Microsoft Signals the End for Exchange Web Services

On September 19, 2023 Microsoft announced their intention to retire the Exchange Web Services API on 1 October 2026. The suggested replacement is the Microsoft Graph API. Microsoft acknowledges that some gaps exist that they need to close before EWS retirement happens, but one big issue they didn’t discuss is what happens to the backup products that currently use EWS to backup Exchange Online.

Use Message Trace Data to Analyze Email Traffic

This article describes how to use PowerShell to extract and analyze Exchange Online message trace data to figure out the volume of traffic to outbound domains and from inbound domains. You might think that this is the same information as available in the Exchange admin center mail flow report, but it’s not. Once again, the value of PowerShell in retrieving and using data is evident.

Reporting Retention Tags for Exchange Online Mailbox Folders

Exchange retention tags can be assigned to mailbox folders. In this article, we explain how to retrieve details of folder and personal tags assigned to folders plus the default archive and delete tags defined in the mailbox retention policy. We also explore if it’s possible to report retention tags assigned to individual messages and conclude that it’s not worthwhile.

Microsoft Briefs Partners about Microsoft 365 Backup and Microsoft 365 Archive Products

At the Inspire conference, Microsoft briefed their partners about the Microsoft 365 Backup and Microsoft 365 Archive products they plan to launch at some time in the future. Microsoft’s biggest advantage is their access to data and the speed at which they can process the information. Whether this gets people past the “all digital eggs in the Microsoft basket” issue remains to be seen.

Microsoft’s New My Groups Page

It would be nice to report that Microsoft’s new My Groups page delivers great user-centric group management portal, but it doesn’t. My Groups can’t deal with distribution groups (lists), which is surprising because distribution lists are a valid Azure AD group type. What’s worse is that the OWA option to manage distribution lists doesn’t work any more. There’s little evidence of Microsoft joined-up thinking here.

How Administrators Can Remove Meetings On Behalf Of Users

Sometimes administrators need to intervene and cancel meetings on behalf of users. That’s why the Remove-CalendarEvents cmdlet exists. The cmdlet scans a user mailbox to find meetings organized by the user for a defined period and cancels the events. Meeting participants receive a cancellation notice. It’s a useful cmdlet to know about, just in case.

Exchange Online Modifies Retention Processing for Deleted Items Folder

Microsoft is making a bunch of subtle tweaks to how Exchange Online MRM processes Purview labels for items moved to the Deleted Items folder. The changes make sure that settings in Purview retention labels are respected better by Exchange Online MRM. Like many of the changes made in the area of data lifecycle management, it’s doubtful if end users will notice, but smart administrators might!

Microsoft to Block OWA Premium for Unsupported Browsers in Fall 2023

Microsoft has announced that in Fall 2023 they will force Exchange Online users who run unsupported browsers to use OWA Lite instead of OWA Premium. The restriction will start rolling out in September 2023 and be implemented worldwide by November. People who use browsers like Opera and Brave will be affected and be forced to use Chrome, Edge, or Firefox (or Safari on macOS) to use OWA Premium.

Microsoft Pushes Deprecation of Some Client Access Rules to September 2024

Microsoft has decided to push the final deprecation of client access rules to September 2024. However, only rules that can’t be migrated can be used until then. All other client access rules will stop working in September 2023. Microsoft isn’t clear about what technical limitations might allow rules to work for the extra year, nor do they say how tenants can check except by “opening a support ticket.” Although it’s good to move to conditional access policies, Microsoft really could communicate better.

Not a Rant About Microsoft’s Plan to Stop Old Exchange Servers Sending Email to Exchange Online

Microsoft’s plan to stop Exchange Online accepting email from unsupported Exchange Servers caused a lot of fuss and bother. Looking through the commentary and questions about the announcement, I’m not sure if people understand fully what’s happening. It seems clear to me, but as Richard Campbell of RunAs Radio fame wants me to rant about the topic, here’s my measured opinion (not a rant).

How Exchange Online and Outlook use Machine Learning

Microsoft uses machine learning in Outlook and Exchange Online to create the basis for what they call intelligent technology like suggested replies and text prediction. To generate the language models used to figure out how Outlook should respond to users, Microsoft needs to copy data from user mailboxes for processing. The data is removed and the results stored in user mailboxes once processing is complete. Is this an issue for Microsoft 365 tenants? It all depends on your view of how data should be processed.

How to Run the Test-Message Cmdlet

The Test-Message cmdlet is a useful tool to check if Exchange transport rules and DLP policies work correctly. You can input a test message to see what happens as the Exchange transport service applies transport rules, DLP policies, and auto-label policies based on the message contents and properties. Nice as it is to have the Test-Message cmdlet, human knowledge of what transport rules should do is probably an even more important asset.

Exchange Online Disables New Inbound Connectors

Exchange Online will create a new inbound connector but won’t activate it until the tenant gives a business justification to Microsoft Support. The restriction applies only to tenants created after January 1, 2023. Microsoft isn’t saying why they implemented the restriction, but it’s likely because of a security concern. In any case, the deafening silence from Microsoft has left ISVs that depend on inbound connectors in a very bad place.

Exchange Online Rolls Out Improved Message Recall

Microsoft announced that the new Message Recall feature is rolling out to tenants worldwide. They hope to increase the success rate for recalls imitated by users from 40% to 90%. Significant limitations exist. Message recall only works from Outlook for Windows and recall can only handle messages that remain within the same Exchange organization. Even so, the prospect of a huge improvement in the success rate will make the new feature very attractive to the people who really need to recall a message.

Reporting Exchange Online Meeting Room Usage Patterns

Room mailboxes are still heavily used for in-person meetings. It’s good to know how often and when rooms are used, which is why we have the room mailbox report script. In the second version of the script, we include code to figure out the daily usage pattern of individual rooms and for all rooms across the organization. The graphics in our bar chart are crude, but the chart is generated with a few lines of PowerShell, so feel free to improve the script.

Exchange Online Adds Support for License Stacking

Microsoft announced support for concurrent Exchange Online license assignments, aka license stacking. This means that the workload can sort out the capabilities made available to a user through multiple licenses and make the maximum functionality available to the user through whatever’s deemed to be the “most superior” license. If that sounds like so much mumbo-jumbo, it might just be, unless you’ve been plagued by people losing access to their mailboxes because of shifting license assignments in the past. If you have, this change will make you very happy.

Sending Auto-Replies from Shared Mailboxes

Much to our distress, we discovered that the contact form for the Office 365 for IT Pros website was broken. We fixed everything up and use a shared mailbox to receive the contacts logged by people on the website. In fact, we use a distribution list as the first point of contact. Its membership includes the shared mailbox and other user mailboxes. Everything works very nicely now.

Achieving Consistency in Country Settings Across Azure AD and Exchange Online

Azure AD user accounts and Exchange Online mailboxes share many properties, including some for a user’s address. When it comes to countries, Azure AD has the country property while Exchange uses the CountryOrRegion property. Sometimes the two don’t match up. Why does this happen and does it matter in practical terms? What other country or regional settings exist that need to be managed? A simple question sets off a big discussion.

How to Enable Exchange Online Mailbox Archives Based on Mailbox Size

This article explains how to use PowerShell to enable Exchange Online archive mailboxes after primary mailboxes reach a certain size. Some simple PowerShell code checks the mailbox size and if it’s too large, enables the archive and assigns a mailbox retention policy containing a default move to archive tag to move items from the primary to the archive mailbox. Some Azure Automation would make sure that the script runs periodically to keep mailboxes in good health.

Microsoft Pauses Daily Viva Briefing Messages

Microsoft announced that they will pause sending the daily Viva Briefing messages to make improvements to the personalized content in the messages. No detail has been revealed about the kind of changes Microsoft is contemplating, so all we can do is write some PowerShell to show which mailboxes are currently enabled to receive the daily briefing.

Exchange Online to Stop Support for Remote PowerShell Connections in September 2023

Microsoft has announced that Exchange Online will block Remote PowerShell connections from October 1, 2023. Taken in isolation, this is excellent news and it will contribute to the move to use modern authentication for all client connections to Exchange Online. However, things aren’t quite so good when you realize that the final deprecation of the Azure AD and MSOL PowerShell modules take place at the same time. Lots of work to do to upgrade scripts!

How to Customize the Exchange Online Message Expiration Timeout Interval

Microsoft is deploying a change to the Exchange Online transport server to allow tenants to set the message expiration timeout interval to between 12 and 24 hours. The default for the service remains at 24 hours. Reducing the interval means that users will learn about message failures sooner. The hope is that they’ll be able to respond to those failures and resend messages once they learn about problems.

Checking the Release of Quarantined Messages

On the surface, it seems easy to report when someone releases a quarantined message. As it turns out, things aren’t quite as easy as it first seems. Audit events are available in the unified audit log, but they don’t tell the full story. But by putting that data together with information about messages in quarantine, we can create a composite view that’s closer to what’s needed.

Running Exchange Online Historical Message Traces for Sets of Mailboxes

A question was asked about the best way to find out if shared mailboxes received email from certain domains over the past 60 days. Exchange Online historical message traces can extract trace data to allow us to check, but the process of running the message trace and then analyzing the data is just a little disconnected.

Reporting Distribution List Membership with the Microsoft Graph PowerShell SDK

Microsoft will deprecate the Azure AD and MSOL PowerShell modules in June 2023. It’s time to convert scripts that use cmdlets from these modules and the Microsoft Graph PowerShell SDK is probably the best answer. This article explains how to generate a report of Exchange Online distribution list memberships, a task often handled in the past with Azure AD cmdlets.

Adding New Azure AD Users to Groups Automatically

Several methods exist to add new user accounts to groups automatically. Dynamic group membership is an obvious option, but other choices exist, including org-wide teams (if your organization is under 10,000 accounts) and using PowerShell to manage the automatic addition of new members to a standard distribution list or Microsoft 365 group. This article examines the various methods. Once you understand what’s possible, you can make the right choice.

No Way Back to Exchange Server for Auto-Expanding Archives

Microsoft is introducing a block to stop customers attempting to move auto-expanding archives to Exchange Server. No very of the on-premises server has ever supported auto-expanding archives, so it’s reasonable to have a block. It’s still possible to move a primary mailbox back to Exchange Server, but its auto-expanding archive must stay in the cloud. It’s a good factor to take into account if an organization plans to use auto-expanding archives in the future.

Outlook Groups Support for Folders and Rules

Outlook Groups now boast support for folders and rules. In other words, group owners and members (if allowed) can create new folders and move and copy items from the inbox to those folders. They can also create rules to process inbound email arriving into the group inbox. It’s all well and good, but there are a few points to understand about how things work.

Exchange Online Mail Flow Rules Move to New EAC

Microsoft is moving the creation and management of mail flow rules to the new EAC from November. The UX in the legacy EAC should disappear in December 2022. The new UX is prettier and works better (apart from the rule wizard), but it’s a little disappointing that we have essentially the same way of managing mail flow rules in 2022 as we had in 2006. You can only hope that things might improve in the future.

Microsoft Dumps Bulk Distribution List Migration to Microsoft 365 Groups in Legacy EAC

A November 3 announcement says that Microsoft will deprecate the bulk distribution list migration feature in the legacy EAC on February 1, 2023. Although no one will probably be surprised by the news, it’s disappointing that all Microsoft can suggest is a manual conversion process for those who want to move (simple) distribution lists to Microsoft 365 groups. Is it too much to ask to have a PowerShell script to do the job?

Running Exchange Online Historical Message Traces

Exchange Online historical searches are the way to retrieve message trace information that’s older than 10 days (but less than 90 days). You might not have to run historical searches very often, but when you need to, you’ll be glad that the facility exists.

Outlook Reactions to Respond to Email

Users will soon have the option to use Outlook reactions to respond to emails received from people inside the same tenant (well, it also works with some other tenants). It’s the same kind of feature that already exists in Yammer and Teams, but whether this kind of response works with email remains to be seen. It’s a cultural thing!

Updating Microsoft 365 User Accounts to use a New Domain

A reader asked how to update user email addresses and UPNs. As it turns out, this is not a very difficult technical challenge. The problem lies in the aftermath. It’s easy to update the primary SMTP address for a mail-enabled object or assign a new user principal name to an Azure AD account. Then problems might come into view, like needing to adjust the Microsoft Authenticator app to make MFA challenges work for the new UPN.

Researchers Worry About Office 365 Message Encryption

An October 14 report says that Office 365 Message Encryption shouldn’t be used because its encryption scheme might reveal email content. Well, that might be the case if an attacker can hijack connectivity from Office 365 to another email service. But the relatively low levels of OME usage and the difficulty of acquiring enough email to understand message structure makes this a less than practical attack in the wild.

Making Sure Apps Can Run Exchange Online Management Cmdlets

This article describes how to use the Exchange.ManageAsApp permission to allow Azure AD apps to run Exchange Online PowerShell cmdlets. You can do this in the Azure AD admin center for registered apps, but when the time comes to allow Azure Automation runbooks to sign into Exchange Online with a managed identity, you must assign the permission to the automation account with PowerShell. Easy when you know how, hard when you don’t!

OWA’s Sweep Feature Uses Both Inbox and Sweep Rules

Outlook logo

The Outlook Sweep feature is available in OWA and the Outlook Monarch client. The idea is that you clean up your mailbox by ‘sweeping’ unwanted items into somewhere like the Deleted Items folder. As it turns out, the Sweep feature uses both Inbox and Sweep rules to get its work done. Overall, Sweep is a pretty useful piece of functionality.

Outlook for Windows Gets External Mail Tagging

External tagging has been available for OWA, Outlook mobile, and Outlook for Mac since 2021. Now it’s coming to Outlook for Windows. Some might wonder about why it’s taken Microsoft so long to add external tagging to the Windows client. It might be that they’re waiting for the Monarch client, but it’s more likely the difficulty of retrofitting new features into the Outlook GUI.

Exchange Online Archive Mailboxes Move Away from Purview Compliance Portal

Microsoft is moving the listing of archived mailboxes from the Purview Compliance portal to its natural home in the Exchange Admin Center. In this post, we look at how you can report the current status of archive mailboxes (both user and shared mailboxes) in a Microsoft 365 tenant.