SafeNet Agent for Microsoft Outlook Web App
Customer Release Notes (CRN) - This document describes capabilities, resolved issues, limitations, and known issues for different product releases.
Product Description
The Outlook Web App (OWA) is Microsoft Exchange Server's web-based email client that allows users to access email messages, contacts, and calendars using web browsers, without setting up a full email client.
SafeNet Agent for Microsoft Outlook Web App enables you to:
- Apply the access management features of SafeNet Trusted Access to manage and control user access to your Outlook Web App.
- Take advantage of SafeNet Trusted Access to provide secure Two-Factor Authentication (2FA) to your Outlook Web App.
Release Description
SafeNet Agent for Microsoft Outlook Web App 3.0.0
Build Number: 3.0.0
This release introduces the following features and resolves the issue listed below:
-
Microsoft Exchange Server Subscription Edition compatibility
-
Browser support update: Internet Explorer is no longer supported. Support has been added for Microsoft Edge, while Chrome and Firefox continue to be supported.
-
Security hardening: TLS v1.2+ is now enforced as the minimum supported protocol. Removed support for TLS 1.0 and 1.1.
-
Extended operating system support: Support for Windows Server 2022 and 2025.
-
Dependency updates: Upgraded from .NET Framework 4.5 to .NET Framework 4.8.
| Issue | Synopsis |
|---|---|
| SASNOI-47197 | Users were unable to complete authentication with the OWA NextGen agent and were redirected to the login page with an error, despite successful OTP/PUSH validation at the identity provider. |
SafeNet Agent for Microsoft Outlook Web App 2.1.4
This release introduces the following feature and resolves the issue listed below:
- Enhanced Security: A more robust and dependable authentication experience.
| Issue | Synopsis |
|---|---|
| SAS-47197 | The SafeNet Agent for Microsoft OWA successfully connects to the SafeNet server. |
SafeNet Agent for Microsoft Outlook Web App 2.1.2
This release introduces the following feature:
-
Office Online Server Support: The SafeNet Agent for Microsoft Outlook Web App now supports Office Online Server (OOS) with Microsoft Exchange Server 2016. The Office online server support enables the agent to deliver browser-based viewing, editing, and downloading of Office documents attached to OWA email messages.
This feature enables document collaboration and editing in real-time, as the Office documents attached to OWA emails can be viewed and edited from within the Outlook on the web interface without requiring to download the files to a local computer.
SafeNet Agent for Microsoft Outlook Web App 2.1.0
This major new release allows customers to manage access to the OWA application through SafeNet Trusted Access (STA), and thus benefit from applying STA policy framework and scenario-based, contextual conditions. For users, it provides the value of extending the STA Single Sign-On (SSO) experience to OWA.
Unlike earlier versions, the SafeNet Agent for Microsoft Outlook Web App 2.1.0 of the type SafeNet Trusted Access or SAS is a scalable, customizable, and a more productive authentication solution. Although the look and feel of the agent is modernized, the set-up and ease in functionality remains. Critical application management and policy tasks, now handled at STA, ensures that the agent's manager console is reduced, resulting in better productivity and faster processing.
SafeNet Agent for Microsoft Outlook Web App 2.0.0
This release resolves the issue listed below:
| Issue | Synopsis |
|---|---|
| SASNOI-7305 | The login page of Exchange Control Panel (ECP) now renders correctly (without any error) while working with the SafeNet OWA Agent. |
SafeNet Agent for Microsoft Outlook Web App 1.2.3
This release resolves the issues listed below:
| Issue | Synopsis |
|---|---|
| SASNOI-6716 | Group exclusion is now working fine for Microsoft Outlook Exchange Server 2010 deployed in a forest environment with multiple domains. Child domains are now getting added correctly to the User or Group list ensuring that the agent correctly reads group of global catalog in the AD. |
| SASNOI-6559 | Exchange 2010 is now running fine with Exchange 2016 when OWA agent is enabled. |
SafeNet Agent for Microsoft Outlook Web App 1.2.2
This release introduces the following feature and resolves the issue listed below:
- Security enhancements: Updates at the infrastructure and agent level.
| Issue | Synopsis |
|---|---|
| SASNOI-6511 | The OWA Group exception now works even if only a username (without its domain name) is provided during the login process. The Domain Stripping functionality is fixed to ensure that exclusion groups are identified correctly and no valid groups are bypassed during the SafeNet 2FA process. |
SafeNet Agent for Microsoft Outlook Web App 1.2
This release introduces the following features and resolves the issues listed below:
-
Exchange Server support: Support for Microsoft Exchange Server 2016.
-
Domain Stripping:
-
Strip realm from UPN (username@domain.com will be sent as username): Select the added check box if the SafeNet username is required without the suffix @domain.
-
Strip NetBIOS prefix (domain\username will be sent as username): Select the added check box if the SafeNet username is required without the prefix \domain.
Note
The realm-stripping feature applies to SafeNet usernames only. Active Directory (AD) usernames are not affected.
-
| Issue | Synopsis |
|---|---|
| SASNOI-6274 | The Internal Server Error encountered when accessing the OWA Agent's login page during an uninstall is now resolved. |
| SASNOI-6167 | Functionality to include specific user groups for 2FA now works on a single domain, applying 2FA, on top of domain credentials authentication. |
| SASNOI-6165 | Forcing the challenge response with SMS group in Split Authentication Mode now works as expected, forcing the challenge after entering the username and the LDAP password. |
| SASNOI-6058 | Internet Information Services (IIS) now restarts normally after applying and saving configuration changes on the OWA agent. |
| SASNOI-6056 | The error encountered while logging new users to the SafeNet Agent for Microsoft Outlook Web App is now resolved. |
| SASNOI-2738 | The SafeNet Agent for Microsoft Outlook Web App now works fine if the default installation path is changed. |
| SASNOI-2148 | The SafeNet Agent for Microsoft Outlook Web App now works correctly with shared mailboxes. |
| SASNOI-2112/SASNOI-2096 | The Group exclusion feature of SafeNet Agent for Microsoft Outlook Web App now works correctly on multiple domains. |
| SASNOI-2096 | The OWA Group exception now works for external domains. Thus, the functionality to include specific, external MOTC user groups for 2FA now prompts for OTP, in addition to domain credentials. |
| SASNOI-2090 | Only one challenge is now generated if a user enters an incorrect OTP when logging in to the OWA agent. |
SafeNet Agent for Microsoft Outlook Web App 1.09
This release resolves the issues listed below:
| Issue | Synopsis |
|---|---|
| SASNOI-3776 | It is now possible to install SafeNet Agent for Microsoft Outlook Web App using any account with administrator permissions, even if a user named "Administrator" is not defined in the AD. |
| SASNOI-3851 | After logging in with an iOS device, logging out and then logging in again, the user is no longer able to log in without entering a new One Time Password (OTP). |
Advisory Notes
Microsoft Exchange Server Limitations
- Following log out, the user is always removed from the User ID field on both private and public computers.
- Changes to the public or private configuration in Microsoft Exchange Server have no effect on the SafeNet Agent for Microsoft Outlook Web App Login window.
Known Issues
| Issue | Synopsis |
|---|---|
| SASNOI-6374 | Summary: If there are no groups in the Split Authentication Mode, then after migrating from 1.09 (or 1.1) to 1.2 version of the agent, the Standard Authentication Mode is enabled. Workaround: To change the setting, go to SafeNet Microsoft Exchange OWA Manager > Authentication Methods and select Split Authentication Mode. |
| SASNOI-4090 / SASNOI-3926 | Summary: Group exclusion functionality does not work with nested groups. Workaround: None, will be resolved in a future release. |
| SASNOI-2301 | Summary: An extra Sign in page is displayed while authentication is already in progress. The page is only encountered when the user is authenticated for the first time, after enabling the agent. Workaround: Do not click Sign in on the displayed page. The user will be automatically redirected to the mailbox after a few seconds. |
| SASNOI-3887 | Summary: The OTP field is not labeled when accessed from a mobile device application. Workaround: Ignore, does not affect functionality. It will be fixed in a future release. |
| SASNOI-2094 | Summary: When using SafeNet Agent for Microsoft Outlook Web App with Exchange 2013, FreeBSD 10.1 and Apache/2.4.12 mod_proxy, if working in Split Authentication mode and publishing externally, the OWA login does not work. Workaround: None, will be fixed in a future release. |
| SASNOI-3933 | Summary: The SafeNet Agent for Microsoft Outlook Web App cannot be installed on operating systems that are not in the English Language. Workaround: Do one of the following: 1. If it is a Domain Controller (DC), navigate to Active Directory > Builtin and create a new group named Network Service. 2. If it is not a DC, navigate to Server Manager > Configuration > Local Users and Groups and create a new group named Network Service. 3. Install SafeNet Agent for Microsoft Outlook Web App. The SafeNet Agent for Microsoft Outlook Web App should now operate correctly. |
| SASNOI-2469 | Summary: The repair option in the Windows Control Panel Add or Remove Programs fails if it is not run as an administrator, even though the user is logged on as a Domain Administrator. Workaround: Run Add or Remove Programs as an administrator. |
| SASNOI-2631 | Summary: Active Sync mobile devices cannot be added when the SafeNet Agent for Microsoft Outlook Web App is enabled. The message "can't connect to the server" is displayed. Workaround: Disable the SafeNet Agent for Microsoft Outlook Web App. The device now contacts the server without issue and synchronizes correctly. Enable the agent; the device now proceeds to operate correctly. |
