MicrosoftVery cool stuff. Does this require AD FS similar to how attachment handling required it for public/private network via OwaMailboxPolicy? In other words, for clients that are doing PTA and not doing AD FS, can they leverage this?!?!
UPDATE: AD FS is not required. This is quite cool. What is not entirely clearly explained, although this is simple enough to figure out, is that you must turn this paramteer on for policies that are already mapped to user in exchange. For the person above who is not seeing the change, make sure you have update the OWA policy being applied to the user, and then make sure you are logging in with a fresh session and you should see restrictions in place. So if a user is not being given the default OWA policy, then you must change that policy to be conditional access enabled such that you can drop them into read only via conditions from the conditional access rule. This is very cool, and yes we have wanted this for a long time - bravo Microsoft. I was testing with an accoun that had legacy OWA test policies and I had not updated the parameter (-ConditionalAccessPolicy) on the correct policy :)
