Force OWA Light Users to Premium OWA After Exchange Server May 2026 CVE Mitigation
Microsoft recently published guidance for Exchange Server addressing the May 2026 vulnerability. One important note in the article is related to OWA Light. Microsoft states that OWA Light — accessed by using an OWA URL ending with /?layout=light — does not work properly after the mitigation is applied. Microsoft also notes that this feature was deprecated several years ago and is not intended for regular production use. This can become a practical issue if some users previously selected the following option in Outlook on the web: "Use the light version of Outlook" When this option is selected, the user may continue to be redirected to the Light version of OWA even when accessing the normal OWA URL. Example URLs: https://mail.contoso.com/owahttps://mail.contoso.com/owa/?layout=light The Issue In the lab I confirmed the following behavior:…