Signs of a Phishing Attempt Based on Office VoIP Voicemail Notifications

A crude phishing attempt based on voicemail notifications from a VoIP service arrived in mailboxes. It’s easy for experienced users to pick up signs to stay away, but the unwary can be trapped. Report samples of phishing attempts to Microsoft to make Exchange Online Protection better and keep on educating users.

Revocation of Email Protected by Office 365 Message Encryption

Office 365 Message Encryption (OME) allows OWA users to revoke some messages after they are delivered to recipients. But if the message goes to Office 365 or, you can’t revoke it. And there’s the slight matter of needing an Office 365 E5 license too. Even so, it’s still nice to be able to revoke messages if they go to the wrong place.

Site Mailboxes Finally Retiring in April 2021

Site Mailboxes were the face of Microsoft collaboration at one time. But that’s long in the past and it’s time for these archaic mailboxes to be dispatched. Microsoft will retire them from Office 365 in April 2021, probably two years after they passed their best-by date. I tried to clean up my tenant and failed utterly, so I’m leaving the mess for Microsoft to sort out.

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

How to Control Default Creation of Online Meetings with OWA

OWA calendar settings include the option to make online meetings the default. You can control whether online meetings are the default at an organization and mailbox level. Outlook desktop relies on system registry settings to know if online meetings should be created. An add-in loaded is loaded automatically to insert the neceessary data to make a meeting online if necessary.

How to Use Exchange Dynamic Distribution Lists to Address Specific Mailboxes

Exchange Online supports dynamic distribution lists, a great way to address sets of recipients found by resolving a filter against the directory. In this example, we explore how to create a dynamic distribution list to address mailboxes marked as preferring a specific beverage. It might even be useful some day!

New Outlook API Makes Email Signature Management Easier

At the Ignite 2020 virtual conference, Microsoft ISV Code Two Software demonstrated a new Outlook API to make email signature management easier across all Outlook clients. The Signature API supports web add-ins that work on all Outlook platforms to allow users to select which corporate email signature to apply before sending messages. The new API should be available at the end of 2020 and we can expect updates from multiple ISVs in the email signature management space to exploit the new capability.

Microsoft Updates the Exchange Online Management Module (V2.0.3)

Version 2.0.3 of the Exchange Online Management PowerShell module is now available for download. The new release contains many useful enhancements including full support for certificate-based authentication, the ability to restrict cmdlets loaded into a session, and support for simultaneous connections to Exchange Online and the Security and Compliance Center.

Teams Improves its Fit and Finish

Some recent small changes in Teams will make users happy because the product’s fit and finish is improving. Speaker attribution for live captions makes conversations easier to follow and faster updates from Exchange mean that out of office notifications and change in presence states are picked up faster. These aren’t earthshattering changes, but they do make Teams more pleasant to use.

Blocking Email Forwarding from Power Automate

Power Automate (Flow) can forward email from Exchange Online mailboxes to external recipients. This isn’t a great idea if you want email kept within the control of your data governance framework. Power Automate now inserts x-headers in the email it sends, which allows the use of transport (mail flow) rules to detect and reject these messages if required.

The 1-2-3 of Exchange Online Certificate Based Authentication for PowerShell

Exchange Online PowerShell is a critical automation tool for many Office 365 tenants. In 2021, Microsoft will remove basic authentication for PowerShell, so it’s time to change over to modern authentication. For scripts that run as batch or background jobs, that means converting to certificate-based authentication. In this post, we explore how to get the self-signed cert to glue everything together.

Analyzing Quarantined Messages with PowerShell

Exchange Online Protection puts problem messages into quarantine if it suspects that they contain spam, malware, or a phishing attempt. Instead of using the Security and Compliance Center GUI to work with quarantined messages, you can analyze details of quarantined messages with PowerShell to create some basic statistics and find messages that should be released.

Reviewing Email Quarantined by Exchange Online Protection

Exchange Online Protection (EOP) quarantines suspicious messages to stop spam, malware, and phishing email arriving into Exchange Online inboxes. Administrators can review quarantined messages. Reviewing messages can find some problems, like messages that shouldn’t have been stopped. But reviews take time, and sometimes other stuff gets in the way, which means that quarantined messages expire without anyone ever asking the question “why.”

MailTips: Useful Guidance for Good User Email Habits

Exchange Online generates automatic MailTips to advise email creators that recipients are out of offce or the message is addressed to too many recipients. Custom MailTips for mailboxes, distribution lists, and other mail-enabled objects, including language-specific translations, give additional guidance to users as they create messages. Overall, MailTips are worth spending some time on to get right within an Office 365 tenant.

Microsoft 365 Admin Center Manages Default Authentication Policy for Exchange Online

The Microsoft 365 admin center includes the ability to manage settings for the default Exchange Online authentication policy. You might have other policies to allow selective access with basic authentication to some protocols; these policies must be managed with PowerShell. Authentication policies are part of the journey to eliminate basic authentication from Exchange Online, now expected to happen in mid-2021.

Microsoft’s Worldwide Push to Convince Office 365 users to Install Outlook Mobile

Microsoft plans to post notices in OWA to tell end users that their Office 365 licenses include Outlook Mobile. The hope is that more people will use Outlook Mobile instead of EAS or IMAP4-based clients like the default iOS mail client. Notices will appear in OWA and later Outlook desktop, but the good news is that you can disable these notices with a simple change to the tenant’s organization configuration for Exchange Online.

Backing Up Exchange Online Mailboxes to PSTs Continues to be an Awful Idea

Characterizing backup of Exchange Online mailboxes to PSTs as brain-dead might have been harsh, but it’s an accurate assessment of the worth of this idea. Plenty of cloud-based backup offerings exist that can process Exchange Online data more securely and at scale. If you want to backup Office 365, stay away from PSTs and use a different product, after asking some questions to ensure that the backups deliver the value you expect.

Exchange Online Protection Restricts Tenants from Sending Unprovisioned Email

Exchange Online Protection monitors outbound email to pick up signs of potential compromise in Office 365 tenants. This can lead to EOP restricting a tenant’s ability to send outbound email and force the administrators to check for compromised accounts or connectors and other problems before contacting Microsoft Support to ask them to lift the restriction.

When Exchange Online Protection Blocks Email Senders

Exchange Online Protection monitors email traffic in and out of Office 365 tenants. When a mailbox exceeds limits, it might end up being restricted, such as in the case when the mailbox might be compromised. We tried to find out when Exchange Online Protection restricted mailboxes and what to do afterwards. Here’s what we discovered.

Outlook Mobile can be Default Mail App for iOS14

Among the announcements made by Apple at their annual developers conference is the welcome news that iOS14 will allow you to replace the default mail app and browser. This is great news for people who use Outlook for iOS. And you might even consider Edge as a browser.

Microsoft Automates Easing of EWS Throttling for Migrations

Many migration projects use Exchange Web Services (EWS) to move data to Exchange Online. EWS is using throttled to preserve resources. Here’s how to lift the restrictions for up to 90 days, all without going near a support call.

Upgrading PowerShell Scripts that Use Exchange Online to Send Email

The combination of Exchange Online and PowerShell allows Office 365 admins to send messages for all manner of reasons. These scripts depend on SMTP AUTH connections and change is coming in this area with the deprecation of basic authentication. It’s a good idea to take an inventory of scripts that send email, including those that use the .NET classes to do the job.

How to Block Room Bookings with Exchange Online

Many people are working from home at present, and you might want to block their ability to book meetings in physical rooms. Policies can be configured to stop the Exchange Online resource booking assistant accepting meeting requests sent to rooms, with exceptions granted to people allowed to make bookings.

How to Configure OWA and Outlook Mobile to Create Online Meetings by Default

Changes coming in May and June will allow organizations to make online meetings the norm when created by OWA or Outlook mobile clients. You can control the feature at the organization level and allow individual mailboxes to override the organization setting.

Use Office 365 Audit Data to Highlight Unused Permissions

I’ve written many articles to explain how to use the Office 365 audit log to report different aspects of the platform. But taking action is much better than just reporting. In this post, we explain how to take a report generated from the Office 365 audit log and use it to drive some actions. In this case, removing the SendAs permission from people who aren’t using it.

Using Teams Compliance Data for eDiscovery

For compliance purposes, the Microsoft 365 substrate captures copies of Teams messages in Exchange Online mailboxes. The compliance records are indexed and discoverable, which means that they can be found by content searches. However, Teams compliance records are imperfect copies of the real data, which is a fact that seems to have escaped many people.

Microsoft Introduces Roaming Signatures for Outlook for Windows

Outlook for Windows is soon to support roaming signatures, but only the click-to-run version when connected to an Exchange Online mailbox. Still, it’s progress, and it will make the task of using the same signature on different PCs much easier. Good-looking signatures must still be generated for corporate branding purposes, so the ISVs selling email signature products don’t need to fret.

Upgrades Available for Exchange and SharePoint PowerShell Modules

Microsoft has published updates for the Exchange Online management and SharePoint Online PowerShell modules. Generally it’s a good idea to install the latest version of PowerShell modules for the different Office 365 products, but beware of some gotchas that await the unwary…

Stopping Users Updating OWA Autosignatures

If an Office 365 tenant goes to the bother of creating nice OWA autosignatures for users, shouldn’t we also removed the ability to edit the signatures in OWA settings? RBAC seems like the right way to do the job, but in this case, the way RBAC restricts options by removing the right to run cmdlets or parameters means that the block affects other OWA settings. Fortunately, the Exchange developers thought of this and provide an option in OWA mailbox policies to save the day.

Reporting SendAs Audit Events for Exchange Online Mailboxes

The SendAs audit event is logged when someone uses the send as permission to send a message from an Exchange Online mailbox. The events are stored in the Office 365 audit log and can be found there with an audit log search. However, things aren’t as straightforward as they are on-premises because some other types of delegated messages turn up in searches. Fortunately, we have a script to help.

Microsoft Pushes Removal of Basic Authentication from Exchange Online to Mid-2021

Covid-19 dealt a blow to Microsoft’s plans to remove basic authentication from 5 connection protocols for Exchange Online and forced them to postpone the removal from October 13, 2020 to sometime in the second quarter of 2021. The news is disappointing because basic authentication is a weakness exploited by many hackers. But you can’t plan for a pandemic and Office 365 tenants need more time to be ready for the deprecation.

Reporting Exchange Online Mailbox and SendAs/On Behalf Of Permissions

Exchange Online mailboxes support SendAs, Send on Behalf Of, and FullAccess permissions. A previous script focused on the FullAccess permission. This version covers all three. It’s also a good example of how you need to pay attention to property sets when writing PowerShell code to use the new Exchange Online REST-based cmdlets.

Reporting Exchange Online Folder Permissions

In addition to mailbox permissions, Exchange Online supports folder-level delegated permissions. Users can create folder delegations through Outlook desktop. Like mailbox permissions, it’s a good idea for tenants to check folder-level delegations to ensure that people don’t keep permissions for longer than they should. We explain how to create a PowerShell script to generate such a report.

Reporting Exchange Online Mailbox Permissions

Exchange Online makes it easy to assign delegated permissions for user and shared mailboxes. But permissions assigned to people might not be still necessary, so it’s good to do a periodic check. In this post, we describe a script to scan for permissions on Exchange Online user and shared mailboxes and highlight non-standard permissions in a report generated as a CSV file.

Why Default Mailbox Auditing for Exchange Online Isn’t Quite as Good as It Seems

Exchange Online enables mailbox auditing by default, which should mean that audit events get to the Office 365 audit log for all E3 and E5 mailboxes. Well, that’s what you might thing but that’s not what happens. Mailbox events for E5 mailboxes arrive just fine, but you must reenable E3 mailboxes for auditing before their events flow. It’s a bizarre situation.

Capturing Crucial Office 365 Audit Data Requires E5 Licenses

Microsoft has released information about high-value Office 365 audit events and audit event retention policies. Both are part of a Microsoft 365 Advanced Audit offering. The MailItemsAccessed event is the first high-value audit event (we can expect more) and the retention policies are used to purge unneeded events from the Office 365 audit log.

Why Basic Authentication for Exchange Online is So Bad

Some doubt that Exchange Online will disable basic authentication for five email connection protocols in October 2020. The refrain is that it will be too hard for customers. Well, it might be hard to prepare to eliminate basic authentication, but if you don’t, your Office 365 tenant will be increasingly threatened by attacks that exploit known weaknesses.

Add Your Personal Calendar to OWA

You can now add your personal or Gmail calendars to your work OWA calendar. The integration allows for only one personal calendar, and OWA synchronizes events from the personal calendar to make sure that people don’t schedule work events when you have personal commitments. TeamSnap calendars are also supported (real-only), but this feature is likely to not be used outside the U.S.