×

Want to Search?

Go here

Switch Language

Nederlands English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

Installation manual Zivver add-in for OWA and the new Outlook

Info
This installation guide also applies to the new Outlook for Windows. The steps described in this document are the same for both Outlook on the Web (OWA) and the new Outlook.
Each section indicates which products the steps apply to.

Introduction

OWA    New Outlook

Use the Zivver Outlook Web Access Add-in to securely send and receive messages directly from Outlook Web Access (OWA) and the new Outlook. This manual describes how to install the add-in in Exchange Online, which is part of Microsoft 365. The Zivver OWA add-in is available for Exchange Online only.

In this document, we will use the labels OWA and New Outlook to indicate which product a chapter or section applies to:

  • OWA means this section only applies to the Outlook Web Access add-in, which is used in the web browser version of Outlook (https://outlook.office.com).
  • New Outlook means this section only applies to the new Outlook for Windows.
  • OWA    New Outlook means this section applies to both the Outlook Web Access add-in and the new Outlook for Windows.

In some sections, specific steps or settings apply only to one of the products. In those cases, the label will be shown next to the step or setting.

Info
As of OWA add-in version 6, Zivver uses a new versioning method, consistent with our other integrations. As a result, you will now see version numbers like 3.xxx.x instead of 6.x.x when viewing the version number in the Zivver side pane.

Technical requirements

OWA    New Outlook

You can install the Zivver OWA add-in in Exchange Online. To use the OWA add-in, the following requirements must be met:

  • Use Exchange Online.
  • OWA The users’ workstations (Windows or Mac) must have the latest General Availability (GA) or Stable version of one of the following modern browsers installed:
    • Microsoft Edge (Chromium-based) — recommended
    • Google Chrome / Chromium (for Android/iOS) — recommended
    • Mozilla Firefox
    • Apple Safari (for iOS)
  • OWA Cookies must be allowed in the browser for the exact URLs listed below. Read more about CookiesAllowedForUrls in Edge (this setting is identical in Chrome):
    • [*.]office.com
    • [*.]office365.com
    • [*.]zivver.com
      The Zivver add-in stores the user’s active session in LocalStorage. Blocking cookies for these domains will cause users to log in after every page refresh.
  • OWA Pop-ups must be allowed in the browser for the exact URLs listed below. Read more about PopupsAllowedForUrls in Edge (this setting is identical in Chrome):
    • [*.]office.com
    • [*.]office365.com
    • [*.]zivver.com
      The Zivver add-in uses pop-ups for user authentication. Blocking pop-ups for these domains will prevent users from logging in to Zivver.
  • New Outlook Offline mode must be disabled in the new Outlook.
  • The Exchange policy that blocks downloading attachments in Outlook must be disabled (this is the default setting).
  • An Entra ID admin account with Global Administrator privileges.
  • A Zivver administrator account.

Installation

OWA    New Outlook

You can install the Zivver OWA add-in either via the Microsoft 365 admin center or by using PowerShell. Both methods are explained in this manual.

Deploy and configure the Zivver OWA add-in via the Microsoft 365 admin center

OWA    New Outlook

  1. Log in to the Microsoft 365 admin center.
  2. Click add Deploy Add-In.
  3. Click Next.
  4. Select Upload custom apps under Deploy a custom add-in.
  5. Enter https://owa-v6.zivver.com/manifest.xml as the URL of the OWA add-in manifest file.
    Info
    Make sure to include https://, even though this is already indicated in the user interface.
  6. Click Upload.
    The Configure add-in screen appears.
  7. Choose which users will be assigned the Zivver OWA add-in:
    • Everyone
      All users in your organization can use the add-in. Select this to roll out the add-in to your entire organization, for example, when going live with Zivver.
    • Specific users / groups
      Only specific users or groups can use the add-in. Select this for a pilot or if only some users use OWA.
      • Note
      Microsoft does not support assigning add-ins to nested groups. Read more about this in their documentation.
    • Just me
      Only makes the add-in available for your own admin account. Select this option if you want to test the add-in yourself.
  8. Select how the add-in will be deployed to users:
    • Fixed (Default)
      Recommended. The add-in is enabled by default for assigned users and cannot be disabled by them.
    • Available
      Not recommended. The add-in is disabled by default, but assigned users can enable it themselves.
    • Optional
      The add-in is enabled by default, but assigned users can choose to disable it.
  9. Click Deploy.
  10. Review the Microsoft notice and click Next.
  11. Click Close.
    The Zivver OWA add-in is now installed and configured for your Microsoft 365 organization. It may take up to 24 hours for the change to take effect in Exchange Online. See Microsoft's documentation for more information.
  12. Continue with the steps to give admin consent.

OWA    New Outlook

Tip
Although admin consent is required for both OWA and the new Outlook, it is best to perform the steps below using an OWA user mailbox instead of a new Outlook user mailbox.

The Zivver OWA add-in requires admin consent for your organization to work seamlessly with the Microsoft Graph API.

Prerequisites

  • A user mailbox with the Zivver OWA add-in deployed.
    This mailbox must have a Zivver account.
    This mailbox does not need admin privileges.
  • Global administrator credentials must be available when following the steps below.
    Either from the same user mailbox or a separate admin account.
Note
Always select Consent on behalf of your organization.
  1. Open outlook.office.com and sign in with the user mailbox that has the Zivver OWA add-in deployed.
  2. Launch the Zivver OWA add-in by starting a new draft email and clicking the Zivver icon, or go to Apps in the top ribbon and select Zivver.
    This should start the login process, opening a flyout from login.microsoftonline.com.
  3. If you’re logged in with an administrator account, select Consent on behalf of your organization and click Accept.
    Tip
    If you’re using a user mailbox without administrator privileges, click Have an admin account? Sign in with that account. After logging in with an admin account, you can then select Consent on behalf of your organization and click Accept.
Warning
If you forget to select Consent on behalf of your organization, you won’t get another chance. You must repeat these steps using a different administrator account.

Create an Exchange rule for Zivver messages

OWA    New Outlook

This rule must be set up to prevent OWA from sending a Zivver message as unencrypted, regular email.

Warning
If you do not configure this rule, every recipient will receive both the encrypted Zivver message and a secondary placeholder message with a link to the message on https://app.zivver.com. This happens because the ‘zivver-action: discard’ mail flow rule disposes of the secondary placeholder message in Exchange Online.
  1. Log in to the Exchange admin center.
  2. Click Mail flow in the left pane.
  3. Select the Rules tab.
  4. Click add Add a rule > Create a new rule.
  5. Name the rule zivver-action: discard.
  6. Under Apply this rule if, select The message headers ... and the sub-option matches these text patterns.
  7. Click Enter text.
    specify header name opens.
  8. Enter zivver-action, then click Save.
  9. Click Enter words.
    specify words or phrases opens.
  10. Enter discard.
  11. Click Add.
  12. Click Save.
  13. Under Do the following, select Block the message, and the sub-option delete the message without notifying anyone.
  14. Click Next.
    Set rule settings opens.
  15. Set Choose a mode for this rule to Enforce.
  16. Set Severity to Low.
  17. Select Stop processing more rules.
  18. Set Match sender address in message to Header.
  19. Click Next, then click Finish.
  20. Wait a few seconds, then click Done.
    You can now set the priority.
  21. Select the new rule.
  22. Enable the rule.
  23. Click Edit.
    zivver-action: discard opens.
  24. Click Settings.
  25. Set the priority of the zivver-action: discard rule to 0.
    A mail flow rule has now been created to prevent Zivver messages from being sent as unencrypted, regular email.
  26. Click Save, then click Done.

Required additional settings

OWA    New Outlook

Enable Inbound Direct Delivery

OWA    New Outlook

Inbound Direct Delivery (IDD) allows your users to read inbound Zivver messages directly from the reading pane instead of opening the Zivver side pane. To enable this feature, follow the procedure described in the Inbound Direct Delivery manual.

Allow cookies in Edge/Chrome

OWA

Allow cookies in the browser for the exact URLs listed below. Read more about CookiesAllowedForUrls in Edge (this setting is identical in Chrome).

Tip
See Allow cookies in Edge/Chrome with Intune for instructions on how to allow cookies with Intune.
  • [*.]office.com
  • [*.]office365.com
  • [*.]zivver.com
    The Zivver add-in stores the user’s active session in LocalStorage. Blocking cookies for these domains will cause users to log in after every page refresh.

Allow pop-ups in Edge/Chrome

OWA

Allow pop-ups in the browser for the exact URLs listed below. Read more about PopupsAllowedForUrls in Edge (this setting is identical in Chrome).

Tip
See Allow pop-ups in Edge/Chrome with Intune for instructions on how to allow pop-ups with Intune.
  • [*.]office.com
  • [*.]office365.com
  • [*.]zivver.com
    The Zivver add-in uses pop-ups to log users in. Blocking pop-ups for these domains will prevent users from being able to log in to Zivver.

Configure Exempt Domains

OWA    New Outlook

Configure Exempt Domains from scanning during sending to exclude internal domains from Smart Classification.

Add-in behavior

OWA    New Outlook

Configure Automatically use Zivver when a business rule recommends it to be set to On, Mandatory on the Add-in Settings page. Read more about Outlook Web Access Add-in integration settings.

Trusted websites in Internet Options

OWA

For Windows users only.

Add the following locations to the Trusted sites zone of Internet Options. This prevents a white screen during login to the OWA add-in.

Tip
See Configure trusted websites with Intune for instructions on how to configure trusted websites with Intune.
  1. Open the Control panel.
  2. Click Network and Internet.
  3. Click Internet Options.
  4. Click the Security tab.
  5. Click Trusted websites.
  6. Click the Websites button.
  7. Add these URLs as trusted websites:
    • Zivver OWA add-in: https://owa-v6.zivver.com
    • Zivver web app: https://app.zivver.com
    • OWA: https://outlook.office.com
  8. Click Close.
  9. Click OK.

macOS Safari privacy settings

OWA

For macOS users only.

  1. In Settings > Privacy, make sure “Prevent cross-site tracking” is unchecked.
  2. In Settings > Privacy, make sure “Block all cookies” is unchecked.
  3. In Websites > Pop-up windows, make sure “outlook.office.com” is allowed.

Disable Offline Mode

New Outlook

In the New Outlook, users can turn on Offline mode, which causes sent messages to be stored in the Outbox. When Offline mode is later turned off, these messages are sent automatically—without involving any add-ins, including the Zivver add-in. As a result, the messages are not classified or secured by Zivver. To avoid this issue, follow the steps below to disable the option for Offline mode in the New Outlook settings.

Note
Please be aware that there are scenarios where disabling Offline mode in the OWA mailbox policy does not work. For example, when your organization has users who primarily log in to the New Outlook with email accounts that are associated with a different OWA mailbox policy — for instance, one from another organization.

Prerequisites

  • Exchange Online admin permissions.
  • PowerShell is installed on your machine.
  • ExchangeOnlineManagement module is installed in PowerShell on your machine.

Procedure

  1. Open PowerShell.
  2. Run the following command to connect to Exchange Online:
    Connect-ExchangeOnline
    A pop-up appears, prompting you to enter your admin credentials.
  3. Run the following command to list all existing OWA mailbox policies:
    Get-OwaMailboxPolicy | Format-Table Name, Identity
  4. Run the following command to disable Offline Mode for the OWA mailbox policy:
    Set-OwaMailboxPolicy -Identity "<policy_name>" -OfflineEnabledWin $false
    Replace <policy_name> with the name of the OWA mailbox policy you want to modify. If you want to disable Offline Mode for all policies, you have to run this command for each policy listed in the previous step.
  5. Run the following command to verify that Offline Mode is disabled:
    Get-OwaMailboxPolicy -Identity "<policy_name>" | Format-Table Name, OfflineEnabledWin
    Replace <policy_name> with the name of the OWA mailbox policy you want to verify. The output should show OfflineEnabledWin as False. Example output:
    Name                                         OfflineEnabledWin
----                                            ---------------------
OwaMailboxPolicy-Default    False
  6. Run the following command to disconnect from Exchange Online:
    Disconnect-ExchangeOnline
  7. Verify that users can no longer enable Offline Mode in the new Outlook by going to Settings > General. The option to enable Offline Mode should no longer be available.

Verify the installation was successful

OWA    New Outlook

Tip
It may take up to 24 hours for the above changes to be implemented in Exchange Online. If you can’t verify the installation within 24 hours after installation, please try again the next day.
  1. Click New to create a new message.
  2. Set up a message with a recipient, subject, and body as usual.
  3. Click the Zivver icon.
    If the Zivver icon is not visible, click the three dots in the Outlook toolbar at the top of your screen and click the Zivver link in the menu.
    The Zivver side panel opens on the right side.
  4. Log in to Zivver if you’re not logged in automatically.
  5. Turn on Secure mail.
  6. Click Recipient verification.
    A new screen listing all recipients opens.
  7. Complete the recipient verification where necessary.
    Learn more about Recipient verification
  8. Click Apply.
  9. Click Send to send the message.
    A Zivver pop-up may appear to check the email and attachments for sensitive information.
  10. Verify in the recipients’ inbox that a Zivver message has been received and no unencrypted, regular email has been received.
    You have now verified the installation was successful.
Tip
Also, send an unencrypted, regular email to verify that the regular email flow works as intended.

Remove the Zivver OWA Add-in from Microsoft 365 admin center

OWA    New Outlook

Info
Please be aware that the removal process for the OWA add-in may take up to 72 hours to complete.

If you want to remove the Zivver add-in, follow these steps to uninstall it from the Microsoft 365 admin center:

  1. Log in to the Microsoft 365 admin center.
  2. Select Zivver.
    The Zivver Add-in screen appears in the right-side pane.
  3. Scroll down on the Zivver side pane and click Delete add-in at the bottom of the side pane.
  4. Confirm by clicking Delete.
    The Zivver OWA add-in has now been removed.

Remove the Zivver Exchange rule

OWA    New Outlook

To remove the Zivver Exchange rule, follow these steps in the Exchange admin center:

  1. Log in to the Exchange admin center.
  2. Click Mail flow in the left-side pane.
  3. Select the Rules tab.
  4. Select the mail flow rule zivver-action: discard.
  5. Delete the rule by clicking the delete icon.
Tip

If you used Assisted Mail Submission, you might not have created the zivver-action:discard rule.

If you are no longer using any other Zivver plugins or solutions, you can safely remove the Zivver Exchange rule (typically named “Zivver Relay” or “Zivver: Assisted Mail Submission”) that routes emails to the Zivver send connector.

Additionally, if the Zivver send connector is not used by any other Zivver solutions in your environment, it can also be removed.

Updated on 2025-07-08