Reporting Exchange Online Folder Permissions

In addition to mailbox permissions, Exchange Online supports folder-level delegated permissions. Users can create folder delegations through Outlook desktop. Like mailbox permissions, it’s a good idea for tenants to check folder-level delegations to ensure that people don’t keep permissions for longer than they should. We explain how to create a PowerShell script to generate such a report.

How to Create a Report About Exchange Online Mailbox Permissions

Exchange Online makes it easy to assign delegated permissions for user and shared mailboxes. But permissions assigned to people might not be still necessary, so it’s good to do a periodic check. In this post, we describe a script to scan for permissions on Exchange Online user and shared mailboxes and highlight non-standard permissions in a report generated as a CSV file.

Why Default Mailbox Auditing for Exchange Online Isn’t Quite as Good as It Seems

Exchange Online enables mailbox auditing by default, which should mean that audit events get to the Office 365 audit log for all E3 and E5 mailboxes. Well, that’s what you might thing but that’s not what happens. Mailbox events for E5 mailboxes arrive just fine, but you must reenable E3 mailboxes for auditing before their events flow. It’s a bizarre situation.

How to Report MailItemsAccessed Audit Events

Microsoft has released information about high-value Office 365 audit events and audit event retention policies. Both are part of a Microsoft 365 Advanced Audit offering. The MailItemsAccessed event is the first high-value audit event (we can expect more) and the retention policies are used to purge unneeded events from the Office 365 audit log.

Why Basic Authentication for Exchange Online is So Bad

Some doubt that Exchange Online will disable basic authentication for five email connection protocols in October 2020. The refrain is that it will be too hard for customers. Well, it might be hard to prepare to eliminate basic authentication, but if you don’t, your Office 365 tenant will be increasingly threatened by attacks that exploit known weaknesses.

Add Your Personal Calendar to OWA

You can now add your personal Outlook.com or Gmail calendars to your work OWA calendar. The integration allows for only one personal calendar, and OWA synchronizes events from the personal calendar to make sure that people don’t schedule work events when you have personal commitments. TeamSnap calendars are also supported (real-only), but this feature is likely to not be used outside the U.S.

Time Running Out for Exchange Online Basic Authentication

Microsoft plans to disable basic authentication for five Exchange Online connection protocols on October 13, 2020. They’ve been clear on this point for several months and are now moving to deliver tools and provide guidance about what people should do about clients that use basic auth connections with Exchange Web Services, Exchange ActiveSync, IMAP4, POP3, and Remote PowerShell. Work is needed to make sure that clients are prepared for the switchover to modern authentication.

Microsoft Updates Exchange Online Management PowerShell Module

A new version of the Exchange Online management PowerShell module is available. The update includes a number of bug fixes (including some security upgrades) and new features. You should upgrade to the new version as soon as possible and keep an eye out for more changes in the future.

Outlook Mobile Delegate Access for Exchange Online Mailboxes

Outlook Mobile now supports delegate access to Exchange Online mailboxes. By granting fuil access to a delegate, they can open and work with a mailbox, and send messages using the SendAS or SendOnBehalfOf permissions. The new feature underscores the advantage Outlook mobile enjoys over other mobile Office 365 email clients.

How to Update OWA Signatures with PowerShell

OWA stores user signatures in mailboxes, which makes it a lot easier for Office 365 admins to update signatures centrally with just a few lines of PowerShell and some HTML magic. OK, maybe more than a few lines… but it’s a lot less complicated than it is to mess around with the system registry and points the way to how Microsoft might introduce cloud signatures for all Outlook clients.

How to Add a Disclaimer to Calendar Meeting Requests for Outlook and Teams

Exchange transport rules are a powerful way to apply different conditions to messages as they pass through the transport service. In this case, we add a disclaimer to calendar meeting requests with a pretty simple rule that works on the basis that it detects a special x-header in meeting requests and applies the disclaimer when the x-header exists.

Adding the Same Mailbox to Multiple Distribution Lists

A question asked what the best way is to add a mailbox to multiple distribution lists. The admin UIs do the job for a few lists, but PowerShell is the way to go when you have lots of lists to process. Two approaches are discussed here: one uses an array as the input, the other uses a CSV file.

New OWA Files View Makes Attachments More Accessible

OWA now includes Files in its “module switcher”). The new module allows fast access to attachments stored in any folder in an Exchange Online mailbox. It’s a neat feature that will please many people simply because it makes finding often-elusive attachments just that bit easier.

New OWA Becomes Default for Mobile Browsers

Not many Office 365 users choose OWA as their mobile client, but those who do will soon be forced to use the new OWA because Microsoft is removing the toggle to allow people to switch between the old and new versions in February, just like they did for workstation versions last July. The new OWA is a fine client, but its usefulness on mobile browsers is not as good as the functionality offered in Mobile Outlook, which continues to be our choice as the best mobile Office 365 email client.

Setting Custom Recipient Limits for Exchange Online Mailboxes

Exchange Online now supports a custom recipient limit for mailboxes of between 1 and 1000. The limit controls the maximum number of recipients a mailbox can add to a message. Think of the fun you could have by setting the recipient limit on manager mailboxes to something small, like 6….

Microsoft Retreats From 1TB Limit for Auto-Expanding Archives – For Now

In November, Microsoft set a 1TB limit for Exchange Online auto-expanding archive mailboxes. Now they’ve retreated and the latest service description says nothing about a limit. The two changes in the service featured little or no customer communications and a total lack of any supporting material, like administrative controls to help manage archive mailboxes approaching the limit. While a limit has gone for now, it will be back.

Microsoft Removing Legacy Office 365 eDiscovery Tools

Microsoft announced the retirement of legacy eDiscovery tools from Office 365. The Exchange Online in-place holds and eDiscovery tool, Office 365 Advanced eDiscovery 1, and the Search-Mailbox cmdlet are being retired. All will be gone by mid-2020. It’s a pity to see the Search-Mailbox cmdlet being removed, but time and progress make this kind of thing inevitable.

Office 365 Message Encryption (OME) Making Protected Email Better

Microsoft is releasing some updates to Office 365 Message Encryption (OME) in January. The detail in the announcement wasn’t great, so we plunged in to find out what’s happening. THe bottom line is that OME will use tenant domains to send email so that anti-spam filters will consider the messages to be authentic.

Blocking Outbound Messages Stamped with Microsoft 365 Sensitivity Labels

Exchange Online transport rules can block outbound email stamped with selected Office 365 Sensitivity Labels to make sure that confidential material doesn’t leave organizations. The transport rule is very easy to construct with the only complication being the need to discover the GUID of the sensitivity label you want to block. Fortunately, PowerShell gives us an easy way to find a label’s GUID.

Outlook for iOS Can Finally Snooze, But Some Interesting Features Remain Unavailable Outside the U.S.

Outlook for iOS finally supports the Do Not Disturb feature to suppress notifications for new email, something that Outlook for Android has been able to do for 18 months. iOS and Android are obviously different ecosystems, so the delay might have been caused by problems dealing with the Apple notification service. In any case, you can now snooze some or all of your email accounts. In other news, some of the more interesting features available to U.S. email accounts are still not available outside the reach of Cortana.

How to Use PowerShell to Send a Welcome Message to New Office 365 Users

Multiple PowerShell modules are available to Office 365 administrators to automate common processes. In this case, we want to send a welcome message to new accounts. Three PowerShell modules are available, but what’s the best in terms of performance and ease of use? There’s only one answer and that’s Exchange Online.

Using the Immersive Reader in Teams and OWA

The Microsoft Immersive Reader exists to make messages more readable for those who need a little help. It’s built into Office apps like Teams and OWA. Most people don’t know this or don’t need to use the reader, but those who do need support to access and understand text will find the Immersive Reader very helpful.

OWA Supports Automatic Labeling for Microsoft 365 Sensitivity Labels

OWA now supports the automatic labeling of outbound messages with Office 365 Sensitivity Labels. The new feature uses Office 365 sensitive data types to detect content in messages that should be protected, and once detected, the message is stamped with a label before it passes through the Exchange Online transport service.

Use ORCA to Check Office 365 Advanced Threat Protection Settings

ORCA is a project to help Office 365 tenant administrators validate their anti-spam and anti-malware settings against recommendations from Microsoft. ORCA is installed as a PowerShell module with just one cmdlet. After running Get-ORCAReport, you’ll have a report containing recommendations and observations about your configuration.

Testing the New Exchange Online REST-based PowerShell Cmdlets

Nine new REST-based PowerShell cmdlets are available for Exchange Online. They offer the prospect of better performance and reliability. Here are the code samples we used to test the new cmdlets for a theater session delivered at the Microsoft Ignite 2019 conference. Anyone wanting to explore the new cmdlets can use these examples to get going.

Office 365 Groups to Support Sensitivity Labels

At the Ignite 2019 conference in Orlando, Microsoft announced that Office 365 Groups will soon support sensitivity labels, but only to mark group containers with levels of sensitivity. The actual content of the containers, like the messages in Outlook Groups or Teams, will remain unaffected by the labels. For now.

Microsoft Clamps Down on Auto-Expanding Archive Mailboxes

In a surprise development, Microsoft reversed course for Exchange Online auto-expanding archives and imposed a 1TB limit. The promise of a bottomless archive that continually expanded to cope with user data is removed. Although it’s reasonable for Microsoft to restrict the consumption of resources, suddenly implementing a limit is not, especially when you don’t communicate with customers.

OWA Embraces Office 365 Sensitivity Labels

OWA now supports Office 365 Sensitivity Labels, which means that users can apply labels to mark and/or protect messages with encryption just like they can with Outlook. The update adds to the ways that sensitivity labels can be applied to Office 365 content, with the next step being to achieve the same support for the other online Office apps.

How to Report Exchange Online Mailbox Quota Usage Over a Set Threshold

Some Exchange Online mailboxes are quite small (2 GB for frontline users). Tenant administrators might want to monitor mailbox usage to make sure that quotas aren’t unexpectedly exhausted. This post explains how to use a PowerShell script to calculate the percentage of mailbox quota used and highlight the problem if a threshold is passed.

Safe Links and Safe URLs Delay Email Delivery For the Right Reasons

The Office 365 E5 plan includes Advanced Threat Protection (ATP), which builds on the anti-malware capabilities of Exchange Online Protection. ATP the includes Safe Attachments and Safe Links features, both of which can delay email delivery. I don’t notice the delay but others do. In any case, the more protection you have against malware, the better.

Basic Authentication Dead for Exchange Online Connections

Microsoft has announced that basic authentication for multiple email connection protocols won’t be supported after October 13, 2020. You won’t be able to connect with EWS, EAS, IMAP4, POP3, or Remote PowerShell unless you use modern authentication. There’s just over a year to prepare, but there’s some work to be done.

Why Office 365 Users Receive MyAnalytics Messages and How to Stop the Messages

Microsoft is now rolling out MyAnalytics access to Office 365 accounts with an Exchange Online license.The first sign that anyone gets is when they receive one of MyAnalytics’s well-intended messages to help them organize their work life smarter. Funnily enough, some people don’t like the idea of Office 365 analyzing and reporting their work habits, which is why you might need to disable MyAnalytics for some mailboxes.

Disconnected Mailbox Content Not Available for Office 365 Content Searches

Microsoft has confirmed that disconnected Exchange Online mailboxes are not included in the sources scanned by Office 365 content searches, thus clearing up some misunderstandings that might have existed in the field. The bottom line is that if you want to search mailboxes that don’t belong to accounts, you should use inactive mailboxes.

How to Stop Users Adding Personal Retention Tags to Exchange Online Mailboxes

Exchange Online allows users to add personal retention tags to their maiboxes through OWA settings. Some organizations don’t like this, so they can deploy user role assignment policies to block the feature. It;s something that you could consider doing if you’re preparing to switchover to Office 365 retention policies to impose the same retention regime across multiple workloads.

How Microsoft Deploys New Outlook Mobile Features

Deploying new features to a massive 100-million plus user community takes a lot of planning and careful management. Outlook Mobile caters for both consumer and commercial users, and different methods are used to deliver new features to the two groups. Sometimes this means that different users in the same tenant can’t access a new feature even if they have the right software.

Shared Mailbox and Dark Mode Support in Outlook Mobile

Outlook mobile users now have shared mailbox support in both iOS and Android platforms. The work to upgrade the backend service is also progressing and is past 50% rollout. And dark mode is coming too. It’s available in beta today to Testflight users (only for iOS), and it’s also been enabled for some users who run the latest version of the clients.

Populating Location Data for the Outlook Places Service

The Outlook Places service is used by Outlook clients to present metadata about meeting locations to users. Currently, OWA is the only client that consumes the service. You can update location metadata with details to make it easier for users to select the right location for their meeting, including geocoordinates that can be used to display map directions to the location.

How to Configure and Use Outlook People Favorites

Outlook people favorites give Exchange Online users fast access to their most important email correspondents. OWA has the best implementation but the feature is also available in Outlook mobile. As usual, Outlook desktop lags. It’s a small feature that could turn out to be very important to some users. Office 365 is full of such examples.