The first thing you’re going to want to do is create two users in active directory.
OWAEnabled and OWADisabled
You then need to mail enabled these two groups.
enable-DistributionGroup -Identity ‘domain.internal/OU/OWAEnabled’ -Alias ‘OWAEnabled’
enable-DistributionGroup -Identity ‘domain.internal/OU/OWADisabled’ -Alias ‘OWADisabled’
I would also hide them from the address list
Set-Distributiongroup ‘OWAEnabled’ -HiddenFromAddressListsEnabled $true
Set-Distributiongroup ‘OWADisabled’ -HiddenFromAddressListsEnabled $true
From there add the users to their respective groups based on if you want their owa enabled or not.
Finally once you have that all setup run the following powershell commands
Get-DistributionGroupMember “OWADisabled” | Set-CasMailbox -OWAEnabled $False
Get-DistributionGroupMember “OWAEnabled” | Set-CasMailbox -OWAEnabled $True