ASD's Blueprint for Secure Cloud

Outlook on the Web Policies

This section describes the design decisions associated with Outlook on the Web Policies for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Formerly known as Outlook Web App or Outlook Web Access, Outlook on the Web (OWA) policies, are used to control the availability of features and settings in Outlook on the Web. There are no security concerns with enabling OWA however organisations may wish to consider internal organisation policies to inform decisions. A decision to disable OWA will not alter an organisation’s cyber security posture.

A mailbox can only be assigned one OWA policy and every mailbox must have a policy assigned.

Features and settings which can be controlled by an OWA policy include:

  • Third party file provider integration
  • Office 365 group creation from within Outlook on the Web
  • Microsoft Satisfaction survey prompts

Security & Governance

  • None identified


  • None identified


  • None identified


  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra