Microsoft Security Report Points to Basic Authentication as Root of BEC Attacks

The need to remove basic authentication from Exchange Online is underlined by a June 14 report from the Microsoft Threat Intelligence Center pointing to how attackers compromise mailboxes using antiquated protocols like POP3 and IMAP4 to connect to accounts which don’t use MFA. After accounts are penetrated, the attackers plant inbox rules to forward copies of interesting messages and use the information received to plan and execute business email compromise attacks. Tenant administrators still have some work to do to secure Exchange Online and Azure AD…

Teams Introduces New Attendance Reporting Dashboard

Now rolling out to Office 365 tenants, Teams meeting organizers can review the attendance data for meetings and webinars in a new dashboard. The same data can be downloaded to a CSV file for analysis. Teams stores the attendance report data in the Exchange Online mailbox of the meeting organizer. It’s a good example of the Microsoft 365 substrate in use.

Microsoft’s Collaborative Work Model Ignores Practical Realities

Microsoft’s Collaborative Work Model (CWM) tries to paint a picture of how Microsoft 365 apps help people to organize tasks and get things done more efficiently. CWM isn’t a bad thing, as far as it goes, but it’s just not practical because it ignores the critical role played by email as the glue connecting Microsoft 365 apps together. Or more correctly, email and the substrate. Oh well, it’s only a marketing message…

Microsoft Stops Set-User Updating Phone Numbers for Azure AD Accounts

Without warning (for security reasons), Microsoft stopped the Exchange Online Set-User cmdlet being able to update the work and mobile numbers for Azure AD accounts. We don’t know what kind of security concerns caused Microsoft to take this action, but it might be associated with administrative roles. In any case, this disappointing example of how to communicate with customers might end up with people having to update some PowerShell scripts – and no one likes unexpected work.

Why Messages in Your Exchange Online Inbox Are So Large

Exchange Online assigns large mailbox quotas to users. These quotas are needed to cope with the volume and size of modern email. What used to take 2 KB in 1996 now consumes 60 times more. And while email is more graphical and prettier to look at, you’d wonder if the value of the actual content has changed much, if at all.

OWA’s New Calendar Board View Is a Version of Project Moca

Microsoft is rolling out a new calendar board view for OWA. The new board looks very similar to a Project Moca board, which isn’t surprising because it’s a customized Moca board tailored to focus on the calendar. There’s no news yet when Project Moca might exit its current preview status, but maybe the new view will help by convincing people about the worth of configurable boards.

Microsoft Brings the Top Senders and Recipients Report Back from the Dead

For whatever reason, Microsoft decided to cancel plans to remove the Top Senders and Recipients report from the SCC, citing customer feedback as the reason. The thing is that the SCC report and its underlying cmdlet use an old data source. The Microsoft Graph Reports API is the modern approach and an adequate replacement usage reports is available in the Microsoft 365 admin center. I really can’t understand why anyone would want to keep the old report as it’s not very good at all.

Q&A: How to Send Email Using Proxy Addresses with Exchange Online

Exchange Online supports the ability to send email using any SMTP proxy address assigned to a mailbox. Following the announcement of the feature, users had many questions including what clients can be used. Here are some common questions and answers about the feature, including some PowerShell to report the set of proxy addresses assigned to user mailboxes.

How to Customize Responses to Calendar Meeting Requests for Conference Rooms

Exchange Online’s calendar assistant is good at responding to meeting requests for rooms. It can be even better with just a little customized text to remind those who book the rooms about meeting etiquette. Even though we might never get back to physical meetings in conference rooms, some face to face gathering will happen in the future, so now’s the time to prepare for bookings to be handled in a nicer fashion.

How to Control Updates for User Photos in Microsoft 365 Apps

Organizations can choose to control updates of user photos by policy in their Office 365 tenants or allow users to go ahead and use any image they like. In this article, we explore the value of having a user photo for every Office 365 account (and Teams and Groups too) and the choices organizations must make when they decide whether to control user-driven updates.

New Invoice Payment Phishing Attack

A new phishing attack is circulating from an Office 365 tenant. The attack attempts to lure recipients into clicking a link to download a document. The phishing email is not quite as crude as other attempts and might lure users into doing the wrong thing, especially as the message is delivered to inboxes.

Exchange Online Block for BCC Messages Sent to Distribution Lists

You can configure Exchange Online distribution lists so that they reject messages sent to them as BCC recipients. I’m not sure how much use this feature will get, but it’s nice to have it anyway. PowerShell is the only management tool to configure distribution lists for the new block until Microsoft gets around to updating the Exchange Admin Center.

Teams Desktop and Browser Clients Can Update User Out of Office Notification Settings

Microsoft has released the public preview of the ability to set the Exchange out of office (OOF) auto-reply from the Teams desktop and browser clients. OOFs set in Teams are synchronized back to Exchange using EWS so that the new auto-reply configuration is picked up by clients like Outlook and OWA. It’s a small but useful update.

Exchange Online Clamps Down on High-Volume Mailboxes

From April 2021, Exchange Online will apply hard limits for the number of messages a mailbox can receive per hour. The limit remains the same (3,600), but now Exchange will block the mailbox receiving any more email for an hour. The new version of the Exchange Admin Center (EAC) promises to highlight problem mailboxes so that admins can ask owners why their mailboxes receive so much email.

Exchange Online Adjusts Schedule for Removal of Basic Authentication

Microsoft wants to remove basic authentication from Exchange Online connection protocols. But pressures have forced Microsoft into a new strategy and away from the mid-2021 date for deprecation of basic authentication for five protocols. Instead, Microsoft will disable basic authentication for protocols where it’s not used, include four addition protocols in its target set, and pause action for tenants where basic authentication is in active use. When they restart, Microsoft will give tenants 12 months’ notice that basic authentication will be blocked for a protocol. You can argue that Microsoft should have pressed ahead with their original plan, but would widespread disruption of service be worth the benefit gained from blocking vulnerable protocols? Balancing risk versus reward is often not easy.

How to Rebuild Delegate Access for a Calendar with PowerShell

Sometimes delegate access for an Exchange Online calendar goes awry due to corrupted items in the mailbox. To help sort out problems, Microsoft has upgraded the Remove-MailboxFolderPermission cmdlet to do the work that used to be done by a multi-phase fix performed using the MFCMAPI or EWS editor utilities. The nice thing is that this method is quick, simple, and works well.

How to Create Exchange Dynamic Distribution List with Custom Recipient Filters

Exchange dynamic distribution lists allow messages to be sent to sets of recipients determined by a query against the directory. A custom filter is a powerful way to find the right set of recipients. In this case, we want to find mailboxes with certain job titles whose Azure AD accounts are not blocked for sign-in. Here’s how to create the filter, make sure it works, and create the DDL.

Why New TLS Requirement Stops PowerShell Scripts Sending Email

Exchange Online now insists on TLS 1.2 connections between email clients and servers. PowerShell scripts using the Send-MailMessage cmdlet will fail. The problem is easily solved by forcing PowerShell to use TLS 1.2 to connect, but it does mean that some work is needed to check scripts (before they fail).

Hitting the Million Messages Limit in an Aggregate Group Mailbox

A curious problem happened when a mailbox reported hitting a folder item limit (one million items). The mailbox was an aggregate group mailbox, a system mailbox used to make it easier to search Microsoft 365 Groups. Microsoft now uses a different method to search group mailboxes and will remove these arbitration mailboxes by the end of 2021. If you meet the problem, use a mail flow rule to stop messages being delivered to the mailbox.

Teams Tailors Compliance Records for eDiscovery

The format of the Teams compliance records generated for personal and group chats and stored in Exchange Online mailboxes is changing. Microsoft is removing a bunch of unnecessary attributes from the records to reduce the processing load on the service to retrieve the attributes from Azure AD. The change is unlikely to affect most tenants. Compliance records for older chats are not affected.

Why Exchange Online Dehydrates an Organization Configuration

Exchange Online has the Enable-OrganizationCustomization cmdlet to “hydrate” the settings in an organization. Most Exchange Online organizations use common configurations, which saves the Office 365 infrastructure some directory space and CPU cycles to deal with custom settings. A hydrated organization has customized settings. The one-time cmdlet switches organizations from a dehydrated state to a hydrated state. Forcing administrators to run the cmdlet is just a little odd.

How to Use PowerShell to Remove Calendar Items from Exchange Online

Microsoft wants to retire the Search-Mailbox cmdlet from Exchange Online. But while the cmdlet available, it does a great job of removing mailbox items. If you get the search query right! In this example, we explain how to write a script to clear out calendar items from the mailboxes of multiple users.

Understanding Partially Indexed Exchange Online Messages and Attachments

Exchange Online indexes the items stored in mailboxes. Some of the items are partially indexed, meaning that not all of their content is indexable. Microsoft has a PowerShell script to analyze the number of partially indexed items found in mailboxes. The output is kind of esoteric, so we worked it over to create something more understandable.

How to Enable the First Contact Safety Tip for Exchange Online Protection

Exchange Online Protection (EOP) and Microsoft Defender for Office 365 support anti-phishing policies which generate safety tips for users. The first contact safety tip warns users when they receive email from someone they don’t usually get messages from. It’s a way to put the recipient on their guard, just in case it’s someone trying to impersonate someone else whom the recipient actually knows.

The Power of Exchange Online Dynamic Distribution Lists

Exchange Online Dynamic Distribution Lists are a powerful way to address changeable groups of recipients. The query against the directory is the big thing to get right, but you’ve also got to make sure that the directory data is accurate and reliable. Once you’ve got a good directory, it’s easy to create dynamic distribution lists which are easy to use and never go out of date.

EOP Escalates the Fight Against High-Confidence Phish

A change due in December will improve how Exchange Online Protection suppresses high confidence phish messages and stop them being delivered to user mailboxes. The old-fashioned allowed sender and allowed domain lists are being taken out of the equation and ignored when EOP is sure that it’s dealing with some high-confidence phish. It’s time to check your anti-spam policies.

Exports of Exchange Online Search Results Now Decrypt Attachments

When you use an Office 365 content search to find items, the results from Exchange Online might include some encrypted attachments. A change means that the attachments can now be decrypted to make it easier for investigators to review the information. It’s a small but important change, just like the update to Edge which stops ClickOnce programs running unless an Edge setting is enabled. All good, clean, honest fun.

Microsoft Clamps Down on Automatic Mail Forwarding in Exchange Online

Microsoft has updated the Exchange Online outbound spam filter policy to stop automatic forwarding of email from user mailboxes. The change is now effective with the default set to block automatic forwarding. You can create a custom policy and apply it to selected mailboxes and distribution lists if they need to forward email.

How to Resolve Duplicate Outlook for iOS Contacts

Outlook Mobile synchronizes contacts from Exchange Online to iOS. Sometimes errors happen and duplicate contacts result. It’s easy to resolve the problem by forcing a complete resynchronization of contacts to rebuild what’s on the iOS device.

Signs of a Phishing Attempt Based on Office VoIP Voicemail Notifications

A crude phishing attempt based on voicemail notifications from a VoIP service arrived in mailboxes. It’s easy for experienced users to pick up signs to stay away, but the unwary can be trapped. Report samples of phishing attempts to Microsoft to make Exchange Online Protection better and keep on educating users.

Revocation of Email Protected by Office 365 Message Encryption

Office 365 Message Encryption (OME) allows OWA users to revoke some messages after they are delivered to recipients. But if the message goes to Office 365 or Outlook.com, you can’t revoke it. And there’s the slight matter of needing an Office 365 E5 license too. Even so, it’s still nice to be able to revoke messages if they go to the wrong place.

Microsoft Will Finally Retire Site Mailboxes in April 2021

Site Mailboxes were the face of Microsoft collaboration at one time. But that’s long in the past and it’s time for these archaic mailboxes to be dispatched. Microsoft will retire them from Office 365 in April 2021, probably two years after they passed their best-by date. I tried to clean up my tenant and failed utterly, so I’m leaving the mess for Microsoft to sort out.

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

How to Control Default Creation of Online Meetings with OWA

OWA calendar settings include the option to make online meetings the default. You can control whether online meetings are the default at an organization and mailbox level. Outlook desktop relies on system registry settings to know if online meetings should be created. An add-in loaded is loaded automatically to insert the neceessary data to make a meeting online if necessary.

How to Use Exchange Dynamic Distribution Lists to Address Specific Mailboxes

Exchange Online supports dynamic distribution lists, a great way to address sets of recipients found by resolving a filter against the directory. In this example, we explore how to create a dynamic distribution list to address mailboxes marked as preferring a specific beverage. It might even be useful some day!

New Outlook API Makes Email Signature Management Easier

At the Ignite 2020 virtual conference, Microsoft ISV Code Two Software demonstrated a new Outlook API to make email signature management easier across all Outlook clients. The Signature API supports web add-ins that work on all Outlook platforms to allow users to select which corporate email signature to apply before sending messages. The new API should be available at the end of 2020 and we can expect updates from multiple ISVs in the email signature management space to exploit the new capability.

How to Get and Update the Exchange Online Management PowerShell Module

Version 2.0.4 of the Exchange Online Management PowerShell module is now available for download from the PowerShell Gallery. The new release contains many useful enhancements including support for Ubuntu Linux and several versions of MacOs.

Teams Improves its Fit and Finish

Some recent small changes in Teams will make users happy because the product’s fit and finish is improving. Speaker attribution for live captions makes conversations easier to follow and faster updates from Exchange mean that out of office notifications and change in presence states are picked up faster. These aren’t earthshattering changes, but they do make Teams more pleasant to use.