Outlook 2016 Advanced Settings

danhutchings
New Contributor II

Hi there!

Can someone tell me what file handles this setting in Outlook 2016? I am trying to configure the SSL settings, and force them.

0c0e04e5a46a4a8d97c59ccf9200e671

10 REPLIES 10

talkingmoose
Honored Contributor II

That preference is stored in a SQLite database file for the account and isn't directly modifiable, but you can change it using AppleScript. This requires Outlook be running or it will launch Outlook if it's not running.

tell application "Microsoft Outlook" to set ldap port of Exchange account 1 to 3269

3269 is the SSL port number for LDAP and setting the port will enable the checkbox.

talkingmoose
Honored Contributor II

Correcting myself on this one. Enabling SSL sets the port to 3269 not the other way around. The command you want is:

tell application "Microsoft Outlook" to set ldap use ssl of exchange account 1 to true

fazz786
New Contributor

Hi All

Can someone help me how to add the below key to outlook plist

Allow only corporate mailboxes to be added

Specify one or more domains users are allowed to add in Outlook.

Domain com.microsoft.Outlook
Key AllowedEmailDomains
Data Type Array of Strings
Possible values Various (example: "'contoso.com$'")
Availability 16.18
Comments Format strings as regular expressions. Does not remove or disconnect accounts already added in Outlook.

talkingmoose
Honored Contributor II

@fazz786, use the defaults command in Terminal to create your plists. It'll create them the correct way. I also like creating the plist on my desktop to make it easier to find.

This new key accepts regular expressions (as you see in your example above), but you don't have to use regular expressions. If you only have one domain such as "talkingmoose.net" then just add that.

defaults write ~/Desktop/com.microsoft.Outlook.plist AllowedEmailDomains -array-add -string 'talkingmoose.net'

If you have multiple possible domains like "talkingmoose.net" and "jamf.com", you can create a plist like this:

defaults write ~/Desktop/com.microsoft.Outlook.plist AllowedEmailDomains -array-add -string 'talkingmoose.net'
defaults write ~/Desktop/com.microsoft.Outlook.plist AllowedEmailDomains -array-add -string 'jamf.com'

Your plist will look similar to:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>AllowedEmailDomains</key>
    <array>
        <string>talkingmoose.net</string>
        <string>jamf.com</string>
    </array>
</dict>
</plist>

Upload your new com.microsoft.Outlook.plist file to a Custom Settings payload in a new Configuration Profile in Jamf Pro and deploy it to your Macs.

fazz786
New Contributor

Many thanks for the above

Also as we on the same topic all the key below work fine part from disable import & disable export they never seem to work can some one try this we are using office Mac 2016 365

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <dict>
<key>HideFoldersOnMyComputerRootInFolderList</key> <true/> <key>DisableExport</key> <true/> <key>DisableImport</key> <true/> <key>HideCanAddOtherAccountTypesTipText</key> <true/> <key>PII_And_Intelligent_Services_Preference</key> <false/> <key>kFREIntelligenceServicesConsentV2Key</key> <true/> </dict>
</plist>

talkingmoose
Honored Contributor II

@fazz786, refer to lines 79-80 of the community spreadsheet detailing Office key/value pairs. You'll need Office 2019 version 16.18 or later to use the disable import and export keys. Office 2016 stops at version 16.16.x

EdLuo
Contributor II

It has been several years since OP asked. I'm wondering if there is there a better way to do this? Preferably, one that does not launch Outlook. This will be helpful when Microsoft enforce SSL requirement for LDAP.

talkingmoose
Honored Contributor II

Unfortunately, nothing has changed with this specific setting or most any settings that are part of accounts. The data is stored in a combination of a proprietary binary format file and SQLite database. Microsoft hasn't provided any way to automate adjusting this particular setting other than using AppleScript, which requires the app be running for the specific user with the account.

EdLuo
Contributor II

Okay. Apple script it is. Our plan is to create a self service clickable policy so any unexpected Outlook launch won't be a surprise.

My team came up with this script for this policy

#!/bin/bash
osascript <<'END'
tell application "Microsoft Outlook"
    set exList to get every exchange account
    repeat with exItem in exList
        set exDomain to get server of exItem
        if exDomain is "https://OurServer.org/EWS/Exchange.asmx" then
            set ldap server of exItem to "ldap.OurServer.org"
            set ldap port of exItem to 3269
            set ldap use ssl of exItem to true
        end if
    end repeat
end tell
END

When testing, it works for me and my colleague. But for my other colleague, he is getting this in the policy log.

[STEP 1 of 4]
Executing Policy Enable SSL LDAP for Outlook
[STEP 2 of 4]
Running script Outlook Enable SSL...
Script exit code: 1
Script result: 222:270: execution error: Microsoft Outlook got an error: The user name of the account is required. (-1715)
Error running script: return code was 1.
[STEP 3 of 4]
[STEP 4 of 4]

Anyone know what "The user name of the account is required" means?

Tim_Apple
New Contributor III

We have the same problem. Could someone help? @talkingmoose maybe?