Using Exchange Address Book Policies with Teams

Posted on by Tony Redmond in Exchange Online, Microsoft Teams, Office, and Office 365

Teams Splash

Teams Uses the Office 365 Toolbox

One of the nice things about Teams is that it makes full use of components available in the Office 365 software toolbox. There’s no question about reinventing wheels when perfectly good wheels are available for reuse. Teams uses Exchange for a calendar and compliance records, SharePoint for document storage, OneDrive for Business for personal sharing, and so on. It’s absolutely the right attitude to take.

The latest component adopted by Teams is directory segmentation, or the ability to give different views of directory contents to selected users. This feature is called Address Book Policies (ABPs) and first appeared in Exchange 2013.

Directory Views

Directory segmentation is often used by organizations like conglomerates made up of different operating companies or schools that have different colleges. The organization has a common infrastructure (in this case, Office 365), but wishes to limit what users can see. For example, they might decide that a user can only see other employees in the same company, or in the same country. An address book policy implements the limitation by giving users a customized view of the Global Address Book (GAL).

An ABP is made up of four parts:

  • A custom GAL.
  • A custom Offline Address Book (OAB).
  • One or more custom address lists.
  • A custom room list.

If you don’t use ABPs, Exchange Online mailboxes use the default GAL, OAB, and address lists.

Filtered Views

Creating an ABP is a matter of defining the recipient filters for Exchange to create the custom views used by the ABP. For example, running the Get-GlobalAddressList cmdlet reveals the available GAL views defined in the tenant.

Two GALs are available. The first is a custom GAL (France GAL) with a recipient filter that finds any mail-enabled object with a value of “France” in its CustomAttribute10 property. The second is the default GAL with a recipient filter that includes all mail-enabled objects.

If we then run the Get-AddressBookPolicy cmdlet to see if any ABPs are defined, we see that there is one called “France ABP” and that its views are named appropriately. We can see the filters used for these views with the Get-OffilineAddressBook and GetAddressList cmdlets.

Assigning to Mailboxes

An ABP is assigned to a mailbox by setting the AddressBookPolicy property of the mailbox. To check what ABPs are in place for mailboxes, run the Get-Mailbox cmdlet:

To assign an ABP, run Set-Mailbox to update the property

Using ABPs with Teams

ABPs are obviously useful to Exchange, but they are also used by Teams for the same reason: to segment your directory into sections accessible to different groups of users. To enable address book policies for Teams, go to the Org-wide settings section of the Teams and Skype for Business Online Admin Center, select Teams settings, and then toggle the switch for Scope directory search in Teams using an Exchange address book policy to On (Figure 1).

Enabling Teams ABPs
Figure 1: Switching on ABPs for Teams (image credit: Tony Redmond)

After refreshing its cache, Teams clients (version onwards) will respect the address book policy setting for user mailboxes and restrict users to selecting other users in the ABP when they start a chat. If they try to contact someone outside the ABP, Teams signals an error (Figure 2).

Enabling ABPs Teams

Figure 2: Error generated when a user tries to contact someone outside their ABP (image credit: Tony Redmond)

Not a Complete Block

Just like Exchange users can communicate with people outside their ABP by entering the SMTP address of a recipient, the use of ABPs in Teams is not a complete block.

For instance, the membership of teams that someone belongs to might include people inside and outside the scope of an ABP (including org-wide teams). Any member of a team can select another member and chat without them without hindrance, perhaps after browsing the full membership of the team with the Manage team menu option.

You can also use the organization link in a people card to traverse the structure of an organization to find someone interesting to communicate with. ABPs don’t stop this behavior. For example, if Natasha chats with Sanjay, she can follow Sanjay through the organization to find other people (Figure 3).

Teams Org
Figure 3: Viewing organizational information in Teams (image credit: Tony Redmond)

One Part of a Solution

Teams is designed to foster communication, not stop it and ABPs are not intended to be a full block on interpersonal communication between different sections of an organization. Other methods like transport rules exist for that purpose in email, and if you want a full block in Teams, you’ll have to pay attention to the membership of teams, making teams private rather than public, not using org-wide teams, and not publishing organizational structures in Azure Active Directory.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.


Don't have a login but want to join the conversation? Sign up for a Petri Account