The Office 365 for IT Pros eBook team covers a wide range of Exchange Online topics in the book and on our web site. Anything from setting email auto-replies to protecting email with transport rules.
Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?
Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.
Backup vendors say you should definitely use their products to protect your valuable Microsoft 365 data. Backup products can do a good job, but the nature of Microsoft 365 creates many challenges at a technical level. A lack of APIs is the most fundamental issue, but the connected nature of Microsoft 365 apps is another.
Office 365 offers different ways to apply encryption to important messages. When those messages hold sensitive data known to Office 365, like credit cards or passport numbers, we can define a transport rule or DLP policy to protect outbound email automatically. And while you can define rules and policies through the GUI, PowerShell is available too.
If you run a hybrid Exchange deployment, you probably have some on-premises distribution lists that you’d like to move to the cloud. Office 365 offers no way to do this, so it’s up to PowerShell. Instead of starting from scratch, you can use a script created by Tim McMichael of Microsoft and amend it to meet your needs. PowerShell is just great.
Microsoft has released a preview of the cmdlet set to allow tenants to create and manage protocol authentication policies for Exchange Online. It’s a great chance to disable basic authentication and reduce the attack surface for password spraying.
A recent update for Exchange Online gives extra control over who can access public folders. The change is intended to help with scalability, but it can be used to turn public folders off for any mailbox for which you care to disable access.
Microsoft issued Message Center update MC151582 to tell Exchange Online administrators about a new default value for automatic processing of events sent to room mailboxes. Unfortunately, the PowerShell code in the update contains an error, so here’s some fixed code to check existing values and to set them to the new default, if you want to do that.
Microsoft has confirmed that they will not release a free hybrid license for Exchange 2019. That’s OK, because if you want to use Exchange 2019 as the HCW host, you simply assign the server one of your licenses. After all, the server won’t simply be running hybrid connectivity, will it?
Microsoft has a new OWA user interface in targeted release. So far it all looks good even if some features are still missing, Expect to see the new UI generally available in late 2018 or early 2019.
You can now connect Office 365 accounts to LinkedIn accounts (or block the connection at a tenant level). It’s a nice way to keep tabs on your LinkedIn contacts and find out what they’re doing with a simple click in an Office 365 people card.
Exchange Online sends its mailbox audit records to the Office 365 audit log. You can search the log to discover who deleted messages from mailboxes, normally only an issue when delegates are involved.
A little known fact is that you can use graphic symbols and characters in Office 365 labels. It might bring a splash of color to your compliance and retention efforts, especially in a world where emojis are everywhere. After all, the symbols are just character codes that computers can process and Office 365 is designed to be multilingual and cope with different character sets (like the way Teams deals with Hebrew and Arabic).
Search-Mailbox is a very useful cmdlet but running the cmdlet can be very dangerous as you might end up permanently removing some data that you’d prefer to keep. And in the cloud, there’s no backups…
A new Exchange feature rolling out inside Office 365 allows meeting organizers to block people forwarding their meetings to all and sundry. The latest versions of OWA and Outlook 2016 click to run support the UI for the feature and blocks are built into Exchange Online and Exchange on-premises servers to stop blocked meetings sneaking through.
Have you ever tried to use SSDs with Exchange Server only to be told that it’s a really bad idea and that you should concentrate on JBOD. Well, Microsoft has made some changes in Exchange 2019 and will talk about them at Ignite, and you can learn about it on Wednesday, Sept 26 in-person, online, or afterwards.
Hanging on to old email habits is a bad idea, especially if you use a cloud service like Office 365 where Microsoft introduces a steady stream of new features. The worst bad habit is password sharing. It’s time to stop this now.
Office 365 tenant administrators can use different ways to access user data. Shouldn’t you have a policy to govern that access?
Microsoft has published some statements about not allowing older Office clients to connect to Office 365 from October 2020. Well, the word “allow” should really be read as “support.” Or so we hear.
Microsoft Teams support Office 365 retention policies, but how do you know if policies you create are effective in removing items from Teams? Well, as it turns out, you must go poking under the covers to validate that removals happen as planned.
Microsoft has released a new setting in the tenant Information Rights Management (IRM) configuration to control if attachments of messages encrypted with the Encrypt Only feature (in OWA and Outlook) are decrypted when downloaded. In fact, two settings are available. One for people with Azure AD accounts, and one for those without.
Microsoft thoughtfully provided Office 365 tenants with a Data Loss Prevention template for GDPR personal data. The only problem is that the rules in the template were too sensitive and started to block email.
The Office 365 MyAnalytics application is to add Skype for Business signals (and then Teams) to the set of data it processes to derive insights about the time users spend on different activities.
The Search-Mailbox cmdlet is very powerful when it comes to removing items from Exchange Online mailboxes, but it can’t deal with other Office 365 content.
A recent post by MVP Mark Vale describes how to use synchronization transformation rules in AADConnect to change the last name, first name format (for example, Smith, James) for display names to a more user-friendly first name last name format (our example becomes James Smith) for accounts as they synchronize to Azure Active Directory from an …