Exchange Online supports the ability to send email using any SMTP proxy address assigned to a mailbox. Following the announcement of the feature, users had many questions including what clients can be used. Here are some common questions and answers about the feature, including some PowerShell to report the set of proxy addresses assigned to user mailboxes.
A new phishing attack is circulating from an Office 365 tenant. The attack attempts to lure recipients into clicking a link to download a document. The phishing email is not quite as crude as other attempts and might lure users into doing the wrong thing, especially as the message is delivered to inboxes.
Exchange Online tenants can activate external email tagging, which causes Outlook clients (not desktop yet) to highlight messages received from external domains. The feature can replace custom implementations to mark external email, usually done with transport rules. It’s easy to implement and control, but the mail tip offering to block an external sender seems a little over the top.
Because it sits on top of so many Microsoft 365 components, Teams is easily the hardest Office 365 workload to backup. You can try to backup Teams by copying its compliance records stored in Exchange Online, but that’s only a partial (and bad) solution that utterly fails to take the full spectrum of Teams data into account.
Changes coming in May and June will allow organizations to make online meetings the norm when created by OWA or Outlook mobile clients. You can control the feature at the organization level and allow individual mailboxes to override the organization setting.
Microsoft has published updates for the Exchange Online management and SharePoint Online PowerShell modules. Generally it’s a good idea to install the latest version of PowerShell modules for the different Office 365 products, but beware of some gotchas that await the unwary…
Microsoft has released information about high-value Office 365 audit events and audit event retention policies. Both are part of a Microsoft 365 Advanced Audit offering. The MailItemsAccessed event is the first high-value audit event (we can expect more) and the retention policies are used to purge unneeded events from the Office 365 audit log.
Some doubt that Exchange Online will disable basic authentication for five email connection protocols in October 2020. The refrain is that it will be too hard for customers. Well, it might be hard to prepare to eliminate basic authentication, but if you don’t, your Office 365 tenant will be increasingly threatened by attacks that exploit known weaknesses.
In November, Microsoft set a 1TB limit for Exchange Online auto-expanding archive mailboxes. Now they’ve retreated and the latest service description says nothing about a limit. The two changes in the service featured little or no customer communications and a total lack of any supporting material, like administrative controls to help manage archive mailboxes approaching the limit. While a limit has gone for now, it will be back.
Nine new REST-based PowerShell cmdlets are available for Exchange Online. They offer the prospect of better performance and reliability. Here are the code samples we used to test the new cmdlets for a theater session delivered at the Microsoft Ignite 2019 conference. Anyone wanting to explore the new cmdlets can use these examples to get going.
In a surprise development, Microsoft reversed course for Exchange Online auto-expanding archives and imposed a 1TB limit. The promise of a bottomless archive that continually expanded to cope with user data is removed. Although it’s reasonable for Microsoft to restrict the consumption of resources, suddenly implementing a limit is not, especially when you don’t communicate with customers.
The ability to see the PowerShell commands executed by Exchange administrative centers has existed since Exchange 2007. Now something has changed in Exchange Online and the command log is blank. It’s sad because many administrators learned to use PowerShell by examining how Microsoft used it to manage Exchange. Let’s hope that Microsoft fixes this bug soon.
Microsoft has implemented a new synchronization mechanism in Outlook ProPlus to deal more efficiently with shared folders. The new approach increases the limit from 500 to 5,000 folders and is a more elegant and precise solution. Users who manage other peoples’ mailboxes will appreciate the change after they install build 11629.20196 or later.
Teams allows users to send email to channels via special email addresses. Those addresses aren’t very user-friendly, but you can add them as mail contacts so that channel addresses show up in the Exchange GAL. It’s easy to do and makes it much easier for people to email Teams channels. That is, until someone removes the channel email address…
You can use Exchange Address Book Policies (ABPs) to limit the ability of Teams users to chat with each other. Everything works as expected until you look for some new teams to join only to find that Teams can’t suggest any teams to you. The problem seems to be with filtering the set of teams returned by the Microsoft Graph to take account of the scope applied to the user. At least, that’s what I think is going on.
Outlook for Windows (ProPlus or click to run) now boasts settings to allow users to schedule meetings and appointments to end some minutes earlier than expected. Brian Reid is very excited by the prospect, but we’re not sure if this qualifies as one of Ståle Hansen’s famous lifehacks. In any case, ending meetings early won’t solve the problem of badly-organized or managed meetings or how people behave during meetings, but it might give you a quiet feeling of satisfaction to have a neater calendar.
Microsoft announced a new migration experience from Google G Suite yesterday, which is nice. Under the covers, the venerable Mailbox Migration Service (MRS) does the work to extract mailbox data from Gmail using IMAP4 and moves it to Exchange Online. But after the move is done, there’s still lots of work to do to help users make the cultural change to their new mailbox in the cloud.
It’s hard for a program that’s been around for 22 years to surprise, but Outlook has done it by introducing background moves. The implementation is good and it closes a gap that’s existed in Outlook for a very long time. So long that most Outlook users probably assumed that the program would never mend its ways. But then again, because people don’t move items between folders like they used to, perhaps no one cared.
Announced in January, paused in March – that’s the fate of the MailItemsAccessed audit record generated by Exchange Online for the Office 365 audit log. Microsoft found some problems that they are fixing, which is good (because you want audit data to be reliable). And when the fixes are available, the deployment of the new audit record will restart.
MailTips are a pretty useful way of drawing the attention of users to potential issues with email. Exchange Online supports several MailTips, but Outlook clients insist on supporting MailTips in different ways. It’s a small but irritating part of Exchange Online that could be done better.
Last week, we taped episode 14 of the Office 365 Exposed podcast in Building 27 of Microsoft’s HQ in Redmond. Topics covered include battling attacks on Exchange, the need to upgrade old Exchange versions, Teams announcements at Enterprise Connect, and how the base Office 365 workloads handle retention storage. We think it’s an interesting episode. Get it from iTunes now!
Phishing attacks through email happen all the time. A new relatively crude one arrived today. It’s easy for the trained eye to detect phishing, but do your Office 365 admins know how to use the tools available in Exchange Online Protection to suppress malware, and do your users know the signs of bad email? In this case, it’s an invitation to click to get to a PDF document to bring you to digitaloceanspaces.com. Some interesting things might happen afterwards, but I really don’t want to find out what occurs when I click the link.
Office 365 changes all the time, which is good because it keeps the Office 365 for IT Pros writing team busy and happy. Discussions this week included Microsoft’s response to a Dutch DPIA, the effect large Teams have on Yammer, how Exchange Online validated a fix to a security problem, and graphics to help understand the components of the Microsoft 365 E3 and E5 plans.
The January 24-25 Azure Active Directory outage demonstrated once again how important AAD is to Office 365. Microsoft’s Post Incident Report tells us what happened to deprive 1% of the users in Europe of service. That doesn’t sound a lot, but you’d be mad if you were affected.
The Search-Mailbox cmdlet is a very powerful weapon for Exchange administrators. It has some quirks, but the Invoke-Command cmdlet helps us get around one, which is how to use a different search query for each mailbox processed in a set of mailboxes.
Microsoft has released details of an Exchange Online transport rule to encrypt outbound email containing sensitive data types like credit card numbers. The rule works (after fixing the PowerShell), but needs to be reviewed and possibly adjusted to meet the needs of Office 365 tenants.
A new report commissioned by Microsoft explains how Exchange Online and the Security and Compliance Center meet the electronic records requirements of regulatory bodies like the SEC and FINRA. Within the report, there’s some news about changes to the way that Office 365 handles Teams compliance records stored in Exchange Online. And after all that, we consider how some backup vendors treat Teams compliance records as equivalent to the data stored in the Teams Azure services.
The internet makes it easy to find material to read about technical topics. Unfortunately, a lot of content is rubbish. In this post, we compare two recent technical articles and explain why we think one marketing post is good and the other isn’t up to scratch.
A change made to fix a problem in Exchange Online introduced another problem in that service domains started to show up as prefixes in the data returned by PowerShell cmdlets. Microsoft has reversed the change, but the way things happened creates some questions.
Exchange Online now captures session identifiers in its mailbox and admin audit records that are ingested in the Office 365 audit log. That’s interesting and useful, but how do you access and interpret this information on a practical level?
You can use the Send-MailMessage cmdlet in a PowerShell script to send mail messages via Exchange Online. And sometimes your IP address might be listed as a spammer, which is bad. All in all, authenticated client submission seems best.
A question asks how to remove a bunch of emails from a shared mailbox. You can use OWA to do the job, especially with its Cleanup Mailbox option, but perhaps some administrative action is needed.
Microsoft is working on tools to move email, calendar, and contacts from G Suite to Exchange Online with availability in Q2 2019. It’s hardly a surprise.
Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?
Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.
If you run a hybrid Exchange deployment, you probably have some on-premises distribution lists that you’d like to move to the cloud. Office 365 offers no way to do this, so it’s up to PowerShell. Instead of starting from scratch, you can use a script created by Tim McMichael of Microsoft and amend it to meet your needs. PowerShell is just great.
Microsoft has released a preview of the cmdlet set to allow tenants to create and manage protocol authentication policies for Exchange Online. It’s a great chance to disable basic authentication and reduce the attack surface for password spraying.
Microsoft issued Message Center update MC151582 to tell Exchange Online administrators about a new default value for automatic processing of events sent to room mailboxes. Unfortunately, the PowerShell code in the update contains an error, so here’s some fixed code to check existing values and to set them to the new default, if you want to do that.
Microsoft has confirmed that they will not release a free hybrid license for Exchange 2019. That’s OK, because if you want to use Exchange 2019 as the HCW host, you simply assign the server one of your licenses. After all, the server won’t simply be running hybrid connectivity, will it?
A little known fact is that you can use graphic symbols and characters in Office 365 labels. It might bring a splash of color to your compliance and retention efforts, especially in a world where emojis are everywhere. After all, the symbols are just character codes that computers can process and Office 365 is designed to be multilingual and cope with different character sets (like the way Teams deals with Hebrew and Arabic).