Microsoft recently published guidance for Exchange Server addressing the May 2026 vulnerability. One important note in the article is related to OWA Light. Microsoft states that OWA Light — accessed by using an OWA URL ending with /?layout=light — does not work properly after the mitigation is applied. Microsoft also notes that this feature was deprecated several years ago and is not intended for regular production use.
This can become a practical issue if some users previously selected the following option in Outlook on the web:
"Use the light version of Outlook"
When this option is selected, the user may continue to be redirected to the Light version of OWA even when accessing the normal OWA URL.
Example URLs:
https://mail.contoso.com/owa
https://mail.contoso.com/owa/?layout=light
The Issue
In the lab I confirmed the following behavior:
- If the user has selected “Use the light version of Outlook”, the
/?layout=PremiumURL does not force the user back to Premium OWA. - Disabling and re-enabling OWA for the mailbox does not reset this user preference either:
Set-CASMailbox user@contoso.com -OWAEnabled $false
Set-CASMailbox user@contoso.com -OWAEnabled $true
The user can still return to OWA Light after signing in again.
Root Cause
The user-level OWA Light preference is stored on the mailbox via the following CAS mailbox property:
IsOptimizedForAccessibility
Microsoft documents this parameter as the setting that specifies whether the mailbox is configured to use the light version of Outlook on the web.
True: The mailbox is configured to use OWA Light
False: The mailbox is not configured to use OWA Light
Note: This parameter is functional only in on-premises Exchange. The -ReadIsOptimizedForAccessibility switch is required when reading this property. Without it, the value may not be returned correctly.
Check a Single User
Use the following command to check whether a mailbox is configured for OWA Light:
Get-CASMailbox "auser01@contoso.com" -ReadIsOptimizedForAccessibility | Format-List DisplayName, PrimarySmtpAddress, OWAEnabled, IsOptimizedForAccessibilityIf the output shows:
IsOptimizedForAccessibility : True
the mailbox is configured to use the light version of Outlook on the web.
Force the User Back to Premium OWA
To force the user back to Premium OWA, set IsOptimizedForAccessibility to $false:
Set-CASMailbox "auser01@contoso.com" -IsOptimizedForAccessibility $falseThen ask the user to close the browser completely and sign in again. In my test lab, after running this command and reopening the browser, the user was forced back to Premium OWA successfully.
Verify the Change
Get-CASMailbox "auser01@contoso.com" -ReadIsOptimizedForAccessibility |
Format-List DisplayName, PrimarySmtpAddress, OWAEnabled, IsOptimizedForAccessibilityExpected result:
IsOptimizedForAccessibility : False
Find All Users Configured for OWA Light
Before disabling OWA Light at the policy level, it is useful to identify all users who have already selected the light version.
Get-CASMailbox -ResultSize Unlimited -ReadIsOptimizedForAccessibility |
Where-Object { $_.IsOptimizedForAccessibility -eq $true } |
Select-Object DisplayName, PrimarySmtpAddress, IsOptimizedForAccessibilityExport Affected Users to CSV
Get-CASMailbox -ResultSize Unlimited -ReadIsOptimizedForAccessibility |
Where-Object { $_.IsOptimizedForAccessibility -eq $true } |
Select-Object DisplayName, PrimarySmtpAddress, IsOptimizedForAccessibility |
Export-Csv C:\Temp\OWA-Light-Users.csv -NoTypeInformation -Encoding UTF8Remediate Affected Users in Bulk
After reviewing the exported list, you can update all affected users at once:
Import-Csv C:\Temp\OWA-Light-Users.csv |
ForEach-Object {
Set-CASMailbox $_.PrimarySmtpAddress -IsOptimizedForAccessibility $false
Write-Host "Fixed: $($_.PrimarySmtpAddress)"
}Summary
OWA Light may cause issues after applying the Exchange Server May 2026 CVE mitigation. Some users may have manually selected the Light version from OWA options. In that case, using /?layout=Premium is not enough to force them back to the full OWA experience.
Cloud and infrastructure professional with nearly two decades of experience in enterprise IT environments, spanning public cloud, private cloud, and hybrid architectures.