New Invoice Payment Phishing Attack

A new phishing attack is circulating from an Office 365 tenant. The attack attempts to lure recipients into clicking a link to download a document. The phishing email is not quite as crude as other attempts and might lure users into doing the wrong thing, especially as the message is delivered to inboxes.

Exchange Online Block for BCC Messages Sent to Distribution Lists

You can configure Exchange Online distribution lists so that they reject messages sent to them as BCC recipients. I’m not sure how much use this feature will get, but it’s nice to have it anyway. PowerShell is the only management tool to configure distribution lists for the new block until Microsoft gets around to updating the Exchange Admin Center.

Exchange Online Clamps Down on High-Volume Mailboxes

From April 2021, Exchange Online will apply hard limits for the number of messages a mailbox can receive per hour. The limit remains the same (3,600), but now Exchange will block the mailbox receiving any more email for an hour. The new version of the Exchange Admin Center (EAC) promises to highlight problem mailboxes so that admins can ask owners why their mailboxes receive so much email.

How to Create Exchange Dynamic Distribution List with Custom Recipient Filters

Exchange dynamic distribution lists allow messages to be sent to sets of recipients determined by a query against the directory. A custom filter is a powerful way to find the right set of recipients. In this case, we want to find mailboxes with certain job titles whose Azure AD accounts are not blocked for sign-in. Here’s how to create the filter, make sure it works, and create the DDL.

The Power of Exchange Online Dynamic Distribution Lists

Exchange Online Dynamic Distribution Lists are a powerful way to address changeable groups of recipients. The query against the directory is the big thing to get right, but you’ve also got to make sure that the directory data is accurate and reliable. Once you’ve got a good directory, it’s easy to create dynamic distribution lists which are easy to use and never go out of date.

Revocation of Email Protected by Office 365 Message Encryption

Office 365 Message Encryption (OME) allows OWA users to revoke some messages after they are delivered to recipients. But if the message goes to Office 365 or Outlook.com, you can’t revoke it. And there’s the slight matter of needing an Office 365 E5 license too. Even so, it’s still nice to be able to revoke messages if they go to the wrong place.

How to Use Exchange Dynamic Distribution Lists to Address Specific Mailboxes

Exchange Online supports dynamic distribution lists, a great way to address sets of recipients found by resolving a filter against the directory. In this example, we explore how to create a dynamic distribution list to address mailboxes marked as preferring a specific beverage. It might even be useful some day!

New Outlook API Makes Email Signature Management Easier

At the Ignite 2020 virtual conference, Microsoft ISV Code Two Software demonstrated a new Outlook API to make email signature management easier across all Outlook clients. The Signature API supports web add-ins that work on all Outlook platforms to allow users to select which corporate email signature to apply before sending messages. The new API should be available at the end of 2020 and we can expect updates from multiple ISVs in the email signature management space to exploit the new capability.

Blocking Email Forwarding from Power Automate

Power Automate (Flow) can forward email from Exchange Online mailboxes to external recipients. This isn’t a great idea if you want email kept within the control of your data governance framework. Power Automate now inserts x-headers in the email it sends, which allows the use of transport (mail flow) rules to detect and reject these messages if required.

Backing Up Exchange Online Mailboxes to PSTs Continues to be an Awful Idea

Characterizing backup of Exchange Online mailboxes to PSTs as brain-dead might have been harsh, but it’s an accurate assessment of the worth of this idea. Plenty of cloud-based backup offerings exist that can process Exchange Online data more securely and at scale. If you want to backup Office 365, stay away from PSTs and use a different product, after asking some questions to ensure that the backups deliver the value you expect.

Exchange Online Protection Restricts Tenants from Sending Unprovisioned Email

Exchange Online Protection monitors outbound email to pick up signs of potential compromise in Office 365 tenants. This can lead to EOP restricting a tenant’s ability to send outbound email and force the administrators to check for compromised accounts or connectors and other problems before contacting Microsoft Support to ask them to lift the restriction.

When Exchange Online Protection Blocks Email Senders

Exchange Online Protection monitors email traffic in and out of Office 365 tenants. When a mailbox exceeds limits, it might end up being restricted, such as in the case when the mailbox might be compromised. We tried to find out when Exchange Online Protection restricted mailboxes and what to do afterwards. Here’s what we discovered.

Microsoft Pushes Removal of Basic Authentication from Exchange Online to Mid-2021

Covid-19 dealt a blow to Microsoft’s plans to remove basic authentication from 5 connection protocols for Exchange Online and forced them to postpone the removal from October 13, 2020 to sometime in the second quarter of 2021. The news is disappointing because basic authentication is a weakness exploited by many hackers. But you can’t plan for a pandemic and Office 365 tenants need more time to be ready for the deprecation.

Outlook Mobile Delegate Access for Exchange Online Mailboxes

Outlook Mobile now supports delegate access to Exchange Online mailboxes. By granting fuil access to a delegate, they can open and work with a mailbox, and send messages using the SendAS or SendOnBehalfOf permissions. The new feature underscores the advantage Outlook mobile enjoys over other mobile Office 365 email clients.

How to Add a Disclaimer to Calendar Meeting Requests for Outlook and Teams

Exchange transport rules are a powerful way to apply different conditions to messages as they pass through the transport service. In this case, we add a disclaimer to calendar meeting requests with a pretty simple rule that works on the basis that it detects a special x-header in meeting requests and applies the disclaimer when the x-header exists.

New OWA Files View Makes Attachments More Accessible

OWA now includes Files in its “module switcher”). The new module allows fast access to attachments stored in any folder in an Exchange Online mailbox. It’s a neat feature that will please many people simply because it makes finding often-elusive attachments just that bit easier.

New OWA Becomes Default for Mobile Browsers

Not many Office 365 users choose OWA as their mobile client, but those who do will soon be forced to use the new OWA because Microsoft is removing the toggle to allow people to switch between the old and new versions in February, just like they did for workstation versions last July. The new OWA is a fine client, but its usefulness on mobile browsers is not as good as the functionality offered in Mobile Outlook, which continues to be our choice as the best mobile Office 365 email client.

Phishing Attempt to Grab Office 365 User Credentials

Office 365 users might receive a phishing attempt to say that they’ve just been paid by a UK healthcare group. The message shows some obvious signs to tell the recipient that it only contains trouble, but these signs are easier for humans to pick up than they are for machine learning. The combination of good message hygiene and user education should be enough to deflect phishing attacks.

Setting Custom Recipient Limits for Exchange Online Mailboxes

Exchange Online now supports a custom recipient limit for mailboxes of between 1 and 1000. The limit controls the maximum number of recipients a mailbox can add to a message. Think of the fun you could have by setting the recipient limit on manager mailboxes to something small, like 6….

Office 365 Message Encryption (OME) Making Protected Email Better

Microsoft is releasing some updates to Office 365 Message Encryption (OME) in January. The detail in the announcement wasn’t great, so we plunged in to find out what’s happening. THe bottom line is that OME will use tenant domains to send email so that anti-spam filters will consider the messages to be authentic.

Blocking Outbound Messages Stamped with an Office 365 Sensitivity Label

Exchange Online transport rules can block outbound email stamped with selected Office 365 Sensitivity Labels to make sure that confidential material doesn’t leave organizations. The transport rule is very easy to construct with the only complication being the need to discover the GUID of the sensitivity label you want to block. Fortunately, PowerShell gives us an easy way to find a label’s GUID.

Outlook for iOS Can Finally Snooze, But Some Interesting Features Remain Unavailable Outside the U.S.

Outlook for iOS finally supports the Do Not Disturb feature to suppress notifications for new email, something that Outlook for Android has been able to do for 18 months. iOS and Android are obviously different ecosystems, so the delay might have been caused by problems dealing with the Apple notification service. In any case, you can now snooze some or all of your email accounts. In other news, some of the more interesting features available to U.S. email accounts are still not available outside the reach of Cortana.

Using the Immersive Reader in Teams and OWA

The Microsoft Immersive Reader exists to make messages more readable for those who need a little help. It’s built into Office apps like Teams and OWA. Most people don’t know this or don’t need to use the reader, but those who do need support to access and understand text will find the Immersive Reader very helpful.

Will Microsoft Teams Take Over from Email?

In a session recorded at Microsoft Ignite 2019, Tony Redmond discusses the question of will Microsoft Teams take over from email. The session covers the strengths and weaknesses of both technologies and makes recommendations for how organizations can take full advantage of Teams and email.

Microsoft Clamps Down on Auto-Expanding Archive Mailboxes

In a surprise development, Microsoft reversed course for Exchange Online auto-expanding archives and imposed a 1TB limit. The promise of a bottomless archive that continually expanded to cope with user data is removed. Although it’s reasonable for Microsoft to restrict the consumption of resources, suddenly implementing a limit is not, especially when you don’t communicate with customers.

Exchange Online Protection Improves Zero-Hour Auto Purge (ZAP)

The fight against spam and malware goes on unabated. ZAP, or zero-hour auto purge, is an Exchange Online Protection (EOP) feature that’s getting some extra features to deal better with spam and phish malware. New policy controls are available to control the feature.

OWA Embraces Office 365 Sensitivity Labels

OWA now supports Office 365 Sensitivity Labels, which means that users can apply labels to mark and/or protect messages with encryption just like they can with Outlook. The update adds to the ways that sensitivity labels can be applied to Office 365 content, with the next step being to achieve the same support for the other online Office apps.

Office 365 Groups, Send As, and the Missing NDRs

You can configure Send As and Send on Behalf of permissions to allow Exchange Online users to send messages for an Office 365 Group. All is well if the messages arrive, but if they don’t, the NDRs might not get to where you think they should go, such as a folder in the Recoverable Items structure. That’s OK if the sender was told that a problem exists with a message, but they don’t know anything happened.

Outlook’s Hybrid Mode Helps in Flaky Network Conditions

Outlook logo

Outlook 2013 introduced the concept of hybrid mode (sometimes called Exchange Fast Access) to allow clients configured in cached Exchange mode to fetch data direct from the server when possible. The mode works well, except when you’re connected on a poor network as the attempts to fetch data from the server might cause Outlook to hang. A registry setting gives a way to force Outlook to operate in classic cached mode and use the OST exclusively when it needs data.

How to Set Auto-Replies for Shared Mailboxes with PowerShell

A question about how best to set auto-replies for Exchange Online shared mailboxes to respond to messages arriving during a public holiday gives another chance for PowerShell to show how useful it is. You could do the work with Flow, but PowerShell is more flexible and capable when dealing with multiple shared mailboxes.

Focused Inbox Has Problem Delivering to the Right Place

Following a configuration change, the Exchange Online Focused Inbox ran into a problem on July 24 and delivered all messages to the “Other” view. This caused problems for users who didn’t receive notifications of new mail. Software can have bugs, but configuration changes should be tested before getting to production.

Reporting Spam to Make Exchange Online Protection Better

No one likes getting spam. Although EOP generally does a good job, Office 365 users can help themselves and help others by reporting spam that gets through to their mailboxes using Outlook’s Report Message add-in. And if they’d like someone else to report bad mesages, admins can do so through the Security and Compliance Center.

New OWA Becomes The OWA on July 22

Microsoft has announced that the switchover to the new OWA interface will start on July 22 when Office 365 tenants in targeted release will lose the chance to toggle back and forth between the two interfaces. By the end of September, everyone will use the new OWA. Let’s hope that Microsoft has fixed all the functionality gaps by then.

How to Add Shared Mailboxes to Outlook Mobile

Microsoft has announced that it will deploy the ability to add shared mailboxes to Outlook Mobile by the end of July. But if you want to see the feature early, you can join the Testflight program and install the beta version of Outlook mobile. Using Outlook for iOS with Testflight also forces the upgrade of your Office 365 tenant to the Microsoft Sync Technology.

Shared Mailbox Support Soon for Outlook Mobile

Microsoft has announced that Outlook Mobile (iOS and Android) will include support for Exchange Online shared mailboxes “in the next several weeks,” which probably means early July 2019. The update comes as good news for many people who have been forced to use an IMAP4-based workaround to access shared mailboxes. Microsoft is also making some other changes to improve the Files view and calendar sync in Outlook mobile.

Outlook Increases 500 Shared Folder Limit to 5000

Microsoft has implemented a new synchronization mechanism in Outlook ProPlus to deal more efficiently with shared folders. The new approach increases the limit from 500 to 5,000 folders and is a more elegant and precise solution. Users who manage other peoples’ mailboxes will appreciate the change after they install build 11629.20196 or later.