Category: Exchange Page 1 of 6

Microsoft Updates Guidance for Customers Running Outdated Exchange Server Cumulative Updates and .NET Framework Versions


Microsoft’s servicing model for Exchange 2013 and 2016, and presumably for all future versions of Exchange Server, involves quarterly releases known as cumulative updates (CUs).

Each CU release is supported for three months after the release of the next CU. …

An Update on Office 365 Requiring TLS 1.2

Hello Exchange Server followers! In December 2017 it was announced Office 365 planned to discontinue support for TLS 1.0 and TLS 1.1 connections on March 1st, 2018, and after that time only TLS 1.2 connections would be allowed …

Windows 10 and Office 2019 Announcements Highlight the Importance of Managing Updates

The last major releases of Windows and Office were Windows 10 and Office 2016, both released in 2015. In the years since then, both platforms have undergone rapid development, and seen a lot of changes made. Microsoft have changed how …

Demystifying Hybrid Free/Busy: what are the moving parts?

Hybrid Free/Busy is one of those things that many people do not fully understand. If everything works well, the complexity is hidden from view and people working in various parts of organization can seamlessly work together. But if things go …

Admin Annoyances with Exchange Online Protection

The process of writing a book or a training course forces you to spend a lot of time with the subject that you’re writing about. For my upcoming course on Office 365 security, I’ve been spending a lot of time …

Now your enterprise mobility management solution can be used to simply set up and configure Outlook for iOS and Android for Exchange on-premises

Today, we are announcing the availability of new functionality in Outlook for iOS and Android that simplifies the Exchange onpremises email account set up with Microsoft Intune and other enterprise mobility management (EMM) solutions 

Now

Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2

Overview

As the realm of security in technology continues to evolve over time, every so often we say hello to newer and more competent versions of technologies while saying goodbye to their older siblings.

By the time you are reading …

Exchange Log Collector Script

A while ago I created the “CollectLogsScript” (see my old A better way to collect logs from your Exchange servers blog post) which I have since rebranded to “ExchangeLogCollector”. Seeing that this has proven popular, I have continued to make …

Restoring the Default Malware Filter Policy in Exchange Online Protection

I stumbled across this little quirk while I was preparing some content for my upcoming Office 365 security course. In my demo tenant I wanted to reset the default malware filter policy in Exchange Online Protection to its original …

Microsoft’s Spectre/Meltdown Guidance for Exchange Server and Office 365 Customers

Spectre and Meltdown are attacks against previously undisclosed vulnerabilities in modern processors (CPUs). The names “Spectre” and “Meltdown” were chosen because they exploit vulnerabilities in “speculative execution” (a technique that allows processors to work really fast) and “melt security boundaries”.…

Permanently Clear Previous Mailbox Info

We are introducing a new parameter that can be called by using the Set-User cmdlet in Exchange Online PowerShell. The feature is focused for customers doing migration of on-premises mailboxes to the cloud and you will be able to use …

Renewing an Apple Device Enrolment Certificate for Intune

In order for Intune to manage iOS and Mac devices, an MDM push certificate is required. The certificate must be installed in your organization’s Intune before your users can enrol devices. Like all certificates, the MDM push certificate that Apple …

Exchange Server guidance to protect against speculative execution side-channel vulnerabilities

We wanted to make you aware that we have now published a KB article on this subject, KB4074871. Please read it here:

Exchange Server guidance to protect against speculative execution side-channel vulnerabilities

The Exchange Team

Exchange Team

The case of Reply Log Manager not letting lagged copy lag

In a previous blog post Ross Smith IV had explained what the Replay Lag Manager is and what it does. It’s a great feature that’s somewhat underappreciated. We’ve seen a few support cases that seemed to have been opened out …

EAI support announcement

Out of 7.6 billion people in the world, only 360 million are native English speakers.

Although email has been the earliest and most widely-adopted platform for modern electronic communication, email addresses have only supported a limited subset of Latin characters …

The many ways to block automatic email forwarding in Exchange Online

In support, I get this question quite frequently: “How do I block users from auto forwarding their mail outside my environment?” There are plenty of good reasons you may not want auto forwarding: you may have HIPAA laws to follow, …

2017 Year in Review for Practical 365

I like to do a little end of year review here to reflect on how things have gone throughout the year, and consider what the future will bring.

2017 has certainly been a busy year for me outside of this …

December 2017 Updates Released for Exchange Server

Microsoft has announced the latest quarterly updated for Exchange Server 2016 and 2013, as well as an update rollup for Exchange 2010.

Released: December 2017 Quarterly Exchange Updates

The December quarterly release updates for Exchange Server are now available on the download center (links below). In addition to the planned cumulative updates for Exchange Server 2013 and 2016, we have published an update rollup for Exchange Server 2010. …

Microsoft Releases Advisory for Azure AD Connect Service Account Security Risk

Microsoft has issued a security advisory to Office 365 customers via the Message Center. The advisory lets customers know about a recently disclosed issue with the security restrictions on the service account in Active Directory that Azure AD Connect creates …

PowerShell Scripts for Office 365

As Office 365 admins we have the opportunity to use PowerShell for a wide variety of administration tasks. PowerShell scripts make it possible to automate complex and routine tasks, which saves time and reduces operator error.

You can find a …

Announcing Hybrid Modern Authentication for Exchange On-Premises

We’re very happy to announce support for Hybrid Modern Authentication (HMA) with the next set of cumulative updates (CU) for Exchange 2013 and Exchange 2016, that’s CU8 for Exchange Server 2016, and CU19 for Exchange Server 2013.

What is HMA?

The Curious Case of the Quarantined Azure AD Identity Protection Weekly Digests

Exchange Online Protection (EOP) is often criticized for it’s effectiveness and accuracy. I have no doubt that some customers are finding EOP’s performance to be disappointing. But I also think that EOP, like any other email security service, will not …

PAW your way into Office 365 Migrations

We have had lots of questions regarding what PAW is when it comes to MRS Migrations, so let’s take a few minutes to explain PAW benefits to you. First off, what is this PAW we keep speaking of? PAW, or …

Unable to Turn Off User Overrides in Office 365 DLP Policies

During some recent testing of Office 365 DLP policies I encountered what I suspect is a bug in the Security & Compliance Center.

After creating a new DLP policy from a template, I could not disable the User overrides settings …

Getting Comfortable with Data Loss Prevention Policies in Office 365

In this post I’m going to discuss data loss prevention (DLP) in Office 365, which I feel is an under-utilized feature by a lot of organizations. I’ve been meaning to write this post for some time now, and a conversation …

OneDrive for Business Group Policy Template has Changed

Recently I published a blog post demonstrating how to roll out OneDrive for Business to replace user home drives on a traditional file server.

At the time I wrote that blog post the OneDrive for Business Group Policy template required …

Understanding modern public folder quotas

As a part of our ‘demystifying modern public folders’ series we have so far discussed the modern public folder deployment best practices and available logging for monitoring public folder connections. In this blog post, we are going to discuss …

MeetEasier Helps Your Users Find Available Meeting Rooms

A long-standing complaint of end users is that it’s difficult to use Outlook to find an available meeting room on short notice. When you have plenty of time on your hands, you can patiently look for the right room at …

First Steps: Configuring Exchange Online Protection

Every Office 365 tenant with Exchange Online mailboxes has Exchange Online Protection (EOP), the cloud-based email anti-spam and anti-malware service. All inbound and outbound mail for Exchange Online mailboxes travels through EOP and is scanned for spam and malicious content, …

New Office 365 App Launcher Experience Rolling Out to First Release

Microsoft is rolling out the new Office 365 app launcher experience to First Release tenants starting today.

This change was first announced in September in Message Center to give First Release customers time to prepare for the change.

In a …

Office 365 Groups vs. Shared Mailboxes

I was recently asked for my thoughts on using Office 365 Groups instead of shared mailboxes. Groups in Office 365 have many of the features that Exchange Online shared mailboxes do.

  • Multiple users can access a Group mailbox, just as

PowerShell: Listing Azure AD/Office 365 User Accounts with Directory Sync Status

User accounts for Office 365 are stored in Azure Active Directory. The accounts will either be cloud identities, or synced identities. Cloud identities are accounts that exist only in Office 365/Azure AD, whereas synced identities are those that exist in …

Microsoft Recommending Non-Expiring Passwords to Office 365 Customers

My Office 365 admin portal displayed a new recommendation when I logged in last week. Microsoft is recommending that user account passwords be set to never expire. My tenant is currently set to an expiry period of 90 days, whereas …

Why is my Address Rewriting not working as expected?

Address Rewriting is a feature of the Transport Agent that runs on the Edge Server role. It enables the modification of addresses for both senders and recipients on messages that enter and leave your Exchange organization. First introduced in Exchange …

Important Change to Intune Device Compliance Policies is Coming in November

Microsoft has posted to Message Center to flag an important change to how compliance policies are handled in Intune. This change will roll out in November and could impact any customer that has enrolled devices that have no compliance policy …

Microsoft To-Do Reaches General Availability

Microsoft To-Do, the personal task management app that integrates with Outlook tasks, has reached general availability. To-Do is a free application included in Office 365 and is accessible via a web app and mobile apps for iOS and Android.

It’s …

New Pluralsight Course – Office 365 Administration Playbook

I’m pleased to announce that my latest Pluralsight course, Office 365 Administration Playbook, is now available to watch.

For companies that are just beginning their Office 365 journey there’s a whole new set of tools and processes that IT …

What to Expect from Multi-Geo for Office 365

At the recent Ignite conference Microsoft publicly unveiled their plans to allow Office 365 customers to place their data in specific geographic regions. They’re calling this capability “multi-geo”, and it will support Exchange Online, OneDrive, and SharePoint Online.

Microsoft has …

September 2017 Updates Released for Exchange Server

Catching up on some news from last month, Microsoft has announced the latest quarterly updated for Exchange Server 2016 and 2013.

Taking the Edge Out of Hybrid Configurations

At the recent Microsoft Ignite conference my friend and fellow MVP Michael Van Horenbeeck delivered a short presentation titled Edge Transport servers and Hybrid: Why, or why not?

You can check out the slide deck here, but to summarize …

The Price of Office 365 Groups

There were a lot of sessions about Office 365 Groups at last month’s Ignite conference. New features were demoed, tips were shared, roadmaps were revealed.

Amongst all of it there is one slide that really stood out for me.

To …

The Importance of Updating the Exchange Online Remote PowerShell Module

A recent episode of the popular Risky Business infosec podcast titled “Good Microsoft, Bad Microsoft” discusses a security vulnerability in a PowerShell tool used to manage Exchange Online. I have listened to the podcast twice (once the first time, and …

Looking back at Microsoft Ignite 2017

Ignite 2017 was busy and fun! We loved talking to many of you, answering many of your questions and listening to your feedback. Many teams are still collecting their thoughts into action items and following up with many of you. …

Exchange Server 2019

We wanted to post a quick note on our blog to mention to all that at Microsoft Ignite 2017 we have announced that we will be releasing Exchange Server 2019 as an on-premises release to our customers.

We are looking …

TAP: Outlook mobile support for Exchange on-premises with Microsoft Enterprise Mobility + Security

As announced at Ignite 2017, Outlook for iOS & Android will soon be fully powered by the Microsoft Cloud for hybrid Exchange on-premises customers. These updates will also provide support for management via Microsoft Intune, included in Enterprise Mobility …

Ask the Perf Guy: Update to scalability guidance for Exchange 2016

I’m happy to announce a significant update to our scalability guidance for Exchange 2016. Effective immediately, we are increasing our maximum recommended memory for deployments of Exchange 2016 from 96 GB to 196 GB.

This change is now reflected within …

Migrate your public folders to Office 365 Groups

Over the last few months, we ran a TAP Program where our customers tested the batch migration process to move their public folders (both online and on-premises) to Office 365 Groups. We want to thank all of the customers who …

Released: September 2017 Quarterly Exchange Updates

The latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013 are now available on the download center.  These releases include fixes to customer reported issues, all previously reported security/quality issues and updated functionality.

Minimum supported Forest

Announcing availability of 250,000 public folder Exchange 2010 hierarchy migrations to Exchange Online

Last September, we announced a beta program to validate onboarding of public folder data from Exchange 2010 on-premises to Exchange Online with large public folder hierarchies (100K – 250K public folders).

We are glad to announce that Exchange Online now …

Review of Mailscape Exchange Server Monitoring from ENow Software

When I give conference talks about Exchange Server, there are two stories that I like to tell. The first story is about the company that hired me to join their IT ops team as an Exchange specialist. Within the first …

Do You Really Need an SPF Record?

For some time now I’ve considered Sender Policy Framework (SPF) records an essential part of domain name ownership. As it turns out there’s still some debate in tech forums as to whether SPF records are required or not.

SPF records …

How to Decommission an Exchange Server After Office 365 Migration

In a recent article I discussed the requirement to retain an on-premises Exchange Server after migrating to Office 365 when directory synchronization is being used. That article addresses a very frequently asked question in online forums. However, a less frequently …

Is Outlook for iOS and Android a Free App?

A recent discussion among MVPs and Microsoft reminded me of a question I was asked back when Outlook for iOS and Android were first released – is the Outlook app for iOS and Android devices a free app?

It’s a …

What’s New in Office 365 for August 2017

Office 365 for IT Pros, 4th Edition is continually updated with new information, changes and corrections. Customers who bought the book from this website can download the updated files from their purchase history. Updates applied to the Amazon Kindle

The Curious Case of LinkedIn Data Sharing with Microsoft Azure Active Directory and Office 365

I have a long-standing gripe with LinkedIn for the aggressive harvesting of contacts from their users. I use LinkedIn to a limited extent for professional connections, but I’m always careful to keep it separate and isolated as much as …

Too Soon to Kill the Groove.exe OneDrive for Business Sync Client?

Over at the Microsoft Technical Community, a forums member asks:

A colleague reported not being able to sync using OneDrive for Business using the older groove.exe app today. I tried myself and got the error “This library can no

What Can Microsoft Intune See On Your Managed Mobile Devices?

When mobile device management is being used there are often concerns by end users about what the company can see on their mobile devices. For most people the concerns are around private information such as text messages and photos, while …

Managing Adoption of Office 365 by Controlling Access to Apps

A reader asked me how to limit access to Office 365 services so that their organization can migrate to Exchange Online first, and then gradually adopt more services over a period of time. That’s a reasonable approach to Office 365 …

Review of Mailscape 365 Office 365 Monitoring from ENow Software

During my career, I’ve worked in many internal operations teams. I’ve also worked alongside ops teams when I’ve been delivering projects to customers. Over the years I’ve seen a broad range of monitoring solutions used by IT departments. There’s been …

Weekend Scripter: Exchange add-in module

Summary: Mike O’Neill, Microsoft Senior Premier Field Engineer, created an Exchange add-in module.

This is a PowerShell module for Exchange engineers. The module takes into account both on-premises and hybrid deployed Exchange environments.

It is a combination of several …

Removing On-Premises Exchange Servers after Migrating to Office 365

For some customers after a migration from on-premises Exchange Server to Exchange Online there is a desire to completely decommission the on-premises Exchange servers. Whether it can actually be done will depend on a few different things.

At the beginning …

Does OneDrive for Business Prevent Ransomware Attacks?

I delivered a talk about ransomware risks for businesses at an industry event last year. Since then, awareness of ransomware has grown due to a number of high profile outbreaks around the world. This has lead to the same types …

Using Exchange Shared Mailboxes for Help Desk and Customer Service Scenarios

Shared mailboxes in Exchange Server and Exchange Online are a great way for a team of your users to share the workload of reading and responding to emails. Shared mailboxes are often used in customer service scenarios, whether that be …

An update to Azure AD Conditional Access for Office.com

Howdy folks,

Today I’m writing to provide some background about a change in how conditional access policies will soon be enforced when users access Office.com. Notifications about this change have been sent out, but several of you have asked …

What’s New in Office 365 for July 2017

Office 365 for IT Pros, 4th Edition is continually updated with new information, changes and corrections. Customers who bought the book from this website can download the updated files from their purchase history. Updates applied to the Amazon Kindle

Surprise! New Office 365 Sign-In Experience for End Users

Microsoft is releasing a new Office 365 sign in experience to end users, a change that has not been communicated on the roadmap, Office Blog, or in Message Center. Upon visiting the login page for Office 365, …

Modern public folders logging and when to use it

Hello again! In our last article, we discussed recommendations for deployment of public folders and public folder mailboxes. In this post, we will be discussing methods and tips for monitoring connections being made to the Public Folder mailboxes with …

Azure Active Directory Conditional Access Policies and the Office 365 Portal

Microsoft is rolling out a change from August 9th 2017 for Azure Active Directory conditional access policies. Before this change rolls out any user logins to the Office 365 portal are not subject to conditional access requirements (e.g. enforcing multi-factor …

PowerShell Script for TroubleShooting Exchange ActiveSync Devices

On a recent case I was investigating a mobile device that couldn’t connect to a mailbox over ActiveSync. After spending a few minutes collecting information about the mailbox and its associated devices I realized that this task could be …

PowerShell One-Liner: Get a Count of Exchange Server Mailboxes Per Database

When I’m planning Exchange Server migrations or just generally reporting on mailbox stats I use my Get-MailboxReport.ps1 script. But sometimes I just want a quick look at how many mailboxes are hosted on each database in the organization. To achieve …

Microsoft Announces Discontinuation of Support for Session Border Controllers in Exchange Online Unified Messaging

Microsoft has released a new announcement regarding the discontinuation of support for Session Border Controllers (SBC) in Exchange Online Unified Messaging. You can find the announcement on the Exchange team blog (comments closed) and the Microsoft Tech Community (discussion open).…

How to Use Azure Active Directory Conditional Access to Enforce Multi-Factor Authentication for Unmanaged Devices

Microsoft provides some different options for securing Office 365 and Azure applications with multi-factor authentication (MFA). For your end users you can choose from:

  • MFA for Office 365, which provides basic MFA functionality for Office 365 applications only.
  • Azure MFA,

Discontinuation of support for Session Border Controllers in Exchange Online Unified Messaging

In July 2018, we will no longer support the use of Session Border Controllers (SBC) to connect 3rd Party PBX systems to Exchange Online Unified Messaging (UM). We’re making this change to provide a higher quality of service for voicemail, …

PowerShell One-Liner: Summary of Mailbox Move Request Status

When you’ve got a lot of mailbox move requests running during an Exchange migration, it’s useful to be able to pull a quick summary of how they’re all going. You can achieve this by piping the Get-MoveRequest cmdlet to the …

What’s New in Office 365 for June 2017

Office 365 for IT Pros, 4th Edition is continually updated with new information, changes and corrections. Customers who bought the book from this website can download the updated files from their purchase history. Updates applied to the Amazon Kindle

Securing Mobile Access with Intune MAM Conditional Access Policies

Embracing a BYOD strategy is usually a good thing for your users and your company, but it also creates some concerns about the devices and applications that are being used to access corporate data.

To demonstrate the type of issues …

June 2017 Updates Released for Exchange Server

Microsoft has announced the latest quarterly updated for Exchange Server 2016 and 2013.

Released: June 2017 Quarterly Exchange Updates

The latest set of Cumulative Updates for Exchange Server 2016 and Exchange Server 2013 are now available on the download center. These releases include fixes to customer reported issues, all previously reported security/quality issues and updated functionality.

Updated functionality in

Controlling Third Party Cloud Storage Access for Microsoft Teams

Microsoft Teams now has the ability to connect to external cloud storage providers such as Dropbox and Google Drive. This change is rolling out to Office 365 customers now, and is enabled by default.

Microsoft takes a reasonably open approach …

Microsoft Forms Arrives for Commercial Office 365 Tenants

Microsoft Forms is an Office 365 app that allows users to build surveys, questionnaires, quizzes, and other data collection forms. Until now Forms has been focused on the education market, and as such has only been available to Education customers …

Help Test V1.02 of the Office 365 Groups Report Script

The Office 365 Groups report script helps you track new, modified, and deleted Groups in your Office 365 tenant. When the script was first developed there was no method for recovering deleted Groups. That has since been added, along …

Outlook for iOS/Android Still Able to Connect After Disabling ActiveSync

When an Exchange Online mailbox has the ActiveSync protocol disabled, you may find that the Outlook app for iOS and Android mobile devices is still able to connect to the mailbox to send and receive emails.

PS C:\> Set-CasMailbox dave.bedrat 

Managing Projects with Office 365 Groups, Planner, and Teams

With Office 365 Microsoft is on a mission to provide productivity applications to empower their customers to achieve more. One feature in particular, Office 365 Groups, goes a long way to achieving that goal.

Groups began as an Outlook collaboration …

.NET Framework 4.7 and Exchange Server

We wanted to post a quick note to call out that our friends in .NET are releasing .NET Framework 4.7 to Windows Update for client and server operating systems it supports.

At this time, .NET Framework 4.7 is not supported …

Announcing Original Folder Item Recovery

Cumulative Update 6 (CU6) for Exchange Server 2016 will be released soonTM, but before that happens, I wanted to make you aware of a behavior change in item recovery that is shipping in CU6.  Hopefully this information will …

What’s New in Office 365 for May 2017

I’m a few days behind on this roundup because we’ve been busy getting the new fourth edition of Office 365 for IT Pros out the door. Here’s what’s new and changed in Office 365 for May.

Microsoft Teams, the …

Office 365 for IT Pros, 4th Edition is Now Available

I’m pleased to announce the release of Office 365 for IT Pros, 4rd Edition. This new edition of the industry’s leading Office 365 book has been updated with the very latest changes and new features in Microsoft’s Office 365 …

TooManyBadItemsPermanentException error when migrating to Exchange Online?

Some of you may have noticed that more migrations might be failing due to encountering ‘too many bad items’. Upon closer review, you may notice that the migration report contains entries referencing corrupted items and being unable to translate principals. …

The Fourth Edition of Office 365 for IT Pros is Nearly Here

I’m excited to announce that Office 365 for IT Pros, 4th Edition is nearly ready to be released. Assuming there are no last minute problems we’re expecting to release the new book later this week.

I wanted to give you …

Deep Dive: How Hybrid Authentication Really Works

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange …

Office 365 Directory Based Edge Blocking support for on-premises Mail Enabled Public Folders

Until now, our on-premises customers who use  Mail Enabled Public Folders (MEPF) could not use services like Directory Based Edge Blocking (DBEB). If DBEB is enabled, any mails sent to Mail Enabled Public Folders (MEPF) will be dropped at the …

Comparing Solutions for Mobile Device and Application Management in Office 365

As our business workforce becomes more mobile every year, and security risks for corporate data increase, it’s important to consider how you will manage mobility for your organization. Office 365 customers have a choice of solutions that can be used …

Exchange Analyzer v0.2.5 Released

A new build of Exchange Analyzer is available, which includes the following fixes and improvements:

  • Rewritten .NET Framework test added back
  • Fix for bug in number formatting when reporting number of hours since last DB backup
  • Update to Wiki base

Help Test the .NET Framework Checks for Exchange Analyzer

One of the tests that was developed earlier in the life of Exchange Analyzer looked at the version of .NET Framework installed on the server to determine if it was supported with the version of Exchange running on the server. …

Controlling Exchange Online Mailbox Features with Mailbox Plans

When an Exchange Online mailbox is created in Office 365 it has all of the mailbox features and protocols enabled by default. This makes sense for the average Office 365 customer who doesn’t want to fiddle with settings to get …

Demystifying Certificate Based Authentication with ActiveSync in Exchange 2013 and 2016 (On-Premises)

Some of the more complicated support calls we see are related to Certificate Based Authentication (CBA) with ActiveSync. This post is intended to provide some clarifications of this topic and give you troubleshooting tips.
What is Certificate Based Authentication (CBA)? …

2nd call for public folders to O365 Groups migrations

We got some replies to our previous post on the subject, but wanted to reach out again as we want to make sure we validate this scenario well. Therefore, here is an updated request:

If you are using Public …

Managing Office 365 Licenses with the Azure AD V2 PowerShell Module

In Office 365 we have three methods of managing license assignments for individual or multiple user accounts.

The Office 365 admin portal provides a simple web …

Accessing public folder favorites

Introduction

Seeing that Outlook desktop and Outlook on the web (or OWA, depending on version) do not support the same types of public folders (or folders added to Favorites) we wanted to talk about what is expected behavior when public …