Exchange Online mailboxes support SendAs, Send on Behalf Of, and FullAccess permissions. A previous script focused on the FullAccess permission. This version covers all three. It’s also a good example of how you need to pay attention to property sets when writing PowerShell code to use the new Exchange Online REST-based cmdlets.
In addition to mailbox permissions, Exchange Online supports folder-level delegated permissions. Users can create folder delegations through Outlook desktop. Like mailbox permissions, it’s a good idea for tenants to check folder-level delegations to ensure that people don’t keep permissions for longer than they should. We explain how to create a PowerShell script to generate such a report.
Exchange Online makes it easy to assign delegated permissions for user and shared mailboxes. But permissions assigned to people might not be still necessary, so it’s good to do a periodic check. In this post, we describe a script to scan for permissions on Exchange Online user and shared mailboxes and highlight non-standard permissions in a report generated as a CSV file.
Exchange Online enables mailbox auditing by default, which should mean that audit events get to the Office 365 audit log for all E3 and E5 mailboxes. Well, that’s what you might thing but that’s not what happens. Mailbox events for E5 mailboxes arrive just fine, but you must reenable E3 mailboxes for auditing before their events flow. It’s a bizarre situation.
Microsoft has released information about high-value Office 365 audit events and audit event retention policies. Both are part of a Microsoft 365 Advanced Audit offering. The MailItemsAccessed event is the first high-value audit event (we can expect more) and the retention policies are used to purge unneeded events from the Office 365 audit log.
Some doubt that Exchange Online will disable basic authentication for five email connection protocols in October 2020. The refrain is that it will be too hard for customers. Well, it might be hard to prepare to eliminate basic authentication, but if you don’t, your Office 365 tenant will be increasingly threatened by attacks that exploit known weaknesses.
Microsoft has revealed that Outlook for iOS is getting a new rich text editor to brighten and embellish email messages. The new editor is in build 4.27.0, but there’s no news if Outlook for Android will get the same editor.
You can now add your personal Outlook.com or Gmail calendars to your work OWA calendar. The integration allows for only one personal calendar, and OWA synchronizes events from the personal calendar to make sure that people don’t schedule work events when you have personal commitments. TeamSnap calendars are also supported (real-only), but this feature is likely to not be used outside the U.S.
Microsoft plans to disable basic authentication for five Exchange Online connection protocols on October 13, 2020. They’ve been clear on this point for several months and are now moving to deliver tools and provide guidance about what people should do about clients that use basic auth connections with Exchange Web Services, Exchange ActiveSync, IMAP4, POP3, and Remote PowerShell. Work is needed to make sure that clients are prepared for the switchover to modern authentication.
A new version of the Exchange Online management PowerShell module is available. The update includes a number of bug fixes (including some security upgrades) and new features. You should upgrade to the new version as soon as possible and keep an eye out for more changes in the future.