based on whether a user has signed in on a public or private computer. The option for users to select private computer access or public computer access are available only when you’re using forms-based authentication. All other forms of authentication default to private computer access.
- Direct file access Select this check
box if you want to enable direct file access. Direct file access
lets users open files attached to email messages.
- WebReady Document Viewing Select this
check box if you want to enable supported documents to be converted
to HTML and displayed in a web browser.
- Force WebReady Document Viewing when a converter is
available Select this check box if you want to
force documents to be converted to HTML and displayed in a web
browser before users can open them in the viewing application.
Documents can be opened in the viewing application only if direct
file access has been enabled.
- Direct file access Select this check box if you want to enable direct file access. Direct file access lets users open files attached to email messages.
- Click Save to update the policy.
Use the Shell to configure Outlook Web App virtual directory properties
This example enables forms-based authentication on the default Outlook Web App virtual directory on the server Contoso.
set-OwaVirtualDirectory -Identity "Contoso\owa (default web site)" -FormsAuthentication $true
For more information about syntax and parameters, see Set-OwaVirtualDirectory.
Use the Shell to view Outlook Web App virtual directory properties
This example lets you view the properties for all Outlook Web App virtual directories in all Internet Information Services (IIS) websites on all computers that have the Client Access server role installed in an Exchange organization.
This example lets you view the properties for an Outlook Web App virtual directory on the default IIS website on the local Exchange server.
Get-OWAVirtualDirectory -identity "<Exchange Server Name>\owa (default web site)"
This example lets you view the properties for all Outlook Web App virtual directories on an IIS website on a specific Exchange server.
Get-OWAVirtualDirectory -server <Exchange Server Name>
This example lets you view the values of the properties for every Outlook Web App virtual directory in all IIS websites on all Client Access servers in an Exchange organization.
Get-OWAVirtualDirectory | format-list
For more information about syntax and parameters, see Get-OwaVirtualDirectory.
How do you know this worked?
To verify that you’ve successfully edited an Outlook Web App virtual directory:
- In the EAC, click Servers > Virtual
Directories, and then choose a specific Outlook Web App virtual
- Click the Edit button to view the properties of the
- Click Save or Cancel to close the properties