The key here is to educate your end-users on security and awareness of why you are applying this setting. In a lab environment, the settings will almost be instantly replicated or set because you only have one or two domain controllers in a small environment. If you wonder why you can see the settings in Exchange but you do not see anything happen in Outlook on the Web, it is because of this. Anything you set on Exchange is not instantly set and does take time. For those new to these technologies, Exchange and Active Directory work hand in hand. If you are aware, everything you set in Exchange 2016/2019 or legacy requires Active Directory replication to take place. Set-OrganizationConfig -ActivityBasedAuthenticationTimeoutInterval 00:05:00 Active Directory replication In this example, we chose to set it to five minutes, and this was achieved using the following command: You can set the Outlook timeouts to whatever the organization’s security requirements are. The command is formatted with only the Activity info: If we run the command below, we can check the default value, which is six hours on Exchange 2019. If we head over to Exchange 2019, you also have org-wide settings that can be configured. With Exchange Online, you need to ensure the setting for the above is also enabled. Set-OrganizationConfig -ActivityBasedAuthenticationTimeoutInterval 00:15:00 For Microsoft 365/Exchange Online, the setting is pretty much the same, and it is an organization-wide setting and not individual user settings. This value can be set to 15 minutes to match what you have set for OWA on both private and public timeouts. The next option you need to set is the following:ĪctivityBasedAuthenticationTimeoutInterval You can change this to what your organization requires. In both settings, I have set the default value to 15 minutes. Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA" -Name PublicTimeout -Value 15 -Type DWORD Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA" -Name PrivateTimeout -Value 15 -Type DWORD From an elevated command prompt on the Exchange 2016 Server, run the following two commands: There are actually three options that you need to set for this to take effect on your Exchange Server 2010 or higher. If you connect to a 3G or 4G connection through a VPN, your traffic will be more secure than connecting to the coffee shop’s WiFi, but you still need to have the Outlook timeouts in place. It gives an attacker plenty of time to sniff the traffic and grab your details. Imagine that you are sitting at a coffee shop connected to the public WiFi, and your session remains open for this long. Eight hours is just too long and will need to be changed. If you look at the option for private, the default timeout is eight hours. The public option is disabled by default in Exchange 2010. LogonPagePublicPrivateSelectionEnabled Public and private timeouts defaults for Outlook on the Web
In Exchange 2010, you have the options that have limits that can be configured, they are:
Exchange server for outlook 2010 how to#
While security IT personnel will praise you for this, end-users will not be applauding you as they become frustrated because they have to log in again and again after five or 10 minutes when the session becomes inactive.īefore we jump into how to configure this in Exchange 2010, let’s first understand the limits that are set by default within Exchange. In this article, we will chat about setting timeouts on Outlook on the Web so that just like bank websites that timeout after a few minutes, the same will happen with OWA in your organization. In one of my previous articles, we spoke about Outlook on the Web (OWA) for daily use.