ra2 studio - Fotolia


Configuration caveats when enabling Outlook offline

Exchange data is still available for users working in Outlook offline or Outlook on the web, but administrators may want to lock down certain settings.

Workers can use Outlook offline and still access Exchange Server data in a few popular ways: Cached Exchange Mode, Outlook on the web offline access and ActiveSync. Administrators must understand these popular options, along with some configuration precautions.

While it is still possible for users to store mail in a PST file, and access the file contents while working offline, PST file use is discouraged for a variety of security, management and data protection reasons, so consider these other options.

For optimal results, use Cached Exchange Mode

Cached Exchange Mode typically provides the best overall experience for accessing Exchange mailbox data offline because all Outlook features work even when a connection to Exchange Server is unavailable. In Outlook 2013 and Outlook 2016, cached mode even downloads copies of shared folder contents. Shared folders include Exchange public folders, SharePoint folders and folders belonging to other users for whom the user has delegate access.

By default, Outlook 2016 keeps data from the last 12 months available for Outlook offline use. This should be enough data for most users, but it is possible to modify the cache. A user can control their cache size by going to Outlook's File menu and clicking Account Settings>Account Settings. When the Account Settings dialog box opens, the user can double-click on their account to access the Change Account dialog box. This dialog box contains a check box for Cached Exchange Mode and a slide bar that controls the amount of mail to store offline.

Cached Exchange Mode typically provides the best overall experience for accessing Exchange mailbox data offline, because it allows all Outlook features to be used -- even when a connection to Exchange Server is unavailable.

Administrators can control Cached Exchange Mode at the Group Policy level using the Office Administrative Templates. The settings that are related to Cached Exchange Mode reside at User Configuration> Administrative Templates >Microsoft Outlook <version>> Account Settings>Exchange>Cached Exchange Mode. 

There are three circumstances in which Cached Exchange Mode cannot be used. Cached Exchange Mode is not supported when Outlook is connected to a mailbox using POP3 or IMAP. Cached Exchange Mode is also unavailable if it's disabled at the Group Policy level. Finally, Cached Exchange Mode is disabled for instances of Outlook that are installed on a Windows Server if the Microsoft Windows Terminal Services are installed.

Access Outlook on the web with a browser

Another option for accessing Exchange mailbox data while working offline is to use Outlook on the web -- previously known as Outlook Web Access (OWA) or Outlook Web App. In Exchange Server 2013, Microsoft allowed users to access mailbox data through OWA while working offline. This feature also exists in Exchange Server 2016. Users must simply log into Outlook on the web, click the Settings icon, click on Offline Settings and select the Turn on Offline Access checkbox.

Some organizations prevent users from using OWA's offline access feature because they consider it a security risk. The location for offline OWA data varies depending on the browser and operating system, but the data is typically stored in the user's profile folder in the browser's database. For example, a Windows computer running Internet Explorer would store OWA data at %Systemdrive%\Users\%Username%\Local\Microsoft\Internet Explorer\Indexed DB. This is a problem because the data is not encrypted and could be accessible to others if a shared computer is used.

Organizations concerned about the security of offline OWA access can use the Exchange Management Shell to disable offline access to OWA with the following command:
Set-OwaMailboxPolicy –Identity Default –AllowOfflineOn NoComputers

Mobile device access

When mobile devices connect to Exchange Server using ActiveSync, copies of messages, calendar items and other data are downloaded. Typically, only the last week of mail is stored, although device-level policies control the amount of data stored for offline use.

Organizations that allow mobile device mailbox access must accept some mail will be cached to the devices. As such, the best course of action is to apply Group Policy settings requiring device-level security, such as requiring device-level passwords.

Next Steps

Solving a folder disappearing act in Exchange Server

How to control Outlook Web App mailbox policies

Securing Exchange, Office 365 against attacks and outages

Dig Deeper on Outlook management