New Invoice Payment Phishing Attack

A new phishing attack is circulating from an Office 365 tenant. The attack attempts to lure recipients into clicking a link to download a document. The phishing email is not quite as crude as other attempts and might lure users into doing the wrong thing, especially as the message is delivered to inboxes.

Exchange Online Block for BCC Messages Sent to Distribution Lists

You can configure Exchange Online distribution lists so that they reject messages sent to them as BCC recipients. I’m not sure how much use this feature will get, but it’s nice to have it anyway. PowerShell is the only management tool to configure distribution lists for the new block until Microsoft gets around to updating the Exchange Admin Center.

Teams Desktop and Browser Clients Can Update User Out of Office Notification Settings

Microsoft has released the public preview of the ability to set the Exchange out of office (OOF) auto-reply from the Teams desktop and browser clients. OOFs set in Teams are synchronized back to Exchange using EWS so that the new auto-reply configuration is picked up by clients like Outlook and OWA. It’s a small but useful update.

Exchange Online Clamps Down on High-Volume Mailboxes

From April 2021, Exchange Online will apply hard limits for the number of messages a mailbox can receive per hour. The limit remains the same (3,600), but now Exchange will block the mailbox receiving any more email for an hour. The new version of the Exchange Admin Center (EAC) promises to highlight problem mailboxes so that admins can ask owners why their mailboxes receive so much email.

Exchange Online Adjusts Schedule for Removal of Basic Authentication

Microsoft wants to remove basic authentication from Exchange Online connection protocols. But pressures have forced Microsoft into a new strategy and away from the mid-2021 date for deprecation of basic authentication for five protocols. Instead, Microsoft will disable basic authentication for protocols where it’s not used, include four addition protocols in its target set, and pause action for tenants where basic authentication is in active use. When they restart, Microsoft will give tenants 12 months’ notice that basic authentication will be blocked for a protocol. You can argue that Microsoft should have pressed ahead with their original plan, but would widespread disruption of service be worth the benefit gained from blocking vulnerable protocols? Balancing risk versus reward is often not easy.

How to Rebuild Delegate Access for a Calendar with PowerShell

Sometimes delegate access for an Exchange Online calendar goes awry due to corrupted items in the mailbox. To help sort out problems, Microsoft has upgraded the Remove-MailboxFolderPermission cmdlet to do the work that used to be done by a multi-phase fix performed using the MFCMAPI or EWS editor utilities. The nice thing is that this method is quick, simple, and works well.

How to Create Exchange Dynamic Distribution List with Custom Recipient Filters

Exchange dynamic distribution lists allow messages to be sent to sets of recipients determined by a query against the directory. A custom filter is a powerful way to find the right set of recipients. In this case, we want to find mailboxes with certain job titles whose Azure AD accounts are not blocked for sign-in. Here’s how to create the filter, make sure it works, and create the DDL.

Why New TLS Requirement Stops PowerShell Scripts Sending Email

Exchange Online now insists on TLS 1.2 connections between email clients and servers. PowerShell scripts using the Send-MailMessage cmdlet will fail. The problem is easily solved by forcing PowerShell to use TLS 1.2 to connect, but it does mean that some work is needed to check scripts (before they fail).

Hitting the Million Messages Limit in an Aggregate Group Mailbox

A curious problem happened when a mailbox reported hitting a folder item limit (one million items). The mailbox was an aggregate group mailbox, a system mailbox used to make it easier to search Microsoft 365 Groups. Microsoft now uses a different method to search group mailboxes and will remove these arbitration mailboxes by the end of 2021. If you meet the problem, use a mail flow rule to stop messages being delivered to the mailbox.

Teams Tailors Compliance Records for eDiscovery

The format of the Teams compliance records generated for personal and group chats and stored in Exchange Online mailboxes is changing. Microsoft is removing a bunch of unnecessary attributes from the records to reduce the processing load on the service to retrieve the attributes from Azure AD. The change is unlikely to affect most tenants. Compliance records for older chats are not affected.

Why Exchange Online Dehydrates an Organization Configuration

Exchange Online has the Enable-OrganizationCustomization cmdlet to “hydrate” the settings in an organization. Most Exchange Online organizations use common configurations, which saves the Office 365 infrastructure some directory space and CPU cycles to deal with custom settings. A hydrated organization has customized settings. The one-time cmdlet switches organizations from a dehydrated state to a hydrated state. Forcing administrators to run the cmdlet is just a little odd.

How to Use PowerShell to Remove Calendar Items from Exchange Online

Microsoft wants to retire the Search-Mailbox cmdlet from Exchange Online. But while the cmdlet available, it does a great job of removing mailbox items. If you get the search query right! In this example, we explain how to write a script to clear out calendar items from the mailboxes of multiple users.

Understanding Partially Indexed Exchange Online Messages and Attachments

Exchange Online indexes the items stored in mailboxes. Some of the items are partially indexed, meaning that not all of their content is indexable. Microsoft has a PowerShell script to analyze the number of partially indexed items found in mailboxes. The output is kind of esoteric, so we worked it over to create something more understandable.

How to Enable the First Contact Safety Tip for Exchange Online Protection

Exchange Online Protection (EOP) and Microsoft Defender for Office 365 support anti-phishing policies which generate safety tips for users. The first contact safety tip warns users when they receive email from someone they don’t usually get messages from. It’s a way to put the recipient on their guard, just in case it’s someone trying to impersonate someone else whom the recipient actually knows.

The Power of Exchange Online Dynamic Distribution Lists

Exchange Online Dynamic Distribution Lists are a powerful way to address changeable groups of recipients. The query against the directory is the big thing to get right, but you’ve also got to make sure that the directory data is accurate and reliable. Once you’ve got a good directory, it’s easy to create dynamic distribution lists which are easy to use and never go out of date.

EOP Escalates the Fight Against High-Confidence Phish

A change due in December will improve how Exchange Online Protection suppresses high confidence phish messages and stop them being delivered to user mailboxes. The old-fashioned allowed sender and allowed domain lists are being taken out of the equation and ignored when EOP is sure that it’s dealing with some high-confidence phish. It’s time to check your anti-spam policies.

Exports of Exchange Online Search Results Now Decrypt Attachments

When you use an Office 365 content search to find items, the results from Exchange Online might include some encrypted attachments. A change means that the attachments can now be decrypted to make it easier for investigators to review the information. It’s a small but important change, just like the update to Edge which stops ClickOnce programs running unless an Edge setting is enabled. All good, clean, honest fun.

Microsoft Clamps Down on Automatic Mail Forwarding in Exchange Online

Microsoft has updated the Exchange Online outbound spam filter policy to stop automatic forwarding of email from user mailboxes. The change is now effective with the default set to block automatic forwarding. You can create a custom policy and apply it to selected mailboxes and distribution lists if they need to forward email.

How to Resolve Duplicate Outlook for iOS Contacts

Outlook Mobile synchronizes contacts from Exchange Online to iOS. Sometimes errors happen and duplicate contacts result. It’s easy to resolve the problem by forcing a complete resynchronization of contacts to rebuild what’s on the iOS device.

Signs of a Phishing Attempt Based on Office VoIP Voicemail Notifications

A crude phishing attempt based on voicemail notifications from a VoIP service arrived in mailboxes. It’s easy for experienced users to pick up signs to stay away, but the unwary can be trapped. Report samples of phishing attempts to Microsoft to make Exchange Online Protection better and keep on educating users.

Revocation of Email Protected by Office 365 Message Encryption

Office 365 Message Encryption (OME) allows OWA users to revoke some messages after they are delivered to recipients. But if the message goes to Office 365 or Outlook.com, you can’t revoke it. And there’s the slight matter of needing an Office 365 E5 license too. Even so, it’s still nice to be able to revoke messages if they go to the wrong place.

Microsoft Will Finally Retire Site Mailboxes in April 2021

Site Mailboxes were the face of Microsoft collaboration at one time. But that’s long in the past and it’s time for these archaic mailboxes to be dispatched. Microsoft will retire them from Office 365 in April 2021, probably two years after they passed their best-by date. I tried to clean up my tenant and failed utterly, so I’m leaving the mess for Microsoft to sort out.

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

How to Control Default Creation of Online Meetings with OWA

OWA calendar settings include the option to make online meetings the default. You can control whether online meetings are the default at an organization and mailbox level. Outlook desktop relies on system registry settings to know if online meetings should be created. An add-in loaded is loaded automatically to insert the neceessary data to make a meeting online if necessary.

How to Use Exchange Dynamic Distribution Lists to Address Specific Mailboxes

Exchange Online supports dynamic distribution lists, a great way to address sets of recipients found by resolving a filter against the directory. In this example, we explore how to create a dynamic distribution list to address mailboxes marked as preferring a specific beverage. It might even be useful some day!

New Outlook API Makes Email Signature Management Easier

At the Ignite 2020 virtual conference, Microsoft ISV Code Two Software demonstrated a new Outlook API to make email signature management easier across all Outlook clients. The Signature API supports web add-ins that work on all Outlook platforms to allow users to select which corporate email signature to apply before sending messages. The new API should be available at the end of 2020 and we can expect updates from multiple ISVs in the email signature management space to exploit the new capability.

Updates for the Exchange Online Management Module

Version 2.0.4 of the Exchange Online Management PowerShell module is now available for download from the PowerShell Gallery. The new release contains many useful enhancements including support for Ubuntu Linux and several versions of MacOs.

Teams Improves its Fit and Finish

Some recent small changes in Teams will make users happy because the product’s fit and finish is improving. Speaker attribution for live captions makes conversations easier to follow and faster updates from Exchange mean that out of office notifications and change in presence states are picked up faster. These aren’t earthshattering changes, but they do make Teams more pleasant to use.

Blocking Email Forwarding from Power Automate

Power Automate (Flow) can forward email from Exchange Online mailboxes to external recipients. This isn’t a great idea if you want email kept within the control of your data governance framework. Power Automate now inserts x-headers in the email it sends, which allows the use of transport (mail flow) rules to detect and reject these messages if required.

The 1-2-3 of Exchange Online Certificate Based Authentication for PowerShell

Exchange Online PowerShell is a critical automation tool for many Office 365 tenants. In 2021, Microsoft will remove basic authentication for PowerShell, so it’s time to change over to modern authentication. For scripts that run as batch or background jobs, that means converting to certificate-based authentication. In this post, we explore how to get the self-signed cert to glue everything together.

Analyzing Quarantined Messages with PowerShell

Exchange Online Protection puts problem messages into quarantine if it suspects that they contain spam, malware, or a phishing attempt. Instead of using the Security and Compliance Center GUI to work with quarantined messages, you can analyze details of quarantined messages with PowerShell to create some basic statistics and find messages that should be released.

Reviewing Email Quarantined by Exchange Online Protection

Exchange Online Protection (EOP) quarantines suspicious messages to stop spam, malware, and phishing email arriving into Exchange Online inboxes. Administrators can review quarantined messages. Reviewing messages can find some problems, like messages that shouldn’t have been stopped. But reviews take time, and sometimes other stuff gets in the way, which means that quarantined messages expire without anyone ever asking the question “why.”

MailTips: Useful Guidance for Good User Email Habits

Exchange Online generates automatic MailTips to advise email creators that recipients are out of offce or the message is addressed to too many recipients. Custom MailTips for mailboxes, distribution lists, and other mail-enabled objects, including language-specific translations, give additional guidance to users as they create messages. Overall, MailTips are worth spending some time on to get right within an Office 365 tenant.

Microsoft 365 Admin Center Manages Default Authentication Policy for Exchange Online

The Microsoft 365 admin center includes the ability to manage settings for the default Exchange Online authentication policy. You might have other policies to allow selective access with basic authentication to some protocols; these policies must be managed with PowerShell. Authentication policies are part of the journey to eliminate basic authentication from Exchange Online, now expected to happen in mid-2021.

Microsoft’s Worldwide Push to Convince Office 365 users to Install Outlook Mobile

Microsoft plans to post notices in OWA to tell end users that their Office 365 licenses include Outlook Mobile. The hope is that more people will use Outlook Mobile instead of EAS or IMAP4-based clients like the default iOS mail client. Notices will appear in OWA and later Outlook desktop, but the good news is that you can disable these notices with a simple change to the tenant’s organization configuration for Exchange Online.

Backing Up Exchange Online Mailboxes to PSTs Continues to be an Awful Idea

Characterizing backup of Exchange Online mailboxes to PSTs as brain-dead might have been harsh, but it’s an accurate assessment of the worth of this idea. Plenty of cloud-based backup offerings exist that can process Exchange Online data more securely and at scale. If you want to backup Office 365, stay away from PSTs and use a different product, after asking some questions to ensure that the backups deliver the value you expect.

Exchange Online Protection Restricts Tenants from Sending Unprovisioned Email

Exchange Online Protection monitors outbound email to pick up signs of potential compromise in Office 365 tenants. This can lead to EOP restricting a tenant’s ability to send outbound email and force the administrators to check for compromised accounts or connectors and other problems before contacting Microsoft Support to ask them to lift the restriction.

When Exchange Online Protection Blocks Email Senders

Exchange Online Protection monitors email traffic in and out of Office 365 tenants. When a mailbox exceeds limits, it might end up being restricted, such as in the case when the mailbox might be compromised. We tried to find out when Exchange Online Protection restricted mailboxes and what to do afterwards. Here’s what we discovered.