Exchange Online Mail Flow Rules Move to New EAC

Microsoft is moving the creation and management of mail flow rules to the new EAC from November. The UX in the legacy EAC should disappear in December 2022. The new UX is prettier and works better (apart from the rule wizard), but it’s a little disappointing that we have essentially the same way of managing mail flow rules in 2022 as we had in 2006. You can only hope that things might improve in the future.

Microsoft Dumps Bulk Distribution List Migration to Microsoft 365 Groups in Legacy EAC

A November 3 announcement says that Microsoft will deprecate the bulk distribution list migration feature in the legacy EAC on February 1, 2023. Although no one will probably be surprised by the news, it’s disappointing that all Microsoft can suggest is a manual conversion process for those who want to move (simple) distribution lists to Microsoft 365 groups. Is it too much to ask to have a PowerShell script to do the job?

Running Exchange Online Historical Message Traces

Exchange Online historical searches are the way to retrieve message trace information that’s older than 10 days (but less than 90 days). You might not have to run historical searches very often, but when you need to, you’ll be glad that the facility exists.

Outlook Reactions to Respond to Email

Users will soon have the option to use Outlook reactions to respond to emails received from people inside the same tenant (well, it also works with some other tenants). It’s the same kind of feature that already exists in Yammer and Teams, but whether this kind of response works with email remains to be seen. It’s a cultural thing!

Updating Microsoft 365 User Accounts to use a New Domain

A reader asked how to update user email addresses and UPNs. As it turns out, this is not a very difficult technical challenge. The problem lies in the aftermath. It’s easy to update the primary SMTP address for a mail-enabled object or assign a new user principal name to an Azure AD account. Then problems might come into view, like needing to adjust the Microsoft Authenticator app to make MFA challenges work for the new UPN.

Researchers Worry About Office 365 Message Encryption

An October 14 report says that Office 365 Message Encryption shouldn’t be used because its encryption scheme might reveal email content. Well, that might be the case if an attacker can hijack connectivity from Office 365 to another email service. But the relatively low levels of OME usage and the difficulty of acquiring enough email to understand message structure makes this a less than practical attack in the wild.

Making Sure Apps Can Run Exchange Online Management Cmdlets

This article describes how to use the Exchange.ManageAsApp permission to allow Azure AD apps to run Exchange Online PowerShell cmdlets. You can do this in the Azure AD admin center for registered apps, but when the time comes to allow Azure Automation runbooks to sign into Exchange Online with a managed identity, you must assign the permission to the automation account with PowerShell. Easy when you know how, hard when you don’t!

OWA’s Sweep Feature Uses Both Inbox and Sweep Rules

Outlook logo

The Outlook Sweep feature is available in OWA and the Outlook Monarch client. The idea is that you clean up your mailbox by ‘sweeping’ unwanted items into somewhere like the Deleted Items folder. As it turns out, the Sweep feature uses both Inbox and Sweep rules to get its work done. Overall, Sweep is a pretty useful piece of functionality.

Outlook for Windows Gets External Mail Tagging

External tagging has been available for OWA, Outlook mobile, and Outlook for Mac since 2021. Now it’s coming to Outlook for Windows. Some might wonder about why it’s taken Microsoft so long to add external tagging to the Windows client. It might be that they’re waiting for the Monarch client, but it’s more likely the difficulty of retrofitting new features into the Outlook GUI.

Exchange Online Archive Mailboxes Move Away from Purview Compliance Portal

Microsoft is moving the listing of archived mailboxes from the Purview Compliance portal to its natural home in the Exchange Admin Center. In this post, we look at how you can report the current status of archive mailboxes (both user and shared mailboxes) in a Microsoft 365 tenant.

Using Hidden Membership for Microsoft 365 Groups

Hidden membership is supported for Microsoft 365 Groups and distribution lists. Hidden membership means that no one except members and admins can see who’s in a group. It’s a useful feature if you don’t want people poking around to find out who’s in a group or distribution list. One thing to be aware of is that once a Microsoft 365 group has hidden membership, it has it forever. Distribution lists on the other hand can flip between hidden and visible membership.

Now that Basic Authentication is Turned Off in Exchange Online, What Happens Next?

Now that October 1 has arrived, Microsoft has started the process to permanently remove basic authentication from 7 email connection protocols. So what happens next? Well, for many organizations, not much. They’re the ones that have already transitioned to modern authentication. For others, some unpleasant surprises might lie ahead as people discover that stuff just doesn’t work anymore.

Exchange Online Statistics Revealed at MEC 2022

Microsoft revealed some interesting Exchange Online statistics at the MEC 2022 event. 300 K physical mailbox servers is a staggering amount, but 7.3 billion mailboxes might be even more surprising. Also at MEC we discovered more about the campaign to remove basic authentication from Exchange Online and how well Microsoft’s Greg Taylor can communicate in Irish when he presents about the deprecation of basic authentication.

Outlook Automapping and Offline Files

Outlook automapping is usually a good thing. Exchange marks a mailbox after a user receives full access permission for the mailbox. Autodiscover publishes details of the new access, and Outlook adds the mailbox to its resource list. But Some downsides exist, like the size of the OST, which mean that sometimes it’s better to add a mailbox manually to Outlook and forget about automapping.

MEC and TEC in Two Weeks

Over the next two weeks, I’ll attend and present at the Microsoft Exchange Conference and The Experts Conference (MEC and TEC). It should be fun! It’s nice to see conferences gradually returning to normal. I prefer in-person events and am looking forward to TEC in Atlanta on September 20-21. Before then, there’s the small matter of presenting two sessions at MEC 2022.

Outlook’s Strange Archive Folder

Outlook logo

Outlook boasts a useless Archive folder. At least, I can’t come up with any good reason to use the Archive folder. It only confuses people in discussions about archiving. The one good thing I discovered when I revisited the topic is that a registry key exists to stop Outlook moving items into the Archive folder with the backspace key.

More Issues with Exchange Online Mailbox Audit Events

In March 2020, I wrote about mailbox audit events for Office 365 E3 accounts not showing up in the Office 365 audit log. As far as I can tell, Exchange Online deals with new mailboxes properly now. However, there might be some mailboxes in your organization that aren’t generating the audit records you thought they are… so it’s time to check.

Detecting Exchange Online Shared Mailboxes That Need Licenses

Exchange Online shared mailboxes only need licenses if they have an archive, exceed 50 GB in size, or are on litigation hold. The rules are there, but how many tenants check their shared mailboxes to make sure that they’re in compliance. This article explains how to use PowerShell to detect shared mailboxes that need licenses.

Microsoft Reducing Recovery Time for ex-Inactive Mailboxes to 30 Days

Microsoft plans to reduce the recovery period for inactive mailboxes newly released from retention holds and policies from 183 to 30 days. The change will be implemented worldwide by the end of September. The reduction in recovery time sounds seriously but it’s really not. If you haven’t figured out that you need to recover some data from an old inactive mailbox within 30 days, the data probably isn’t needed. And anyway, if you really want to, you can keep inactive mailboxes forever.

Using the Outlook Booking with Me Feature

Outlook’s new Booking with Me feature is rolling out worldwide. Any user with an Exchange Online license can create a personal bookings page to allow other internal and external people to book meetings with them. It’s a nice idea and a good example of how Microsoft can use its software toolkit to create new solutions.

How Microsoft Bookings Uses Scheduling Mailboxes

The Microsoft Bookings app is available to many Office 365 users. The app is designed to host a shared calendar for a group of people. The calendars are in special scheduling mailboxes that are created by the Microsoft 365 substrate. Appointments in the calendar can be scheduled by people through a bookings page, which can be on the internet or confined within an organization. It’s a neat way to run an online business – if only Bookings could take in some money for all that scheduled work.

Why Microsoft’s Slowness in Delivering Outlook Roaming Signatures Affects OWA

Microsoft promises they will deliver the long-awaiting Outlook roaming signatures feature in October 2022. There are signs of progress in Outlook beta builds, but the development of the feature has caused some disruption for Microsoft 365 tenants because it broke the cmdlet that updates HTML signatures for OWA. Oh well, it will all be OK in October. At least, that’s the plan.

Connecting IMAP4 Clients to Exchange Online with OAuth 2.0

The imminent deprecation of basic authentication for 7 Exchange Online connectivity protocols mean that client updates need to be considered. If you use IMAP4, the Thunderbird client does a good job, but will other clients be able to cope? It’s a good question to ask.

Loop Components Appear in OWA

Loop components are now supported in OWA. The implementation is reasonably close to that of Teams chat, but has some essential differences due to the nature of email. The current state of Loop components mean that they are highly suited for internal communication but not for collaboration outside an organization.

Microsoft Launches IMAP4 and POP3 Application Access to Exchange Online Mailboxes

Microsoft has launched application access to Exchange Online via IMAP4 and POP3 using modern authentication. The approach Microsoft takes is reasonable and pragmatic and should be simple enough for app developers to implement. However, with an eye on the future, maybe this isn’t the best strategic choice to make. Moving to the Graph APIs will take more work, but it’s a better long-term solution.

Microsoft Introduces Control Over Delegated Access to Encrypted Email

Microsoft is introducing new controls for delegate access to encrypted emails accessed via Outlook clients other than Outlook for Windows. The controls are implemented in three new PowerShell cmdlets which can block, validate, and allow delegate access to encrypted messages. It’s nice to see some coherence being introduced for almost all the Outlook clients, even if Outlook for Windows does its own thing.

Comparing Shared and Inactive Mailboxes

Exchange Online tenants have a choice between inactive mailboxes and shared mailboxes when the need arises to keep “leaver” data like that belonging to ex-employees. Inactive mailboxes are essentially a compliance tool and sometimes shared mailboxes are better choices. We explore both in this short article.

Microsoft Reveals Audit Gap for Delegate Send Actions

On May 19, Microsoft disclosed that a problem had stopped audit events being generated when people used the Exchange SendAs and SendOnBehalfOf permissions to send email for other mailboxes. Microsoft says that the problem is now fixed, but as it turns out, some issues still exist with capturing audit records for SendAs events.

Using the Graph API to Generate Mailbox Folder Statistics

A reader asked if it’s possible to use PowerShell to return the unread count for the Inbox folder in user mailboxes. The standard Exchange Online PowerShell cmdlets tell you a lot about mailbox folder statistics, but they can’t look inside a folder. But the Microsoft Graph APIs can, so a combination of PowerShell and the Graph deliver a solution to the problem.

Basic Authentication Deprecation Can Stop Exchange Online Scripts Working

The upcoming removal of support for basic authentication in seven Exchange Online connectivity protocols could mean trouble for some Office 365 tenants if they don’t take care to ensure that modern authentication is used for PowerShell connections. The old-style Remote PowerShell connection must be replaced with the Connect-ExchangeOnline cmdlet from the Exchange Online management module (aka the V2 module). Apart from anything else, this should improve the performance and robustness of scripts, especially after Microsoft finishes the work to remove the WinRM dependency for older cmdlets.

Why PowerShell Scripts Might Need Updates After Microsoft Changes the Name Property for New Mailboxes

The Exchange Online name change for mailboxes will roll out at the end of May, 2022. The change only applies to new mailboxes, but its introduction creates some interesting challenges for PowerShell scripts that process mail-enabled objects, including some good side-effects. In this post, we discuss some of the issues we’ve already encountered.

Project Monarch “One Outlook” Build Leaks

A leaked build of Project Monarch’s “One Outlook” client created some excitement last week, but when you examine the details of the client and what it can do, it’s really just a prettier version of OWA for Exchange Online. That doesn’t mean that Microsoft hasn’t done a bunch of software engineering to prepare the ground to accelerate progress toward the final client. Microsoft has also provided a way to block people using the client, with promise of an official beta soon.

Countdown Accelerating to the Big Basic Authentication Turnoff

October 1, 2022, is when Microsoft begins the final process of removing support for basic authentication for 7 email connection protocols from Exchange Online. The process will take several months to complete, and when it’s done, Office 365 will be a safer place that attackers will find more difficult to penetrate. But it’s time for tenants to prepare, if you haven’t already done so, and we highlight some critical points from Microsoft’s most recent post on this topic.

Outlook’s Dislike for Moderated Distribution Lists

I’m not sure people use moderated distribution lists with Exchange Online all that much, but those who do might be frustrated by a client inconsistency between OWA and Outlook. OWA can expand the membership of a moderated distribution list; Outlook for Windows cannot. It’s a small point. Maybe Project Monarch will help…

Exchange Online Plans Changes to Make Mailbox Identification More Effective

Exchange Online plans to change the format of the Name and Distinguished Name mailbox properties. The idea is to make these properties unique and improve synchronization with Azure AD. It all sounds like a good idea, but these properties have been around in Exchange for a long time, and any change will surface in unexpected places – like the output of many Exchange cmdlets. Which is why Microsoft has paused the plan for further reflection.

All About the Get-MailTrafficSummaryReport Cmdlet

The Get-MailTrafficSummaryReport cmdlet gets a lot of praise in some quarters. I am not so impressed. The Exchange Online cmdlet is useful, but it’s now showing its age in a world when better data to create a view of user activity is available elsewhere, notably in the Microsoft Graph. This doesn’t mean that the cmdlet doesn’t do a good job; it’s just that it hasn’t received much love from Microsoft since 2015.

Use Message Tracing to Report Exchange Online Email Sent to External Recipients

A management request came in to report email sent by some users to external recipients. Although you might not agree that this is the right thing for any organization to do, it’s very possible by exploiting the message trace information retained by Exchange Online for 90 days. As a bonus, we email the report generated from message tracing data to the requesting manager. Isn’t PowerShell just wonderful?

How to Find Unused Exchange Online Mailboxes

Finding and removing unused Exchange Online mailboxes used to be a good way to keep Office 365 licenses costs under control. Given the widespread use of Exchange Online as part of bundles like Office 365 and the effect of Teams on email for internal communication, looking for unused mailboxes might not be so important now. In any case, the techniques of looking for evidence of mailbox under-use are interesting and useful for tenant administrators to understand, which is why we have this article!

Microsoft Gives Tenants Opt-Out for Exchange Online Plus Addressing

Microsoft intends to make the Exchange Online plus addressing feature available by default to all Microsoft 365 tenants after April 17, 2022. If you don’t want this to happen, you need to update the Exchange Online organization configuration to update the DisablePlusAddressInRecipients setting to True. After the opt-out 30-day period finishes, Microsoft will proceed with the deployment, so don’t say you weren’t warned!

Why It’s Difficult to Transfer Membership Rules from Exchange Online to Azure AD

It seems like it should be possible to transfer a membership rule from an Exchange dynamic distribution list to a dynamic Microsoft 365 group/team, but it’s not. Different directories, schemas, properties. and syntax conspire to stop easy conversion. It’s a pity, but that’s the way life and technology sometimes go…