Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-03-19

After you create a Unified Messaging (UM) mailbox policy, you can view and configure a variety of settings. For example, you can configure Unified Messaging features like Voice Mail Preview or Play on Phone and other security-related options such as Protected Voice Mail and PIN policy settings.

Looking for other management tasks related to UM mailbox policies? Check out Managing UM Mailbox Policies.

Prerequisites

A UM dial plan has been created. For detailed steps, see Create a UM Dial Plan.

What Do You Want to Do?

Use the EMC to view or configure UM mailbox policy properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.

  1. In the console tree, navigate to Organization Configuration > Unified Messaging.

  2. In the work pane, click the UM Mailbox Policies tab, and then select the UM mailbox policy that you want to configure.

  3. In the action pane, click Properties.

  4. Use the General tab to view and configure settings for a UM mailbox policy. For example, you can view the dial plans associated with the UM mailbox policy or disable missed call notifications for users who are associated with a specific UM mailbox policy.

    When you modify the settings on a UM mailbox policy, the settings are applied to all users who are associated with the UM mailbox policy. UM mailbox policies let you apply a common set of settings to a collection or group of mailboxes. You must create a UM mailbox policy before you can enable users for Unified Messaging. You can view or configure the following:

    • Associated UM dial plan   Displays the name of the dial plan associated with the UM mailbox policy. This is the name of the dial plan displayed in the Shell.

      When a new UM mailbox policy is created, it must be associated with a dial plan. After the UM mailbox policy is created and associated with a dial plan, the settings defined on the mailbox policy are applied to the users who are associated with the dial plan. By default, when you create a UM dial plan using the Shell, it will also create a UM mailbox policy.

      A UM mailbox policy can't be changed after it's associated with a dial plan.

    • Modified   Displays the date of the last modification or change made to the UM mailbox policy.

    • Maximum greeting duration (minutes)   Use this text box to enter the maximum number of minutes that users who are associated with the UM mailbox policy can use when they record their voice mail greeting. You can modify this setting after the UM mailbox policy is created. Only numeric characters are allowed. The valid range for the greeting is from 1 through 10 minutes. The default setting is 5 minutes.

    • Allow missed call notifications   Select this check box to enable or disable missed call notifications for users associated with the UM mailbox policy.

      A missed call notification is an e-mail message sent to a user's mailbox when the user doesn't answer an incoming call. This is a different e-mail message than the e-mail message that contains the voice mail message left for a user.

      Typically, when a user misses an incoming call, the user receives two e-mail messages: an e-mail message that contains the voice mail message and a missed call notification message.

      By default, missed call notifications are enabled when a UM mailbox policy is created.

    • Allow Message Waiting Indicator   Select this check box to enable or disable Message Waiting Indicator for users associated with the UM mailbox policy. Message Waiting Indicator is a feature found in most legacy voice mail systems. In its most common form, it lights a lamp on the voice mail subscriber’s phone to indicate the presence of a new voice mail. Message Waiting Indicator can also be a text message sent to the UM-enabled user's mobile phone. If this option is disabled on the UM IP gateway, this feature isn't available to UM-enabled users associated with the UM mailbox policy. This option isn't available to UM-enabled users who have a mailbox on a Microsoft Exchange 2007 server. The default setting is enabled.

    • Allow inbound faxes   Select this check box to enable or disable inbound faxes for users associated with the UM mailbox policy. By default, when you enable users for Unified Messaging, they can receive faxes. However, there may be situations when users can't receive faxes, because the ability to receive faxes has been disabled on their mailbox. If this option is disabled on the UM dial plan, UM-enabled users associated with the UM mailbox policy won't be able to receive faxes. The default setting is disabled.

      After you have enabled the Allow inbound faxes setting, you will need to specify the URI for the partner fax server. If the Unified Messaging mailbox policy is associated with UM servers that use TCP and TLS, you will need to enter URIs for both TCP and TLS.

    • Allow Voice Mail Preview   Select this check box to enable or disable the Voice Mail Preview feature for users associated with the UM mailbox policy. Enabling this setting allows users to receive the text of a voice mail in the message body of an e-mail or text message. If this option is disabled on the UM dial plan, this feature won't be available to UM-enabled users associated with the UM mailbox policy. This option isn't available to UM-enabled users who have a mailbox on an Exchange 2007 Unified Messaging server. The default setting is enabled.

    • Allow Outlook Voice Access   Select this check box to enable or disable access to Outlook Voice Access for UM-enabled users who are associated with this UM mailbox policy. Outlook Voice Access is a feature used by UM-enabled users to access their Exchange 2007 or Exchange 2010 mailbox over a phone. By default, this setting is enabled.

    • Allow Play on Phone   Select this check box to enable or disable the Play on Phone feature for users associated with the UM mailbox policy. This option is enabled by default and allows users to play their voice mail messages over a phone. The phone can be any phone, including an office or mobile phone. This option isn't available to UM-enabled users who have a mailbox on an Outlook 2007 Unified Messaging server.

    • Allow users to configure call answering rules   Select this check box to allow users who are associated with the UM mailbox policy to create call answering rules. If this option is disabled on the UM dial plan, this feature won't be available to UM-enabled users associated with the UM mailbox policy. This option isn't available to UM-enabled users who have a mailbox on an Exchange 2007 Unified Messaging server. The default setting is enabled.

  5. Use the Message Text tab to configure message text settings for users who are associated with a UM mailbox policy. For example, you can specify the e-mail message text sent to users after they reset their UM PIN. You can configure the following:

    • Text sent when a UM Mailbox is enabled   The text entered in this text box appears in the e-mail message sent to users when they are enabled for Unified Messaging. When a recipient's mailbox is enabled for Unified Messaging, an e-mail message that welcomes the user to Unified Messaging is sent to the user. This text box is limited to 512 characters. By default, no text is defined in this text box.

      This welcome message contains welcome text and the PIN information that the user will use to access the Unified Messaging system. The text entered in this text box is included at the bottom of this welcome message. You can use this text box to include information such as the Unified Messaging technical support telephone numbers or subscriber access numbers.

      If text isn't entered in this text box, the default text generated by the Unified Messaging system is included in the e-mail message.

      The text that you provide in this text box can be plain. It can also contain simple HTML formatting tags if you want to emphasize text or add hyperlinks to other content.

      Example 1   If you have any questions or suggestions about voice mail service, please call the help desk at extension 4200.

      Example 2   If you have any questions or suggestions about <b>voice mail service</b>, please call the help desk at extension 4200 or visit our Web site at <a href=”http://emp.contoso.com/itinfo/vmail”></a>.

    • Text sent when a PIN is reset   The text entered in this text box is included in the e-mail message sent to UM-enabled users when their UM PIN is reset.

      A PIN is reset by the Unified Messaging system if the number of failed logon attempts exceeds 10 (by default) or if users reset their PIN using the Unified Messaging features included with Microsoft Office Outlook 2007, Exchange 2010, Outlook Web App, or Outlook Voice Access from a telephone. You can use this text box to include information such as security notices or other security-related information in the e-mail message.

      If text isn't entered in this text box, the default text generated by the Unified Messaging system is included in the e-mail message.

      This text box is limited to 512 characters. By default, no text is defined in this text box.

      The text that you provide in this text box can be plain. It can also contain simple HTML formatting tags if you want to emphasize text or add hyperlinks to other content.

      Example 1   If you have any questions or suggestions about voice mail service, please call the help desk at extension 4200.

      Example 2   If you have any questions or suggestions about <b>voice mail service</b>, please call the help desk at extension 4200 or visit our Web site at <a href=”http://emp.contoso.com/itinfo/vmail”></a>.

    • Text included with a voice message   The text entered in this text box is included in the e-mail message sent to users when they receive a voice mail message from an incoming caller. For example, this text can include disclaimers that contain information about forwarding voice mail messages or system security policies that describe the correct way to handle voice mail messages in your organization.

      If text isn't entered in this text box, the default text generated by the system is included in the e-mail message. This text box is limited to 512 characters. By default, no text is defined in this text box.

      The text that you provide in this text box can be plain. It can also contain simple HTML formatting tags if you want to emphasize text or add hyperlinks to other content.

      Example 1   If you have any questions or suggestions about voice mail service, please call the help desk at extension 4200.

      Example 2   If you have any questions or suggestions about <b>voice mail service</b>, please call the help desk at extension 4200 or visit our Web site at <a href=”http://emp.contoso.com/itinfo/vmail”></a>.

    • Text included with a fax message   The text entered in this text box is included in the e-mail message sent to users when they receive an incoming fax message in their Inbox. You can use this text box to include disclaimers that contain information about forwarding fax messages or other system security policies about the correct way to handle fax messages in your organization.

      If text isn't entered in this text box, the default text generated by the system is included in the e-mail message. This text box is limited to 512 characters. By default, no text is defined in this text box.

  6. Use the PIN Policies tab to configure PIN settings for users who are associated with a UM mailbox policy. Unified Messaging PINs enable users to access their Inboxes by using a telephone. By configuring settings on this page, you can specify the minimum number of digits for a UM PIN or the number of failed logon attempts before users are locked out of their UM mailbox.

    Make sure that you plan carefully for the UM PIN policies that you implement in your environment. If you don't plan and implement the appropriate UM PIN policies, you may introduce security threats and mistakenly allow unauthorized access to your network. You can configure the following:

    • Minimum PIN length   Use this text box to specify the minimum number of digits that a UM user's PIN can contain. The default setting is six digits. The range is from 4 through 24 numeric digits. This setting can't be disabled.

      Increasing the number of digits required for a PIN increases the level of security for your Unified Messaging system. Decreasing the number of digits required for a PIN reduces the level of security for your network. The fewer the digits that are required in a PIN, the easier it is for a potential attacker to guess a user's PIN.

      If this setting is set too high, users might have problems remembering their PINs. However, if the setting is too low, you risk unauthorized access to the Unified Messaging system.

    • PIN lifetime (days)   Use this text box to configure the number of days until the UM-enabled user's PIN expires. After the PIN expires, the user must create a new UM PIN. For most organizations, this value should be set to the default of 60 days.

      The value of this setting can be from 0 through 999. If it's set to 0, PINs never expire. Setting this value too low can frustrate users because they are required to create and memorize new PINS too frequently.

    • Number of previous PINs to disallow   Use this setting to set the number of unique PINs that users must use before they can reuse an old PIN. For most organizations, this value should be set to the default of 5, the number of PINs that the system will remember. PIN history can't be disabled.

      You can set this value from 1 through 20. Setting this value too high can frustrate users because it can be difficult to memorize many PINs. Setting it too low may introduce a security threat to your network.

    • Allow common patterns in PIN   Use this setting to set PIN complexity requirements for Unified Messaging. These complexity requirements are enforced on PIN changes or when new PINs are created.

      If this option is disabled, sequential and repeated numbers and the suffix of the mailbox extension will be rejected. If this option is enabled, only the suffix of the mailbox extension will be rejected.

      As a security best practice, we recommend that you disable this setting. If this setting is disabled, user PINs can't contain the following:

      Sequential numbers, such as 123456 or 456789.

      Repeated numbers, such as 111111 or 8888888.

      Suffix of the mailbox extension.

    • Number of incorrect PIN entries before PIN is automatically reset   Use this text box to enter the number of sequential unsuccessful or failed logon attempts that can occur before the Unified Messaging system automatically resets a user's PIN. For most organizations, this value should be set to the default of 5 attempts.

      The value of this setting can be from 0 through 999. If it's set to 0, this setting is disabled and the system won't automatically reset users' PINs. Setting this value too low can frustrate users; setting it too high gives malicious users more attempts to determine the PIN.

      This setting must be set to a number lower than the number configured in the Number of incorrect PIN entries before UM mailbox is locked out setting. This setting is designed to help prevent a brute force attack on user PINs.

    • Number of incorrect PIN entries before UM mailbox is locked out    Use this text box to enter the maximum number of sequential unsuccessful or failed logon attempts before users are locked out of their mailbox.

      For example, if a user tries to log on to the mailbox unsuccessfully five times, based on the Failed logon attempts before automatic PIN reset setting, the system will reset the user's PIN. If the user tries to use the new PIN five more times unsuccessfully, the system will again reset the PIN. If the user tries to use this new PIN five more times unsuccessfully, the user is then locked out of the mailbox. After a user is locked out, an administrator must manually reset or unlock the mailbox for the user.

      This value can be set from 1 through 999. Setting this value too low can frustrate users; setting it too high gives malicious users more attempts to determine the PIN. For most organizations, this value should be set to the default of 15 attempts.

      This number must be greater than the number set in the Number of incorrect PIN entries before PIN is automatically reset setting. This setting is designed to help prevent a brute force attack on user PINs.

  7. Use the Dialing Restrictions tab on the UM mailbox policy properties to configure dialing rules for UM-enabled users who are associated with this UM mailbox policy. UM mailbox policies are required to enable users for Unified Messaging. They are useful for applying and standardizing Unified Messaging configuration settings for UM-enabled users. You can create UM mailbox policies to apply a common set of policies or security settings to a collection of UM-enabled mailboxes.

    You can use these settings to control the extension numbers that can be reached by UM-enabled users who are associated with the UM mailbox policy or to control the telephone numbers that can be dialed by UM-enabled users who are associated with the UM mailbox policy. You can configure the following:

    • Allow calls to users within the same dial plan   Select this check box to allow UM-enabled users who call in to a subscriber access number configured on a dial plan and successfully log on to their mailbox to place calls or transfer to users who have extension numbers associated with another UM-enabled user within the same dial plan. By default, this setting is enabled.

      When you disable this setting, UM-enabled users who call in to a subscriber access number configured on a dial plan and successfully log on to their mailbox can place calls or transfer calls to users who aren't UM-enabled or to other extension numbers not associated with a UM-enabled user. However, they can't transfer to UM-enabled users who are within the same dial plan. This is because the Allow calls to extensions setting is enabled by default.

    • Allow calls to extensions   When this setting is enabled, users who call in to a subscriber access number configured on a dial plan and successfully log on to their mailbox can place calls to users who aren't UM-enabled, to other extension numbers not associated with a UM-enabled user, and to UM-enabled users within the same dial plan. This is because the Allow calls to users within the same dial plan setting is enabled by default.

      When this setting is disabled, users who call in to a subscriber access number configured on a dial plan and successfully log on to their mailbox can't place calls to users who aren't UM-enabled or to other extension numbers not associated with a UM-enabled user. However, they can place calls or transfer calls to extension numbers associated with UM-enabled users. This is because the Allow calls to users within the same dial plan setting is enabled by default. The Allow calls to extensions setting is enabled by default.

      You can enable this setting in an environment where not all users have been UM-enabled. This setting is also useful when you want to allow users who call in to a subscriber access number configured on a dial plan to call extension numbers not associated with a UM-enabled user.

    • Select allowed in-country/region rule groups from dial plan   Use this section to add or remove allowed in-country/region dialing rule groups. By default, there are no in-country/region dialing rule groups configured on UM mailbox policies.

      In-country/region dialing rule groups are used to allow or restrict the telephone numbers within a country or region that Outlook Voice Access users can dial. This helps prevent unnecessary or unauthorized telephone calls and charges.

      To add in-country/region dialing rule groups, you must first create the appropriate in-country/region dialing rule groups on the dial plan associated with the UM mailbox policy, and then add the appropriate dialing rule entries on the dialing rule group. After you create the required dialing rule groups on the dial plan, you must then add the dialing rule groups to the list of dialing restrictions on the Dialing Restrictions tab on the UM mailbox policy.

      In-country/region dialing rule groups can be used to enable a Unified Messaging server to allow or restrict access to telephone numbers within a country or region. This is applied to Outlook Voice Access users who have called in to a subscriber access number.

    • Select allowed international rule groups from dial plan   Use this section to add or remove allowed international dialing rule groups. By default, there are no international dialing rule groups configured on UM mailbox policies.

      To add international dialing rule groups, you must first create the appropriate international dialing rule groups on the dial plan associated with the UM mailbox policy, and then add the appropriate dialing rule entries on the dialing rule group. After you create the required dialing rule groups, you must add the dialing rule groups to the dialing restrictions on the UM mailbox policy.

      International dialing rule groups can be used to enable a Unified Messaging server to allow or restrict access to telephone numbers outside a country or region. This is applied to Outlook Voice Access users who have called in to a subscriber access number.

      International dialing rule groups are used to allow or restrict the telephone numbers outside a country or region that Outlook Voice Access users can dial. This helps prevent unnecessary or unauthorized telephone calls and charges.

  8. Use the Protected Voice Mail tab to configure the following settings:

    • Protect voice messages from unauthenticated callers   Select one of the following options from the drop-down list to determine whether an incoming call answered by a Unified Messaging server will protect voice messages. This setting applies to voice messages sent to UM-enabled users when they don't answer their phone. This setting also applies to voice messages sent directly to UM-enabled users when the caller uses a UM auto attendant. This option isn't available to UM-enabled users who have a mailbox on an Exchange 2007 Unified Messaging server. You can configure the following:

      None   Use this setting to not have protection applied to any voice messages sent to UM-enabled users.

      Private   Use this setting when you want the Unified Messaging server to apply protection only to voice messages that have been marked as private by the caller.

      All   Use this setting when you want the Unified Messaging server to apply protection to all voice messages including those not marked as private.

    • Protect voice messages from authenticated callers   Select one of the following options from the drop-down list to determine whether an incoming call answered by a Unified Messaging server will protect voice messages. This setting applies to voice messages sent to UM-enabled users when they don't answer their phone. This setting also applies when callers log on to their mailbox using Outlook Voice Access, and then create and send a voice message. This option isn't available to UM-enabled users who have a mailbox on an Exchange 2007 Unified Messaging server. You can configure the following:

      None   Use this setting to not have protection applied to any voice messages sent to UM-enabled users.

      Private   Use this setting when you want the Unified Messaging server to apply protection only to voice messages that have been marked as private by the caller.

      All   Use this setting when you want the Unified Messaging server to apply protection to all voice messages including those not marked as private.

    • Allow multimedia playback of protected voice messages   Select this check box if you want to force users who receive protected voice messages to use the Play on Phone feature. Or, if the client software doesn't support rights management, users must use Outlook Voice Access. The Play on Phone feature only applies to clients using a version of Outlook that supports rights management. For Outlook 2007 and earlier versions that don't support rights management, and for Outlook Web App clients, Outlook Voice Access is the only way that users can listen to Protected Voice Mail.

      The default setting requires all users associated with the UM mailbox policy to use the Play on Phone feature to listen to voice messages that are protected. By doing this, it prevents other people from hearing the voice message using a media player over computer speakers or using a media player on a mobile phone to hear the voice message. Even if this is enabled, a UM-enabled user can still use Outlook Voice Access to hear the Protected Voice Mail.

      This is especially useful when UM-enabled users use public computers, laptops in public places, or their mobile phone's media player to listen to Protected Voice Mail that can contain private information. This option isn't available to UM-enabled users who have a mailbox on an Exchange 2007 Unified Messaging server.

    • Specify the text to display to voice mail recipients who have e-mail clients that don't support Windows Rights Management   Protected Voice Mail can only be accessed by e-mail clients that support Information Rights Management (IRM), or if a UM-enabled user uses Outlook Voice Access to access the Protected Voice Mail message.

      If a Protected Voice Mail is sent to an e-mail client that doesn't support IRM, the text that you include in this box will be sent to the user in an e-mail message. This information should include instructions about what to do to be able to receive the Protected Voice Mail.

Use the Shell to configure UM mailbox policy properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.

This example sets the PIN settings for users who are associated with a UM mailbox policy named MyUMMailboxPolicy.

Copy Code
Set-UMMailboxPolicy -identity MyUMMailboxPolicy -LogonFailuresBeforePINReset 8 -MaxLogonAttempts 12 -MinPINLength 8 -PINHistoryCount 10 -PINLifetime 60 -ResetPINText "The PIN that is used to allow you access to your mailbox using Outlook Voice Access has been reset."

This example selects the in-country or region groups and international groups from those configured on the UM dial plan associated with the UM mailbox policy. UM-enabled users associated with this UM mailbox policy will be able to place outbound calls according to the rules defined on these groups.

Copy Code
Set-UMMailboxPolicy -identity MyUMMailboxPolicy -AllowDialPlanSubscribers $true -AllowedInCountryOrRegionGroups InCountry/RegionGroup1,InCount/RegionGroup2 -AllowedInternationalGroups InternationalGroup1,InternationalGroup2 -AllowExtensions $true 

This example configures the text of voice messages sent to UM-enabled users and the text included in an e-mail sent to a user who has been UM-enabled.

Copy Code
Set-UMMailboxPolicy -identity MyUMMailboxPolicy -UMEnabledText "You have been enabled for Unified Messaging." -VoiceMailText "You have received a voice message from Microsoft Exchange 2010 Unified Messaging." 

For more information about syntax and parameters, see Set-UMMailboxPolicy.

Use the Shell to view UM mailbox policy properties

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailbox policies" entry in the Unified Messaging Permissions topic.

This example returns a formatted list of all UM mailbox policies in the Active Directory forest.

Copy Code
Get-UMMailboxPolicy | Format-List

This example returns the properties and values for a UM mailbox policy named MyUMMailboxPolicy.

Copy Code
Get-UMMailboxPolicy -Identity MyUMMailboxPolicy

For more information about syntax and parameters, see Get-UMMailboxPolicy.

Other Tasks

After you configure settings on a UM mailbox policy, you may also want to configure PIN security. For details, see Configuring PIN Security for a UM-Enabled User.

For More Information