Enabling Silent OWA Redirection for Office 365 Hybrid


As part of a Hybrid deployment of Exchange Server 2010 and Office 365, you’ll be faced with a few challenges if you want to keep a single Outlook Web App URL for your end users.

If you’re using Windows Authenticated Login against Exchange and AD FS then you’ll already have avoided multiple login prompts; and if you’re using Forms Based Authentication for both I’ve covered the TMG setup necessary to configure the same single sign on you’ll see in these videos in my article Configuring AD FS 2 with TMG-based SSO to Office 365.

The other challenge that I really wanted to get a solution for, and get feedback from others on, is the landing page shown above where the end user needs to click-through the “Use the following link to open this mailbox with the best performance” page. What I wanted was a solution that avoided that step entirely.

Now, it’s not necessary to do this if you are happy for users to update their own bookmarks, and concerns about users seeing a non-company domain can be avoided by following the steps in this article by Timothy Heeney which shows you how to setup a separate vanity Office 365 URL like “http://cloud.company.com/owa” by using CNAME records.

However if you have a large user base that will be mixed between on-premise and Office 365, then keeping a single OWA URL will be very desirable. For example, a large University may have user documentation with the URL specified, lab computers with standard bookmarks, and the possibility that users may move between on-premises and Office 365 as they move between different courses or roles. It might only be an extra click, but if you add up that extra 5 seconds across tens of thousands of users logging into OWA per day and it starts to add up..

If you’re not familiar with the process, here’s a quick demo of the current “out of the box” experience, optimised using TMG for forms-based single sign-on:

Unable to display content. Adobe Flash is required.
OWA Standard Sign-in to Office 365

As you can see it’s good – but it’s not great. It’s not got the “wow” factor that makes a hybrid deployment feel like a single organization.

The redirect page itself does serve other purposes, so it’s not like we can just get rid of it. It’s used by Exchange itself if you have an environment with multiple internet facing sites, unless you use the SP2 feature for silent redirection between sites. So we can’t just do away with the redirection page altogether – we need to take into account where it might be used elsewhere.

Another issue that’s been highlighted to me (thanks BR!) is that the default non-SSL link generated through the Hybrid Wizard is in the form http://outlook.com/owa/federateddomain rather than it’s SSL equivalent – so using this (or the vanity URL mentioned above) could generate browser warnings regarding redirection to a insecure link. Therefore the link we redirect to must be in the form https://outlook.com/owa/federatedomain. This can be changed easily though, by editing the Organization Relationship like so:

Set-OrganizationRelationship “On Premises to Exchange Online Organization Relationship” -TargetOwaURL:https://outlook.com/owa/federateddomain


Once this is changed, we should be ready to enable the silent OWA redirection in Exchange itself, by editing the casredirect.aspx file within OWA.

Before we begin – it’s important to understand that this is unsupported by Microsoft, and it probably never will be. Therefore, you’ll need to test this in your own environment, and be prepared to replace the original casredirect.aspx file in the event of any issues; you’ll also need to check and if needed, re-implement this after application of update rollups or service packs. That said, so far I can’t see a reason why this would cause any issues and part of the point of this post is to gain some feedback from the community as to any other downsides.

So now you know why you shouldn’t do this – let’s look at how to do it..! You’ll find the casredirect.aspx file within the OWA directory, typically in the following path within the Exchange install directory:

C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\owa\

Edit the casredirect.aspx file directly above the <!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”> tag and add the following lines:

if (RedirectionUrl.Contains(“https://outlook.com/owa”)) {

This should look like this in the actual file itself:


What does this do? Well, it’s pretty straightforward – before any content is rendered, the Redirection URL is checked to ascertain if it contains the https://outlook.com/owa URL (note the HTTPS!), and if so, issue a redirect to Office 365. For any other Redirection URLs, the page will render normally.

Let’s take a look at how it works in practice:

Unable to display content. Adobe Flash is required.
OWA Silent Redirection to Office 365


As you can see it’s fairly simple to implement, and provides a clean login consistent with on-premises Outlook Web App when combined with other SSO methods. Let me know what you think in the comments…


45 thoughts on “Enabling Silent OWA Redirection for Office 365 Hybrid

  1. Pingback: Silent OWA Redirection for Exchange 2013 / Office 365 Hybrid | Rebel without a reboot

  2. Pingback: 銈广儐銈c償銉ャ儵銆€涓囧勾绛嗐€€銉庛儥銈汇兂銉堛€€銉曘偐銉冦偝銆愰€佹枡鐒℃枡銉诲悕鍏ャ倢銈点兗銉撱偣銉汇儵銉冦償銉炽偘鐒℃枡銆戙€愰珮绱氫竾骞寸瓎銆戙€愩儦銉炽儚

  3. Pingback: OWA client protocol connectivity flow in Exchange 2013/2010 coexistence | 3/4 | 22#23 - o365info.com

  4. Pingback: OWA client protocol connectivity flow in Exchange 2013/2007 coexistence | 3/4 |18#23 - o365info.com

  5. Steve,

    it is a great post. I am getting this error below after I put it. any thoughts?
    An error occurred and your request couldn’t be completed. If the problem continues, contact your helpdesk with this HTTP Status code: 500.
    Exception type: System.Web.HttpCompileException
    Exception message: c:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\casredirect.aspx(6): error CS1056: Unexpected character ‘“’

    • alright I found the cause. I just copied and pasted it and ” become something different that was not recognized. I had to delete ” part and manually put. Thanks a lot.

  6. Pingback: ActiveSync and Exchange web service client protocol connectivity flow in Exchange 2013/2010 coexistence environment | 4/4 |

  7. We are trying to get this to work and are getting a error stating: “Outlook Web App address is out of date”. In order for this to work, do we need to be using ADFS?

  8. Hi Steve,

    I am having an issue where the OWA redirection in a Hybrid deployment with Exchange 2013 is not happening for a single account and it is throwing an auth error. Any help would be greatly appreciated…

  9. I unsuccessfully searched the net for a way to do this with Exchange 2013 since the above doesnt work due to the changes with Exchange 2013 CAS/Frontends. After some digging I figured out a way and thought I’d post my finding to others. MS is using an custom http 500 error page on the frontend to display the redirect office365 target url under C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\errorFE.aspx so adding similar custom code in there will get the same results.

    I inserted this

    between the lines


    The auth strings were just my contribution to Steves code above in Exchange 2010 so that Office365 would auto bounce to our tenant space. I tried to add the code at the beginning of the errorFE.aspx file but it didnt work so I left it in the middle where I know it works.

  10. Pingback: New on Search Exchange – Publishing Exchange to the Internet using WAP and AD FS 3.0 Part 1 | Steve Goodman's Exchange Blog

  11. Thanks this was very helpful. I replaced “RedirectionUrl” in…
    …with the smartlink for office365 in the form of “http://mail.domain.com”.

    Works great!

  12. Pingback: Office 365: Configurando Silent OWA Redirect no Hydrid Configuration « Diogo Heringer

  13. Pingback: Office 365: Configurando Silent OWA Redirect no Hydrid Configuration « Office 365 Blog

  14. Pingback: Configuring AD FS 2 with TMG-based SSO to Office 365 | Steve Goodman's Exchange Blog

  15. Great post!,
    but I have a question… I have tried it, but when the owa redirects to office 365 page, I´m redirecting to the adfs website… and I have to login again… is there any additional parameters that I have to set?

    • Hiya,

      This doesn’t prevent login to ADFS if you’re already using ADFS’ forms-based authentication. In my example, I’m fronting OWA and ADFS with TMG, using NTLM authentication and SSO for the login domain – hence only one single login.


  16. Great idea and very interesting!!! Do you think this can apply to cross-sites slient redirection with TMG implemented??

  17. Pingback: Enabling Silent OWA Redirection for Office 365 Hybrid | Steve Goodman’s Exchange Blog « JC’s Blog-O-Gibberish

Leave a Reply