Using the Outlook Booking with Me Feature

Outlook’s new Booking with Me feature is rolling out worldwide. Any user with an Exchange Online license can create a personal bookings page to allow other internal and external people to book meetings with them. It’s a nice idea and a good example of how Microsoft can use its software toolkit to create new solutions.

How Microsoft Bookings Uses Scheduling Mailboxes

The Microsoft Bookings app is available to many Office 365 users. The app is designed to host a shared calendar for a group of people. The calendars are in special scheduling mailboxes that are created by the Microsoft 365 substrate. Appointments in the calendar can be scheduled by people through a bookings page, which can be on the internet or confined within an organization. It’s a neat way to run an online business – if only Bookings could take in some money for all that scheduled work.

Why Microsoft’s Slowness in Delivering Outlook Roaming Signatures Affects OWA

Microsoft promises they will deliver the long-awaiting Outlook roaming signatures feature in October 2022. There are signs of progress in Outlook beta builds, but the development of the feature has caused some disruption for Microsoft 365 tenants because it broke the cmdlet that updates HTML signatures for OWA. Oh well, it will all be OK in October. At least, that’s the plan.

Connecting IMAP4 Clients to Exchange Online with OAuth 2.0

The imminent deprecation of basic authentication for 7 Exchange Online connectivity protocols mean that client updates need to be considered. If you use IMAP4, the Thunderbird client does a good job, but will other clients be able to cope? It’s a good question to ask.

Loop Components Appear in OWA

Loop components are now supported in OWA. The implementation is reasonably close to that of Teams chat, but has some essential differences due to the nature of email. The current state of Loop components mean that they are highly suited for internal communication but not for collaboration outside an organization.

Microsoft Launches IMAP4 and POP3 Application Access to Exchange Online Mailboxes

Microsoft has launched application access to Exchange Online via IMAP4 and POP3 using modern authentication. The approach Microsoft takes is reasonable and pragmatic and should be simple enough for app developers to implement. However, with an eye on the future, maybe this isn’t the best strategic choice to make. Moving to the Graph APIs will take more work, but it’s a better long-term solution.

Microsoft Introduces Control Over Delegated Access to Encrypted Email

Microsoft is introducing new controls for delegate access to encrypted emails accessed via Outlook clients other than Outlook for Windows. The controls are implemented in three new PowerShell cmdlets which can block, validate, and allow delegate access to encrypted messages. It’s nice to see some coherence being introduced for almost all the Outlook clients, even if Outlook for Windows does its own thing.

Comparing Shared and Inactive Mailboxes

Exchange Online tenants have a choice between inactive mailboxes and shared mailboxes when the need arises to keep “leaver” data like that belonging to ex-employees. Inactive mailboxes are essentially a compliance tool and sometimes shared mailboxes are better choices. We explore both in this short article.

Microsoft Reveals Audit Gap for Delegate Send Actions

On May 19, Microsoft disclosed that a problem had stopped audit events being generated when people used the Exchange SendAs and SendOnBehalfOf permissions to send email for other mailboxes. Microsoft says that the problem is now fixed, but as it turns out, some issues still exist with capturing audit records for SendAs events.

Using the Graph API to Generate Mailbox Folder Statistics

A reader asked if it’s possible to use PowerShell to return the unread count for the Inbox folder in user mailboxes. The standard Exchange Online PowerShell cmdlets tell you a lot about mailbox folder statistics, but they can’t look inside a folder. But the Microsoft Graph APIs can, so a combination of PowerShell and the Graph deliver a solution to the problem.

Basic Authentication Deprecation Can Stop Exchange Online Scripts Working

The upcoming removal of support for basic authentication in seven Exchange Online connectivity protocols could mean trouble for some Office 365 tenants if they don’t take care to ensure that modern authentication is used for PowerShell connections. The old-style Remote PowerShell connection must be replaced with the Connect-ExchangeOnline cmdlet from the Exchange Online management module (aka the V2 module). Apart from anything else, this should improve the performance and robustness of scripts, especially after Microsoft finishes the work to remove the WinRM dependency for older cmdlets.

Why PowerShell Scripts Might Need Updates After Microsoft Changes the Name Property for New Mailboxes

The Exchange Online name change for mailboxes will roll out at the end of May, 2022. The change only applies to new mailboxes, but its introduction creates some interesting challenges for PowerShell scripts that process mail-enabled objects, including some good side-effects. In this post, we discuss some of the issues we’ve already encountered.

Project Monarch “One Outlook” Build Leaks

A leaked build of Project Monarch’s “One Outlook” client created some excitement last week, but when you examine the details of the client and what it can do, it’s really just a prettier version of OWA for Exchange Online. That doesn’t mean that Microsoft hasn’t done a bunch of software engineering to prepare the ground to accelerate progress toward the final client. Microsoft has also provided a way to block people using the client, with promise of an official beta soon.

Countdown Accelerating to the Big Basic Authentication Turnoff

October 1, 2022, is when Microsoft begins the final process of removing support for basic authentication for 7 email connection protocols from Exchange Online. The process will take several months to complete, and when it’s done, Office 365 will be a safer place that attackers will find more difficult to penetrate. But it’s time for tenants to prepare, if you haven’t already done so, and we highlight some critical points from Microsoft’s most recent post on this topic.

Outlook’s Dislike for Moderated Distribution Lists

I’m not sure people use moderated distribution lists with Exchange Online all that much, but those who do might be frustrated by a client inconsistency between OWA and Outlook. OWA can expand the membership of a moderated distribution list; Outlook for Windows cannot. It’s a small point. Maybe Project Monarch will help…

Exchange Online Plans Changes to Make Mailbox Identification More Effective

Exchange Online plans to change the format of the Name and Distinguished Name mailbox properties. The idea is to make these properties unique and improve synchronization with Azure AD. It all sounds like a good idea, but these properties have been around in Exchange for a long time, and any change will surface in unexpected places – like the output of many Exchange cmdlets. Which is why Microsoft has paused the plan for further reflection.

All About the Get-MailTrafficSummaryReport Cmdlet

The Get-MailTrafficSummaryReport cmdlet gets a lot of praise in some quarters. I am not so impressed. The Exchange Online cmdlet is useful, but it’s now showing its age in a world when better data to create a view of user activity is available elsewhere, notably in the Microsoft Graph. This doesn’t mean that the cmdlet doesn’t do a good job; it’s just that it hasn’t received much love from Microsoft since 2015.

Use Message Tracing to Report Exchange Online Email Sent to External Recipients

A management request came in to report email sent by some users to external recipients. Although you might not agree that this is the right thing for any organization to do, it’s very possible by exploiting the message trace information retained by Exchange Online for 90 days. As a bonus, we email the report generated from message tracing data to the requesting manager. Isn’t PowerShell just wonderful?

How to Find Unused Exchange Online Mailboxes

Finding and removing unused Exchange Online mailboxes used to be a good way to keep Office 365 licenses costs under control. Given the widespread use of Exchange Online as part of bundles like Office 365 and the effect of Teams on email for internal communication, looking for unused mailboxes might not be so important now. In any case, the techniques of looking for evidence of mailbox under-use are interesting and useful for tenant administrators to understand, which is why we have this article!

Microsoft Gives Tenants Opt-Out for Exchange Online Plus Addressing

Microsoft intends to make the Exchange Online plus addressing feature available by default to all Microsoft 365 tenants after April 17, 2022. If you don’t want this to happen, you need to update the Exchange Online organization configuration to update the DisablePlusAddressInRecipients setting to True. After the opt-out 30-day period finishes, Microsoft will proceed with the deployment, so don’t say you weren’t warned!

Why It’s Difficult to Transfer Membership Rules from Exchange Online to Azure AD

It seems like it should be possible to transfer a membership rule from an Exchange dynamic distribution list to a dynamic Microsoft 365 group/team, but it’s not. Different directories, schemas, properties. and syntax conspire to stop easy conversion. It’s a pity, but that’s the way life and technology sometimes go…

Converting Dynamic Distribution Lists to Microsoft 365 Groups and Teams

This article explains how to create a new Microsoft 365 group and team using the membership and properties of an Exchange Online dynamic distribution list. The process is reasonably straightforward, but as always with PowerShell, there are some interesting turns and twists that must be navigated en route.

Remote Connectivity Analyzer Diagnoses Teams Connections to Exchange Hybrid

Microsoft’s Remote Connectivity Analyzer (MRCA) utility is now able to run diagnostics to check connectivity between Teams and an Exchange hybrid organization. MRCA was in the doldrums for several years because no one inside Microsoft had any interest in providing funding for its development and support. Now the utility is roaring back with a set of new tests covering different aspects of Microsoft 365. Recommended!

Microsoft Delays Outlook Roaming Signatures Until October 2022

Outlook logo

Microsoft’s latest update for the roadmap item for Outlook roaming signatures puts general availability in July 2022, some two years after the original announcement. It’s a strange delay, even by the standards of the Outlook desktop development cycle. ISVs who make signature management software have used the delay to good effect to improve their products, so it remains to be seen what effect Outlook roaming signatures will have on that market.

Microsoft 365 Data Loss Prevention and Encrypted Message Type Exceptions

Microsoft 365 Data Loss Prevention (DLP) policies have wide-ranging capabilities when it comes to rules and exceptions. One exception covers the various types of encrypted email that can pass through the Exchange Online transport pipeline. As it happens, three message types are supported, but who could have guessed that permission controlled means rights management?

Keeping Confidential Outlook Email Private

Outlook logo

Delegates often process Outlook email for others. It’s a feature that works well. That is, until protected email arrives. Delegates shouldn’t be able to read protected email in other peoples’ mailboxes. But some versions of Outlook allow this to happen. If you want to be sure that delegates can’t access protected email, maybe you should consider using a dual-mailbox approach.

How Microsoft Teams Displays Local Time in Profile Cards

A new Microsoft Teams feature means that local time zone information appears on user profile cards. While it seem simple, the feature is very useful when arranging meetings because you know up-front about the working hours of your colleagues. It’s a detail that makes sense!

Why Exchange Online Mailboxes have SharePoint Online Proxy Addresses

A post by the Exchange development group tried to explain why mailboxes have SharePoint Online proxy addresses. It’s all down to the Microsoft 365 substrate, which needs the proxy addresses to ingest digital twins from SharePoint Online into Exchange Online for use by shared services like Microsoft Search. The upshot is that you can’t remove a mailbox permanently without some background processes kicking in to make sure that SharePoint is taken care of.

The Strange Case of Outlook Desktop and Actionable Messages

Outlook desktop couldn’t display actionable messages generated by Teams and Yammer properly while OWA and Outlook mobile could. It’s a small issue in the context of Microsoft 365, but it irritated me. I fixed the problem but don’t know how except that the Actionable Messages Debugger for Outlook might have been involved. Another day in the life of a Microsoft 365 tenant administrator…

How to Protect Messages Sent to Dynamic Distribution Lists

Office 365 Message Encryption protection is not available for messages sent to dynamic distribution groups. It’s all to do with rights management licensing. However, if you need to protect messages sent to dynamic distribution groups, for instance to make sure that confidential messages are inaccessible to external recipients use a sensitivity label instead and assign the special tenant-wide permission to recipients.

How to Determine the Age of a Microsoft 365 Tenant

Finding the age of a Microsoft 365 tenant isn’t an important administrative operation. However, understanding how to retrieve this information (if asked) is an interesting question, which is why we spent several hours playing around with PowerShell and the Microsoft Graph to figure out how to answer the question. It’s the kind of in-depth analysis we do all the time to build content for the Office 365 for IT Pros eBook.

Planner Uses Exchange Online for Microsoft 365 eDiscovery and Compliance

Planner now creates digital twins (copies) of tasks in user mailboxes in Exchange Online to make data available for eDiscovery and compliance. Storing items in the Microsoft 365 substrate is the same approach to making data available for search and compliance as taken by Teams and Yammer.

Latest AAD Connect Removes On-Premises Disabled User Accounts from Azure AD

Microsoft pushed out version 2.0.88.0 of the AAD Connect synchronization utility earlier this month. Unfortunately, the new software removes disabled on-premises user accounts from Azure AD, which means that on-premises shared mailboxes disappear for cloud users. Microsoft has released version 2.0.89.0 but maybe it’s better to go back to a version that you know works. At least until after the holidays.

Microsoft 365 DLP Switches from Envelope to Header for Sender Evaluations

To make Microsoft 365 DLP policies work like Exchange transport-rule based DLP, a January change will switch evaluation of sender conditions away from envelope information to message headers. Although this change might seem to be something beloved of email geeks, it’s actually an important update for organizations who want to move away from ETR-based DLP to Microsoft 365 DLP policies.

How to Enable Users to Receive Copies of Email They Send to Microsoft 365 Groups

It might seem like a small thing, but some users are upset when they don’t receive copies of their messages sent to Outlook Groups in their Inbox. A new setting allows users and administrators to control if they receive copies of messages from groups, but only when the user is a subscriber to groups (Follow in Inbox is turned on). In this article, we explore how to set the EchoGroupMessageBackToSubscribedSender control via OWA options and PowerShell, and how to sign up to be a group subscriber by yourself or with a little help from an Exchange administrator.

Microsoft Upgrades Exchange Online Dynamic Distribution Lists

Microsoft is changing the way the Exchange Online transport service resolves the membership of dynamic distribution groups. Instead of doing this when someone sends a message to a dynamic group, Exchange resolves the membership once daily and whenever the recipient filter changes. It’s a reasonable approach designed to make messages move faster and more reliably, and it’s similar to the way that Azure AD dynamic groups maintain their memberships, so it shouldn’t make much difference.

Microsoft Flags Need to Upgrade PowerShell Scripts to Use TLS 1.2

Microsoft is removing TLS 1.0 and 1.1 from Microsoft 365. This has been well flagged, but tenants might not understand the impact on PowerShell scripts which send email using the Send-MailMessage cmdlet and SMTP AUTH. In a nutshell, unless you force PowerShell to use TLS 1.2, attempts to send messages via Exchange Online will fail. It’s time to check those scripts and ,consider how to move away from SMTP AUTH and Send-MailMessage.

Synchronizing Sensitivity Labels to Update SharePoint Online Sites

The SharePoint Online admin center displays an insight card for the number of unlabeled sites in the tenant. For some reason, many of the labels assigned to Microsoft 365 Groups and Teams had not reached SharePoint. Some PowerShell does the job to fetch the sensitivity label information from Exchange Online and update sites with the missing label information.

Some Microsoft 365 Features Highlighted at Fall Ignite 2021 You Can Use Now

To help you recover from the blizzard of Microsoft 365 information released at Fall Ignite 2021, here are some notes about features and functionality you might have missed. Like any list created by a conference (virtual) attendee, it reflects my interests and what I was looking for. Feel free to disagree on the importance of any or all of the topics discussed here… and suggest some of your own in the comments.