How to Determine the Age of a Microsoft 365 Tenant

Finding the age of a Microsoft 365 tenant isn’t an important administrative operation. However, understanding how to retrieve this information (if asked) is an interesting question, which is why we spent several hours playing around with PowerShell and the Microsoft Graph to figure out how to answer the question. It’s the kind of in-depth analysis we do all the time to build content for the Office 365 for IT Pros eBook.

Planner Uses Exchange Online for Microsoft 365 eDiscovery and Compliance

Planner now creates digital twins (copies) of tasks in user mailboxes in Exchange Online to make data available for eDiscovery and compliance. Storing items in the Microsoft 365 substrate is the same approach to making data available for search and compliance as taken by Teams and Yammer.

Latest AAD Connect Removes On-Premises Disabled User Accounts from Azure AD

Microsoft pushed out version 2.0.88.0 of the AAD Connect synchronization utility earlier this month. Unfortunately, the new software removes disabled on-premises user accounts from Azure AD, which means that on-premises shared mailboxes disappear for cloud users. Microsoft has released version 2.0.89.0 but maybe it’s better to go back to a version that you know works. At least until after the holidays.

Microsoft 365 DLP Switches from Envelope to Header for Sender Evaluations

To make Microsoft 365 DLP policies work like Exchange transport-rule based DLP, a January change will switch evaluation of sender conditions away from envelope information to message headers. Although this change might seem to be something beloved of email geeks, it’s actually an important update for organizations who want to move away from ETR-based DLP to Microsoft 365 DLP policies.

How to Enable Users to Receive Copies of Email They Send to Microsoft 365 Groups

It might seem like a small thing, but some users are upset when they don’t receive copies of their messages sent to Outlook Groups in their Inbox. A new setting allows users and administrators to control if they receive copies of messages from groups, but only when the user is a subscriber to groups (Follow in Inbox is turned on). In this article, we explore how to set the EchoGroupMessageBackToSubscribedSender control via OWA options and PowerShell, and how to sign up to be a group subscriber by yourself or with a little help from an Exchange administrator.

Microsoft Upgrades Exchange Online Dynamic Distribution Lists

Microsoft is changing the way the Exchange Online transport service resolves the membership of dynamic distribution groups. Instead of doing this when someone sends a message to a dynamic group, Exchange resolves the membership once daily and whenever the recipient filter changes. It’s a reasonable approach designed to make messages move faster and more reliably, and it’s similar to the way that Azure AD dynamic groups maintain their memberships, so it shouldn’t make much difference.

Microsoft Flags Need to Upgrade PowerShell Scripts to Use TLS 1.2

Microsoft is removing TLS 1.0 and 1.1 from Microsoft 365. This has been well flagged, but tenants might not understand the impact on PowerShell scripts which send email using the Send-MailMessage cmdlet and SMTP AUTH. In a nutshell, unless you force PowerShell to use TLS 1.2, attempts to send messages via Exchange Online will fail. It’s time to check those scripts and ,consider how to move away from SMTP AUTH and Send-MailMessage.

Synchronizing Sensitivity Labels to Update SharePoint Online Sites

The SharePoint Online admin center displays an insight card for the number of unlabeled sites in the tenant. For some reason, many of the labels assigned to Microsoft 365 Groups and Teams had not reached SharePoint. Some PowerShell does the job to fetch the sensitivity label information from Exchange Online and update sites with the missing label information.

Some Microsoft 365 Features Highlighted at Fall Ignite 2021 You Can Use Now

To help you recover from the blizzard of Microsoft 365 information released at Fall Ignite 2021, here are some notes about features and functionality you might have missed. Like any list created by a conference (virtual) attendee, it reflects my interests and what I was looking for. Feel free to disagree on the importance of any or all of the topics discussed here… and suggest some of your own in the comments.

How to Use an Exchange Transport Rule to Copy Messages

Exchange Online transport (mail flow) rules are a powerful way to manipulate messages as they pass through the transport system. In this example, we look at how to BCC messages sent by some employees for management review. I’m not sure that this is a good idea (for many reasons), but the need does exist to copy messages automatically, so we explore the use of transport rules as a solution.

How Exchange Online Uses Mailbox Plans to Populate Mailbox Settings

Every Exchange Online tenant has four mailbox plans. Exchange uses the plans to populate some important mailbox settings based on the license assigned to the mailbox owner. This article explains the four mailbox plans, how to update the plan settings, and some of the things you can’t do with mailbox plans. We also include some PowerShell to report the mailbox plans assigned to users in your Office 365 tenant.

Improved DKIM Configuration Page is Prompt to Check Domains

A new Microsoft 365 DKIM management page is a good prompt to check that all domains used to send email in n Office 365 tenant are configured properly for DKIM. The process of enabling DKIM and key rotation is easily done through the GUI or PowerShell once the correct CNAME records are in DNS.

How to Use a Microsoft 365 Retention Policy to Manage Inactive Mailbox Content

Most Microsoft 365 tenants will have to manage the mailboxes of ex-employees. Retention policies are an excellent method to achieve this goal, if you remember to add mailboxes to a suitable retention policy before deleting their Azure AD account. In this article, we consider Microsoft’s recommendation to use a specific retention policy for inactive mailboxes and how to go about using such a policy.

Apple Mail App Clients Might Need Upgrading for Modern Authentication

The road to modern authentication for Exchange Online is littered with things to do. One action item is to check Apple iOS and iPad devices using Exchange ActiveSync to connect to mailboxes. If these devices were configured to connect to Exchange Online before iOS 12, they’re likely using basic authentication. Right now, the only way to move them to modern authentication is to remove Exchange from the mail app and add Exchange again. It’s a bump on the way to modern authentication in October 2022.

How to Manage Client Read Receipt Settings in OWA and Outlook for Windows

A reader request asked how to force users to send read receipts. This is a client-side feature so the settings involved differ from client to client. We explore how to control them in OWA and Outlook for Windows. A mixture of PowerShell and system registry settings help create a solution. We’re leaving figuring out how to manage other clients to our readers.

API Deprecations Signal the Demise of Exchange Web Services

A Microsoft October 5 announcement gives a clear signal that Exchange Web Services is on a short runway to oblivion. The first step is the removal of 25 APIs on March 31, 2022. It’s all part of the master plan to get Office 365 tenants and ISVs to move to the Microsoft Graph APIs. This is a perfectly laudable ambition but it’s complicated because of the lack of suitable Graph APIs to handle the volume of Exchange data involved in scenarios like backup/restore and migration. Teams has a new Graph Export API, but it introduces consumption metering and charging. Is a new Exchange API coming and will it use the same charging mechanism? We live in interesting times…

OWA Adds Full Support for Send from Proxy Address (Mailbox Aliases)

A recent update to OWA adds the option to allow users to choose which proxy addresses assigned to a mailbox they would like to send messages from. It’s a small change which completes the client support for the earlier server-side update to allow users to send using mailbox proxies, and it makes using proxy addresses more approachable and useful. OWA also includes a drop-down list in the compose message screen to allow users to select an address to send from, and makes sure that message headers are updated correctly so that messages go back to the right address.

How Microsoft Editor Can Make Your OWA Messages More Polite

A new Microsoft Editor feature aims to make OWA messages more polite through “tone detection.” Currently only available for U.S. English, Editor scans for impolite text and comes up with suggested replacement text. The results vary from very good to not so good, but this might be because it takes time for a learning model to accumulate enough information about a user’s writing style to be able to detect impolite text accurately. We’ll know over time.

How Exchange Online Uses Archives to Offload Recoverable Items Storage

A change rolling out in mid-October will remove storage pressure on the Recoverable Items structure in Exchange Online mailboxes by offloading some data to archive mailboxes. The idea is a good one because it means that the storage allocated to Recoverable Items won’t fill up and require intervention so often. Users won’t know anything about what’s happening under the covers as it’s all hidden from view.

How to Find Exchange Online Archive Mailboxes Close to the New 1.5 TB Limit

A 1.5 TB limit applies to Exchange Online archive mailboxes from November 1, 2021. In this article, we use PowerShell to report how close expandable archives are to the new limit. In reality, not many archive mailboxes will approach the new limit, but it’s nice to know things like the daily growth rate for an archive and how many days it will take for an archive to reach 1.5 TB. All whimsical stuff calculated with PowerShell!

SMTP AUTH Exception Smoothens Path to Removal of Basic Auth in Exchange Online

Last week’s announcement that Exchange Online will block basic authentication for multiple protocols on October 1, 2022, got some attention. Now the hard choices of what to do with clients and applications need to be made. To smoothen the path to remove basic authentication, Microsoft is making an exception for SMTP AUTH. Your scripts and multi-function devices will keep working after October 2022, but the writing is on the wall and eventually even SMTP AUTH will stop working.

Basic Authentication for All Exchange Online Tenants Stops in October 2022

October 1, 2022 will be a big day for Exchange Online tenants because that’s when Microsoft starts to disable basic authentication for connectivity protocols whether or not tenants want this to happen. This is a huge and fundamental change that’s being driven by the need to increase the overall security of Exchange Online and individual tenants, while also blocking common attacks seeking to compromise user accounts. With only a year to go, it’s time to start work on preparing everything that needs to be in place for the great October 1 switchoff.

Inactive Mailboxes Turn Up in Microsoft 365 Compliance Center

Inactive mailboxes have been available in Exchange Online since 2015. A new inactive mailboxes listing is available in the Microsoft 365 compliance center. The GUI isn’t very functional, but perhaps it’s a starting point for some enhanced management capabilities for inactive mailboxes. We’ve only been waiting six years…

How to Allow People in Your Office 365 Tenant to See Details of Each Other’s Calendar

By default, Exchange Online allows other users in your tenant to see limited details of your availability when scheduling meetings. More information can be displayed by updating the calendar permissions for mailboxes. This is easy to do with PowerShell, but needs to be done on an ongoing basis because Exchange Online doesn’t have an organization or mailbox plan setting to assign the value to new mailboxes.

Why Search-Mailbox is Still Valuable When You Need to Remove Mailbox Items

Microsoft wants to eliminate the Search-Mailbox cmdlet, but it’s still very valuable when the time comes to remove mailbox items because of a spam attack or similar reasons. The suggested replacement is Core eDiscovery searches and associated content search purge actions, but these are slower and less effective than Search-Mailbox. To prove the point, we’ve put together a demonstration script to show how to compose a search query and run it against a set of mailboxes.

Microsoft Applies the Viva Brand to MyAnalytics

Microsoft is applying their Viva brand to the features currently known as MyAnalytics. Viva Insights will span a monthly email digest, the Outlook insights add-on, and the Insights dashboard. If you don’t want users to access these features, you can disable the features individually or remove the service plan from user licenses. The rebranding is happening now and due to complete in November.

Inconsistencies Using Reserved Email Aliases with Groups in Microsoft 365

Azure AD administrators should be able to assign a reserved alias to a new group. At least, that’s what the documentation says. As it turns out, this isn’t strictly true as there are places where administrative interfaces (GUI and PowerShell) block any attempt to use reserved aliases. Does this matter? Probably not, unless you like consistency… which we do!

Exchange Online to Introduce Legacy SMTP Endpoint in 2022

Microsoft hopes to accelerate the removal of TLS 1.0 and 1.2 connections from Exchange Online by disabling connectivity in 2022 and forcing organizations which need to use the older protocols to connect to a new “legacy smtp” endpoint. It’s not a bad plan because it transfers responsibility for choosing to use obsolete connections to customers. Most organizations will go with the flow (no pun intended) and use TLS 1.2, but those who need some time to update applications and devices know what they have to do.

How to Create a Report of Distribution Lists and their Owners

In this post, we explore how to use PowerShell to create a report about distribution lists and their owners. The script is quick and dirty, but it works, and the code will run on both Exchange Online and Exchange Server and generates both HTML and CSV outputs. We also look at whether it’s possible to speed things up by using Microsoft Graph API calls. As it turns out, because we’re interested in owner information, it’s no faster to retrieve distribution lists using the Graph. However, as shown in a second script, the Graph is great at retrieving membership information.

How to Move Distribution List Membership from One Mailbox to Another

A reader asked how to move membership of multiple distribution lists from one mailbox to another. We use PowerShell to do the job. Only a few lines are needed to switch the memberships, but we add a few more lines to make the script work better. We don’t handle dynamic distribution lists. This is possible for precanned (simple) filters, but given the number of dynamic distribution lists usually involved, it’s probably best to update directory settings manually.

New Sender-Recipient Limits for Exchange Online Coming in September 2021

Exchange Online already imposes limits on the number of messages a mailbox can receive per hour. New limits will restrict the number of messages individual senders can send to a third of the overall limit. The restriction doesn’t apply to senders with an Exchange Online mailbox in the same tenant. And if a mailbox runs into a limit, it features on the splendidly named Hot Recipients report. What’s not to like about that.

Microsoft Sends Moca Boards to the OWA Calendar

Project Moca is no longer a separate OWA component. Boards created in Moca are now available through the OWA calendar, just like other boards created there. The question is how Microsoft will bring the board view to Outlook desktop. I figure it’s a candidate for OCX and WebView2, just like the Room Finder. Time will tell.

Teams Private Channels Gain Support for Retention Processing

It is now possible to apply Microsoft 365 retention policies to Teams private channel messages. The messages are in user mailboxes and discoverable due to their properties. All the retention policy must do is find the messages and apply the policy settings, and if an item is expired, remove it from the mailbox. Easy… or is it?

Microsoft Security Report Points to Basic Authentication as Root of BEC Attacks

The need to remove basic authentication from Exchange Online is underlined by a June 14 report from the Microsoft Threat Intelligence Center pointing to how attackers compromise mailboxes using antiquated protocols like POP3 and IMAP4 to connect to accounts which don’t use MFA. After accounts are penetrated, the attackers plant inbox rules to forward copies of interesting messages and use the information received to plan and execute business email compromise attacks. Tenant administrators still have some work to do to secure Exchange Online and Azure AD…

Teams Introduces New Attendance Reporting Dashboard

Now rolling out to Office 365 tenants, Teams meeting organizers can review the attendance data for meetings and webinars in a new dashboard. The same data can be downloaded to a CSV file for analysis. Teams stores the attendance report data in the Exchange Online mailbox of the meeting organizer. It’s a good example of the Microsoft 365 substrate in use.

Microsoft’s Collaborative Work Model Ignores Practical Realities

Microsoft’s Collaborative Work Model (CWM) tries to paint a picture of how Microsoft 365 apps help people to organize tasks and get things done more efficiently. CWM isn’t a bad thing, as far as it goes, but it’s just not practical because it ignores the critical role played by email as the glue connecting Microsoft 365 apps together. Or more correctly, email and the substrate. Oh well, it’s only a marketing message…

Microsoft Stops Set-User Updating Phone Numbers for Azure AD Accounts

Without warning (for security reasons), Microsoft stopped the Exchange Online Set-User cmdlet being able to update the work and mobile numbers for Azure AD accounts. We don’t know what kind of security concerns caused Microsoft to take this action, but it might be associated with administrative roles. In any case, this disappointing example of how to communicate with customers might end up with people having to update some PowerShell scripts – and no one likes unexpected work.

Why Messages in Your Exchange Online Inbox Are So Large

Exchange Online assigns large mailbox quotas to users. These quotas are needed to cope with the volume and size of modern email. What used to take 2 KB in 1996 now consumes 60 times more. And while email is more graphical and prettier to look at, you’d wonder if the value of the actual content has changed much, if at all.

OWA’s New Calendar Board View Is a Version of Project Moca

Microsoft is rolling out a new calendar board view for OWA. The new board looks very similar to a Project Moca board, which isn’t surprising because it’s a customized Moca board tailored to focus on the calendar. There’s no news yet when Project Moca might exit its current preview status, but maybe the new view will help by convincing people about the worth of configurable boards.

Microsoft Brings the Top Senders and Recipients Report Back from the Dead

For whatever reason, Microsoft decided to cancel plans to remove the Top Senders and Recipients report from the SCC, citing customer feedback as the reason. The thing is that the SCC report and its underlying cmdlet use an old data source. The Microsoft Graph Reports API is the modern approach and an adequate replacement usage reports is available in the Microsoft 365 admin center. I really can’t understand why anyone would want to keep the old report as it’s not very good at all.