Address book policies in Exchange Online

Address book policies (ABPs) lets admins segment users into specific groups to provide customized views of the organization's global address list (GAL). The goal of an ABP is to provide a simpler mechanism for GAL segmentation (also known as GAL segregation) in organizations that require multiple GALs.

An ABP contains these elements:

For procedures involving ABPs, see Address book policy procedures in Exchange Online.

Notes:

  • ABPs create only a virtual separation of users from a directory perspective, not a legal separation.

  • Implementing an ABP is a multi-step process that requires planning. For more information, see Scenario: Deploying Address Book Policies.

How ABPs Work

The following diagram shows how ABPs work. The user is assigned Address Book Policy A that contains a subset of address lists that are available in the organization. When the ABP is created and assigned to the user, the ABP becomes the scope of the address lists that the user is able to view.

Overview of Address Book Policies

To turn on ABP email routing in your Exchange Online organization, see Turn on address book policy routing in Exchange Online.

To assign ABPs to users, see Assign an address book policy to users in Exchange Online.

APBs take effect when a user connects to their Exchange Online Mailbox. If you change an ABP, the updated APB takes effect when a user restarts or reconnects their email client app.

ABP example

In the following diagram, Fabrikam and Tailspin Toys share the same Exchange Online organization and the same CEO. The CEO is the only employee common to both companies.

Two Companies One CEO

The suggested configuration includes three ABPs:

  • One ABP is assigned to Fabrikam employees. The GAL and address lists in the ABP include Fabrikam employees and the CEO.

  • One ABP is assigned to Tailspin Toys employees. The GAL and address lists in the ABP include Tailspin Toys employees and the CEO.

  • One ABP is assigned to only the CEO. The (default) GAL and address lists in the ABP include all employees (Fabrikam, Tailspin Toys, and the CEO).

Based on this configuration, the ABPs help to enforce these requirements:

  • The users in Tailspin Toys can only see Tailspin Toys employees and the CEO when they browse the GAL.

  • The users in Fabrikam can only see Fabrikam employees and the CEO when they browse the GAL.

  • The CEO can see all Fabrikam and Tailspin Toys employees when she browses the GAL.

  • Users who view the CEO's group membership can see only groups that belong to their company. They can't see groups that belong to the other company.

ABPs for Entourage and Outlook for Mac users

Entourage and Outlook for Mac clients that connect to their Exchange Online mailboxes can use an OAB or Exchange Web Services (EWS), which allows them to search the GAL based on the assigned ABP.

In hybrid environments where the user account is in your on-premises organization and the mailbox is in Exchange Online, ABPs won't function for Entourage and Outlook for Mac users who connect to their mailboxes from inside the corporate network, because Entourage and Outlook for Mac connect directly to global a catalog server to query Active Directory (which bypasses the ABPs). Outside the corporate network, they can use an OAB or Exchange Web Services (EWS), which allows them to search the GAL based on the assigned ABP.

To learn more about administering Outlook for Mac 2011, see Planning for Outlook for Mac 2011.