For compliance purposes, the Microsoft 365 substrate captures copies of Teams messages in Exchange Online mailboxes. The compliance records are indexed and discoverable, which means that they can be found by content searches. However, Teams compliance records are imperfect copies of the real data, which is a fact that seems to have escaped many people.
Outlook for Windows is soon to support roaming signatures, but only the click-to-run version when connected to an Exchange Online mailbox. Still, it’s progress, and it will make the task of using the same signature on different PCs much easier. Good-looking signatures must still be generated for corporate branding purposes, so the ISVs selling email signature products don’t need to fret.
Microsoft has published updates for the Exchange Online management and SharePoint Online PowerShell modules. Generally it’s a good idea to install the latest version of PowerShell modules for the different Office 365 products, but beware of some gotchas that await the unwary…
If an Office 365 tenant goes to the bother of creating nice OWA autosignatures for users, shouldn’t we also removed the ability to edit the signatures in OWA settings? RBAC seems like the right way to do the job, but in this case, the way RBAC restricts options by removing the right to run cmdlets or parameters means that the block affects other OWA settings. Fortunately, the Exchange developers thought of this and provide an option in OWA mailbox policies to save the day.
The SendAs audit event is logged when someone uses the send as permission to send a message from an Exchange Online mailbox. The events are stored in the Office 365 audit log and can be found there with an audit log search. However, things aren’t as straightforward as they are on-premises because some other types of delegated messages turn up in searches. Fortunately, we have a script to help.
Covid-19 dealt a blow to Microsoft’s plans to remove basic authentication from 5 connection protocols for Exchange Online and forced them to postpone the removal from October 13, 2020 to sometime in the second quarter of 2021. The news is disappointing because basic authentication is a weakness exploited by many hackers. But you can’t plan for a pandemic and Office 365 tenants need more time to be ready for the deprecation.
Exchange Online mailboxes support SendAs, Send on Behalf Of, and FullAccess permissions. A previous script focused on the FullAccess permission. This version covers all three. It’s also a good example of how you need to pay attention to property sets when writing PowerShell code to use the new Exchange Online REST-based cmdlets.
In addition to mailbox permissions, Exchange Online supports folder-level delegated permissions. Users can create folder delegations through Outlook desktop. Like mailbox permissions, it’s a good idea for tenants to check folder-level delegations to ensure that people don’t keep permissions for longer than they should. We explain how to create a PowerShell script to generate such a report.
Exchange Online makes it easy to assign delegated permissions for user and shared mailboxes. But permissions assigned to people might not be still necessary, so it’s good to do a periodic check. In this post, we describe a script to scan for permissions on Exchange Online user and shared mailboxes and highlight non-standard permissions in a report generated as a CSV file.
Exchange Online enables mailbox auditing by default, which should mean that audit events get to the Office 365 audit log for all E3 and E5 mailboxes. Well, that’s what you might thing but that’s not what happens. Mailbox events for E5 mailboxes arrive just fine, but you must reenable E3 mailboxes for auditing before their events flow. It’s a bizarre situation.
Microsoft has released information about high-value Office 365 audit events and audit event retention policies. Both are part of a Microsoft 365 Advanced Audit offering. The MailItemsAccessed event is the first high-value audit event (we can expect more) and the retention policies are used to purge unneeded events from the Office 365 audit log.
Some doubt that Exchange Online will disable basic authentication for five email connection protocols in October 2020. The refrain is that it will be too hard for customers. Well, it might be hard to prepare to eliminate basic authentication, but if you don’t, your Office 365 tenant will be increasingly threatened by attacks that exploit known weaknesses.
Microsoft has revealed that Outlook for iOS is getting a new rich text editor to brighten and embellish email messages. The new editor is in build 4.27.0, but there’s no news if Outlook for Android will get the same editor.
You can now add your personal Outlook.com or Gmail calendars to your work OWA calendar. The integration allows for only one personal calendar, and OWA synchronizes events from the personal calendar to make sure that people don’t schedule work events when you have personal commitments. TeamSnap calendars are also supported (real-only), but this feature is likely to not be used outside the U.S.
Microsoft plans to disable basic authentication for five Exchange Online connection protocols on October 13, 2020. They’ve been clear on this point for several months and are now moving to deliver tools and provide guidance about what people should do about clients that use basic auth connections with Exchange Web Services, Exchange ActiveSync, IMAP4, POP3, and Remote PowerShell. Work is needed to make sure that clients are prepared for the switchover to modern authentication.
A new version of the Exchange Online management PowerShell module is available. The update includes a number of bug fixes (including some security upgrades) and new features. You should upgrade to the new version as soon as possible and keep an eye out for more changes in the future.
Outlook Mobile now supports delegate access to Exchange Online mailboxes. By granting fuil access to a delegate, they can open and work with a mailbox, and send messages using the SendAS or SendOnBehalfOf permissions. The new feature underscores the advantage Outlook mobile enjoys over other mobile Office 365 email clients.
OWA stores user signatures in mailboxes, which makes it a lot easier for Office 365 admins to update signatures centrally with just a few lines of PowerShell and some HTML magic. OK, maybe more than a few lines… but it’s a lot less complicated than it is to mess around with the system registry and points the way to how Microsoft might introduce cloud signatures for all Outlook clients.
Exchange Online reads inbound email to know when messages contain events that should end up in user calendars. OWA is the only client that exposes the settings to control what events are processed, but all clients can display the events Exchange creates. Some new cmdlets are available to support controlling the settings centrally.
Exchange transport rules are a powerful way to apply different conditions to messages as they pass through the transport service. In this case, we add a disclaimer to calendar meeting requests with a pretty simple rule that works on the basis that it detects a special x-header in meeting requests and applies the disclaimer when the x-header exists.
A question asked what the best way is to add a mailbox to multiple distribution lists. The admin UIs do the job for a few lists, but PowerShell is the way to go when you have lots of lists to process. Two approaches are discussed here: one uses an array as the input, the other uses a CSV file.
OWA now includes Files in its “module switcher”). The new module allows fast access to attachments stored in any folder in an Exchange Online mailbox. It’s a neat feature that will please many people simply because it makes finding often-elusive attachments just that bit easier.
Not many Office 365 users choose OWA as their mobile client, but those who do will soon be forced to use the new OWA because Microsoft is removing the toggle to allow people to switch between the old and new versions in February, just like they did for workstation versions last July. The new OWA is a fine client, but its usefulness on mobile browsers is not as good as the functionality offered in Mobile Outlook, which continues to be our choice as the best mobile Office 365 email client.
Exchange Online now supports a custom recipient limit for mailboxes of between 1 and 1000. The limit controls the maximum number of recipients a mailbox can add to a message. Think of the fun you could have by setting the recipient limit on manager mailboxes to something small, like 6….
In November, Microsoft set a 1TB limit for Exchange Online auto-expanding archive mailboxes. Now they’ve retreated and the latest service description says nothing about a limit. The two changes in the service featured little or no customer communications and a total lack of any supporting material, like administrative controls to help manage archive mailboxes approaching the limit. While a limit has gone for now, it will be back.
Microsoft announced the retirement of legacy eDiscovery tools from Office 365. The Exchange Online in-place holds and eDiscovery tool, Office 365 Advanced eDiscovery 1, and the Search-Mailbox cmdlet are being retired. All will be gone by mid-2020. It’s a pity to see the Search-Mailbox cmdlet being removed, but time and progress make this kind of thing inevitable.
Microsoft is releasing some updates to Office 365 Message Encryption (OME) in January. The detail in the announcement wasn’t great, so we plunged in to find out what’s happening. THe bottom line is that OME will use tenant domains to send email so that anti-spam filters will consider the messages to be authentic.
Exchange Online transport rules can block outbound email stamped with selected Office 365 Sensitivity Labels to make sure that confidential material doesn’t leave organizations. The transport rule is very easy to construct with the only complication being the need to discover the GUID of the sensitivity label you want to block. Fortunately, PowerShell gives us an easy way to find a label’s GUID.
Outlook for iOS finally supports the Do Not Disturb feature to suppress notifications for new email, something that Outlook for Android has been able to do for 18 months. iOS and Android are obviously different ecosystems, so the delay might have been caused by problems dealing with the Apple notification service. In any case, you can now snooze some or all of your email accounts. In other news, some of the more interesting features available to U.S. email accounts are still not available outside the reach of Cortana.
Multiple PowerShell modules are available to Office 365 administrators to automate common processes. In this case, we want to send a welcome message to new accounts. Three PowerShell modules are available, but what’s the best in terms of performance and ease of use? There’s only one answer and that’s Exchange Online.
The Microsoft Immersive Reader exists to make messages more readable for those who need a little help. It’s built into Office apps like Teams and OWA. Most people don’t know this or don’t need to use the reader, but those who do need support to access and understand text will find the Immersive Reader very helpful.
ORCA is a project to help Office 365 tenant administrators validate their anti-spam and anti-malware settings against recommendations from Microsoft. ORCA is installed as a PowerShell module with just one cmdlet. After running Get-ORCAReport, you’ll have a report containing recommendations and observations about your configuration.
Nine new REST-based PowerShell cmdlets are available for Exchange Online. They offer the prospect of better performance and reliability. Here are the code samples we used to test the new cmdlets for a theater session delivered at the Microsoft Ignite 2019 conference. Anyone wanting to explore the new cmdlets can use these examples to get going.
At the Ignite 2019 conference in Orlando, Microsoft announced that Office 365 Groups will soon support sensitivity labels, but only to mark group containers with levels of sensitivity. The actual content of the containers, like the messages in Outlook Groups or Teams, will remain unaffected by the labels. For now.
In a surprise development, Microsoft reversed course for Exchange Online auto-expanding archives and imposed a 1TB limit. The promise of a bottomless archive that continually expanded to cope with user data is removed. Although it’s reasonable for Microsoft to restrict the consumption of resources, suddenly implementing a limit is not, especially when you don’t communicate with customers.
OWA now supports Office 365 Sensitivity Labels, which means that users can apply labels to mark and/or protect messages with encryption just like they can with Outlook. The update adds to the ways that sensitivity labels can be applied to Office 365 content, with the next step being to achieve the same support for the other online Office apps.
Some Exchange Online mailboxes are quite small (2 GB for frontline users). Tenant administrators might want to monitor mailbox usage to make sure that quotas aren’t unexpectedly exhausted. This post explains how to use a PowerShell script to calculate the percentage of mailbox quota used and highlight the problem if a threshold is passed.
The Office 365 E5 plan includes Advanced Threat Protection (ATP), which builds on the anti-malware capabilities of Exchange Online Protection. ATP the includes Safe Attachments and Safe Links features, both of which can delay email delivery. I don’t notice the delay but others do. In any case, the more protection you have against malware, the better.
Microsoft has announced that basic authentication for multiple email connection protocols won’t be supported after October 13, 2020. You won’t be able to connect with EWS, EAS, IMAP4, POP3, or Remote PowerShell unless you use modern authentication. There’s just over a year to prepare, but there’s some work to be done.
Microsoft is now rolling out MyAnalytics access to Office 365 accounts with an Exchange Online license.The first sign that anyone gets is when they receive one of MyAnalytics’s well-intended messages to help them organize their work life smarter. Funnily enough, some people don’t like the idea of Office 365 analyzing and reporting their work habits, which is why you might need to disable MyAnalytics for some mailboxes.