SymptomsWith the latest Microsoft Exchange 2010/2013 updates, a problem with customers' Distribution Lists visibility appeared.
All Distribution Lists created within an Exchange AD domain are displayed in the Groups section of the mailbox options in OWA, even if the MemberJoinRestriction parameter is set to Closed:
This behavior exposes the names and addresses of the Distribution Lists created by other tenants hosted in the same Hosted Exchange environment.
CauseThe latest Exchange 2010/2013 updates change the way the OWA UI behaves. Now, the group status is checked only after a user attempts to add themselves to a group.
ResolutionThe problem can be resolved by completely disabling access to groups in OWA by updating the default Role Assignment Policy. Execute the following command (in a single line) in Exchange Management Shell on any of the Hosted Exchange nodes in the AD domain:
Get-ManagementRoleAssignment -RoleAssignee "Default Role Assignment Policy" -Role MyDistributionGroupMembership | Remove-ManagementRoleAssignment -Confirm:$false
After the command above is executed, the customer will not have the Groups item in OWA: