Read time 4 minutes

Summary: Microsoft Outlook Web Apps (OWA) is a web-based version of MS Outlook used to access Office 365 emails. Users can add shared mailboxes and Exchange Online accounts. Sometimes, login issues related to the “set_pback” cookie arise. To resolve this, enabling cookies manually in different browsers is explained. Additional tips for account protection are provided, including strong passwords, CAPTCHA, multi-factor login, and geo-blocking. To manage Office 365 effectively and overcome login challenges, Kernel Export Office 365 to PST software is recommended for comprehensive mailbox backup and data retention.

Microsoft Outlook Web Apps is the web-based counterpart of MS Outlook, granting users access to Office 365 from different devices. This online platform is accessible via web browsers, using the same credentials as their Office 365 (now Microsoft 365) accounts. Notably, it allows users to effortlessly add Office 365 shared mailboxes while maintaining unified credentials.

Furthermore, establishing your Exchange Online account in Outlook Web Access (OWA) is crucial for business continuity. To prevent potential data loss, it’s advisable to export Office 365 mailboxes to PST. Occasionally, users encounter a login issue with the “set_pback” cookie, an authentication warning in OWA that can impede account access.

The “PBack” session cookie should be automatically generated by OWA upon a successful login. Its absence can lead to login failures. Therefore, it’s advisable to enable cookies manually in your web browser before attempting to log in to your OWA account.
Here is how you can enable cookies manually in different web browsers:

In Mozilla Firefox

  1. In Mozilla Firefox, click three horizontal lines to open the menu and then choose Options.
  2. Go to the Privacy tab; inside the History tab, choose ‘Use custom settings for history.’
  3. Click the checkbox to select ‘Accept cookies from sites.’ Also, change the ‘Accept third-party cookies’ option to Always.
  4. Click OK.
In Windows Edge
  1. In Windows Edge, click three dots (More), click Settings, and View Advanced Settings.
  2. Go to cookies and choose the option Don’t block cookies.
In Google Chrome
  1. In Google Chrome menu, click Settings>>Show advanced settings. Go to the Privacy tab and go to Content Settings.
  2. There is a cookies option in Content Settings; choose ‘Allow local data to be set (recommended).’
  3. Click Done.
In Mac Safari
  1. On your Mac computer, open Safari, then choose Preferences>>Privacy.
  2. Allow the option to ‘Cookies and website data.’ Click Close and restart the browser.
In Internet Explorer
  1. In Internet Explorer, click Tools, then choose Internet Options>>Privacy>>Advanced.
  2. Choose Accept under First-party cookies and click Access under third-party cookies.
  3. Choose OK.
Additional Tips

If you’ve already enabled cookies in your web browser and are still unable to log in to Office 365, it’s possible that a more significant authentication issue exists within the Exchange Online server. In such cases, consider the following steps:

Check the authentication settings in IIS Server

Open Internet Service Manager and right-click on the OWA website. Choose its Properties.

  1. Go to the Directory Security tab under Outlook Web App main site’s property wizard.
  2. Click Edit to ‘Anonymous Access and Authentication Control’ option.
  3. In the authentication method dialog box, check if Anonymous Access is not checked.
  4. In the authentication access section, verify that the Basic Authentication option is selected.
  5. Click the Edit button and make sure that the Connect authentication domain is selected.

Click OK, then close all the opened wizards. Then, log in to OWA with the help of saved settings.
There are some useful methods to protect your Exchange Online account from unauthorized access or DOS attacks that you should always use.

  1. Use strong passwords to protect your accounts. The Exchange Administrator can set the terms and conditions to secure the password. Some strong tactics are account lockout after 5 wrong attempts, triggering a wait time to log in after 30 minutes and reset account lock after 60 minutes.
  2. You can enable CAPTCHA to strengthen the login process. The user will need to fill the CAPTCHA after providing the login details.
  3. Use the multi-factor login methods. It requires a mobile phone number and an additional step before entering the account. After providing the login details, the user will get an SMS or a call with a password. After inputting the password, the account will allow to log in.
  4. Block the user using geo-blocking based on their locations. Often, the attacks happen from various countries, and hackers use VPN to mask their identity. If you know your user base and their location, then you can use the geo-blocking feature to block users from other countries.


While the cookie issue in OWA is noteworthy, there are more substantial challenges to consider. Safeguard your account by implementing the aforementioned security and authentication measures. For improved Office 365 management, rely on Kernel Export Office 365 to PST software. It ensures mailbox accessibility even when login is problematic. Unlike free methods to Office 365 Backup that store limited data, Kernel Export Office 365 to PST comprehensively covers primary, shared, and public folders.