Exchange Online Adds Support for License Stacking

Microsoft announced support for concurrent Exchange Online license assignments, aka license stacking. This means that the workload can sort out the capabilities made available to a user through multiple licenses and make the maximum functionality available to the user through whatever’s deemed to be the “most superior” license. If that sounds like so much mumbo-jumbo, it might just be, unless you’ve been plagued by people losing access to their mailboxes because of shifting license assignments in the past. If you have, this change will make you very happy.

Sending Auto-Replies from Shared Mailboxes

Much to our distress, we discovered that the contact form for the Office 365 for IT Pros website was broken. We fixed everything up and use a shared mailbox to receive the contacts logged by people on the website. In fact, we use a distribution list as the first point of contact. Its membership includes the shared mailbox and other user mailboxes. Everything works very nicely now.

Achieving Consistency in Country Settings Across Azure AD and Exchange Online

Azure AD user accounts and Exchange Online mailboxes share many properties, including some for a user’s address. When it comes to countries, Azure AD has the country property while Exchange uses the CountryOrRegion property. Sometimes the two don’t match up. Why does this happen and does it matter in practical terms? What other country or regional settings exist that need to be managed? A simple question sets off a big discussion.

How to Enable Exchange Online Mailbox Archives Based on Mailbox Size

This article explains how to use PowerShell to enable Exchange Online archive mailboxes after primary mailboxes reach a certain size. Some simple PowerShell code checks the mailbox size and if it’s too large, enables the archive and assigns a mailbox retention policy containing a default move to archive tag to move items from the primary to the archive mailbox. Some Azure Automation would make sure that the script runs periodically to keep mailboxes in good health.

Microsoft Pauses Daily Viva Briefing Messages

Microsoft announced that they will pause sending the daily Viva Briefing messages to make improvements to the personalized content in the messages. No detail has been revealed about the kind of changes Microsoft is contemplating, so all we can do is write some PowerShell to show which mailboxes are currently enabled to receive the daily briefing.

Exchange Online to Stop Support for Remote PowerShell Connections in September 2023

Microsoft has announced that Exchange Online will block Remote PowerShell connections from October 1, 2023. Taken in isolation, this is excellent news and it will contribute to the move to use modern authentication for all client connections to Exchange Online. However, things aren’t quite so good when you realize that the final deprecation of the Azure AD and MSOL PowerShell modules take place at the same time. Lots of work to do to upgrade scripts!

How to Customize the Exchange Online Message Expiration Timeout Interval

Microsoft is deploying a change to the Exchange Online transport server to allow tenants to set the message expiration timeout interval to between 12 and 24 hours. The default for the service remains at 24 hours. Reducing the interval means that users will learn about message failures sooner. The hope is that they’ll be able to respond to those failures and resend messages once they learn about problems.

Checking the Release of Quarantined Messages

On the surface, it seems easy to report when someone releases a quarantined message. As it turns out, things aren’t quite as easy as it first seems. Audit events are available in the unified audit log, but they don’t tell the full story. But by putting that data together with information about messages in quarantine, we can create a composite view that’s closer to what’s needed.

Running Exchange Online Historical Message Traces for Sets of Mailboxes

A question was asked about the best way to find out if shared mailboxes received email from certain domains over the past 60 days. Exchange Online historical message traces can extract trace data to allow us to check, but the process of running the message trace and then analyzing the data is just a little disconnected.

Reporting Distribution List Membership with the Microsoft Graph PowerShell SDK

Microsoft will deprecate the Azure AD and MSOL PowerShell modules in June 2023. It’s time to convert scripts that use cmdlets from these modules and the Microsoft Graph PowerShell SDK is probably the best answer. This article explains how to generate a report of Exchange Online distribution list memberships, a task often handled in the past with Azure AD cmdlets.

Adding New Azure AD Users to Groups Automatically

Several methods exist to add new user accounts to groups automatically. Dynamic group membership is an obvious option, but other choices exist, including org-wide teams (if your organization is under 10,000 accounts) and using PowerShell to manage the automatic addition of new members to a standard distribution list or Microsoft 365 group. This article examines the various methods. Once you understand what’s possible, you can make the right choice.

No Way Back to Exchange Server for Auto-Expanding Archives

Microsoft is introducing a block to stop customers attempting to move auto-expanding archives to Exchange Server. No very of the on-premises server has ever supported auto-expanding archives, so it’s reasonable to have a block. It’s still possible to move a primary mailbox back to Exchange Server, but its auto-expanding archive must stay in the cloud. It’s a good factor to take into account if an organization plans to use auto-expanding archives in the future.

Outlook Groups Support for Folders and Rules

Outlook Groups now boast support for folders and rules. In other words, group owners and members (if allowed) can create new folders and move and copy items from the inbox to those folders. They can also create rules to process inbound email arriving into the group inbox. It’s all well and good, but there are a few points to understand about how things work.

Exchange Online Mail Flow Rules Move to New EAC

Microsoft is moving the creation and management of mail flow rules to the new EAC from November. The UX in the legacy EAC should disappear in December 2022. The new UX is prettier and works better (apart from the rule wizard), but it’s a little disappointing that we have essentially the same way of managing mail flow rules in 2022 as we had in 2006. You can only hope that things might improve in the future.

Microsoft Dumps Bulk Distribution List Migration to Microsoft 365 Groups in Legacy EAC

A November 3 announcement says that Microsoft will deprecate the bulk distribution list migration feature in the legacy EAC on February 1, 2023. Although no one will probably be surprised by the news, it’s disappointing that all Microsoft can suggest is a manual conversion process for those who want to move (simple) distribution lists to Microsoft 365 groups. Is it too much to ask to have a PowerShell script to do the job?

Running Exchange Online Historical Message Traces

Exchange Online historical searches are the way to retrieve message trace information that’s older than 10 days (but less than 90 days). You might not have to run historical searches very often, but when you need to, you’ll be glad that the facility exists.

Outlook Reactions to Respond to Email

Users will soon have the option to use Outlook reactions to respond to emails received from people inside the same tenant (well, it also works with some other tenants). It’s the same kind of feature that already exists in Yammer and Teams, but whether this kind of response works with email remains to be seen. It’s a cultural thing!

Updating Microsoft 365 User Accounts to use a New Domain

A reader asked how to update user email addresses and UPNs. As it turns out, this is not a very difficult technical challenge. The problem lies in the aftermath. It’s easy to update the primary SMTP address for a mail-enabled object or assign a new user principal name to an Azure AD account. Then problems might come into view, like needing to adjust the Microsoft Authenticator app to make MFA challenges work for the new UPN.

Researchers Worry About Office 365 Message Encryption

An October 14 report says that Office 365 Message Encryption shouldn’t be used because its encryption scheme might reveal email content. Well, that might be the case if an attacker can hijack connectivity from Office 365 to another email service. But the relatively low levels of OME usage and the difficulty of acquiring enough email to understand message structure makes this a less than practical attack in the wild.

Making Sure Apps Can Run Exchange Online Management Cmdlets

This article describes how to use the Exchange.ManageAsApp permission to allow Azure AD apps to run Exchange Online PowerShell cmdlets. You can do this in the Azure AD admin center for registered apps, but when the time comes to allow Azure Automation runbooks to sign into Exchange Online with a managed identity, you must assign the permission to the automation account with PowerShell. Easy when you know how, hard when you don’t!

OWA’s Sweep Feature Uses Both Inbox and Sweep Rules

Outlook logo

The Outlook Sweep feature is available in OWA and the Outlook Monarch client. The idea is that you clean up your mailbox by ‘sweeping’ unwanted items into somewhere like the Deleted Items folder. As it turns out, the Sweep feature uses both Inbox and Sweep rules to get its work done. Overall, Sweep is a pretty useful piece of functionality.

Outlook for Windows Gets External Mail Tagging

External tagging has been available for OWA, Outlook mobile, and Outlook for Mac since 2021. Now it’s coming to Outlook for Windows. Some might wonder about why it’s taken Microsoft so long to add external tagging to the Windows client. It might be that they’re waiting for the Monarch client, but it’s more likely the difficulty of retrofitting new features into the Outlook GUI.

Exchange Online Archive Mailboxes Move Away from Purview Compliance Portal

Microsoft is moving the listing of archived mailboxes from the Purview Compliance portal to its natural home in the Exchange Admin Center. In this post, we look at how you can report the current status of archive mailboxes (both user and shared mailboxes) in a Microsoft 365 tenant.

Using Hidden Membership for Microsoft 365 Groups

Hidden membership is supported for Microsoft 365 Groups and distribution lists. Hidden membership means that no one except members and admins can see who’s in a group. It’s a useful feature if you don’t want people poking around to find out who’s in a group or distribution list. One thing to be aware of is that once a Microsoft 365 group has hidden membership, it has it forever. Distribution lists on the other hand can flip between hidden and visible membership.

Now that Basic Authentication is Turned Off in Exchange Online, What Happens Next?

Now that October 1 has arrived, Microsoft has started the process to permanently remove basic authentication from 7 email connection protocols. So what happens next? Well, for many organizations, not much. They’re the ones that have already transitioned to modern authentication. For others, some unpleasant surprises might lie ahead as people discover that stuff just doesn’t work anymore.

Exchange Online Statistics Revealed at MEC 2022

Microsoft revealed some interesting Exchange Online statistics at the MEC 2022 event. 300 K physical mailbox servers is a staggering amount, but 7.3 billion mailboxes might be even more surprising. Also at MEC we discovered more about the campaign to remove basic authentication from Exchange Online and how well Microsoft’s Greg Taylor can communicate in Irish when he presents about the deprecation of basic authentication.

Outlook Automapping and Offline Files

Outlook automapping is usually a good thing. Exchange marks a mailbox after a user receives full access permission for the mailbox. Autodiscover publishes details of the new access, and Outlook adds the mailbox to its resource list. But Some downsides exist, like the size of the OST, which mean that sometimes it’s better to add a mailbox manually to Outlook and forget about automapping.

MEC and TEC in Two Weeks

Over the next two weeks, I’ll attend and present at the Microsoft Exchange Conference and The Experts Conference (MEC and TEC). It should be fun! It’s nice to see conferences gradually returning to normal. I prefer in-person events and am looking forward to TEC in Atlanta on September 20-21. Before then, there’s the small matter of presenting two sessions at MEC 2022.

Outlook’s Strange Archive Folder

Outlook logo

Outlook boasts a useless Archive folder. At least, I can’t come up with any good reason to use the Archive folder. It only confuses people in discussions about archiving. The one good thing I discovered when I revisited the topic is that a registry key exists to stop Outlook moving items into the Archive folder with the backspace key.

More Issues with Exchange Online Mailbox Audit Events

In March 2020, I wrote about mailbox audit events for Office 365 E3 accounts not showing up in the Office 365 audit log. As far as I can tell, Exchange Online deals with new mailboxes properly now. However, there might be some mailboxes in your organization that aren’t generating the audit records you thought they are… so it’s time to check.

Detecting Exchange Online Shared Mailboxes That Need Licenses

Exchange Online shared mailboxes only need licenses if they have an archive, exceed 50 GB in size, or are on litigation hold. The rules are there, but how many tenants check their shared mailboxes to make sure that they’re in compliance. This article explains how to use PowerShell to detect shared mailboxes that need licenses.

Microsoft Reducing Recovery Time for ex-Inactive Mailboxes to 30 Days

Microsoft plans to reduce the recovery period for inactive mailboxes newly released from retention holds and policies from 183 to 30 days. The change will be implemented worldwide by the end of September. The reduction in recovery time sounds seriously but it’s really not. If you haven’t figured out that you need to recover some data from an old inactive mailbox within 30 days, the data probably isn’t needed. And anyway, if you really want to, you can keep inactive mailboxes forever.

Using the Outlook Booking with Me Feature

Outlook’s new Booking with Me feature is rolling out worldwide. Any user with an Exchange Online license can create a personal bookings page to allow other internal and external people to book meetings with them. It’s a nice idea and a good example of how Microsoft can use its software toolkit to create new solutions.

How Microsoft Bookings Uses Scheduling Mailboxes

The Microsoft Bookings app is available to many Office 365 users. The app is designed to host a shared calendar for a group of people. The calendars are in special scheduling mailboxes that are created by the Microsoft 365 substrate. Appointments in the calendar can be scheduled by people through a bookings page, which can be on the internet or confined within an organization. It’s a neat way to run an online business – if only Bookings could take in some money for all that scheduled work.

Why Microsoft’s Slowness in Delivering Outlook Roaming Signatures Affects OWA

Microsoft promises they will deliver the long-awaiting Outlook roaming signatures feature in October 2022. There are signs of progress in Outlook beta builds, but the development of the feature has caused some disruption for Microsoft 365 tenants because it broke the cmdlet that updates HTML signatures for OWA. Oh well, it will all be OK in October. At least, that’s the plan.

Connecting IMAP4 Clients to Exchange Online with OAuth 2.0

The imminent deprecation of basic authentication for 7 Exchange Online connectivity protocols mean that client updates need to be considered. If you use IMAP4, the Thunderbird client does a good job, but will other clients be able to cope? It’s a good question to ask.

Loop Components Appear in OWA

Loop components are now supported in OWA. The implementation is reasonably close to that of Teams chat, but has some essential differences due to the nature of email. The current state of Loop components mean that they are highly suited for internal communication but not for collaboration outside an organization.

Microsoft Launches IMAP4 and POP3 Application Access to Exchange Online Mailboxes

Microsoft has launched application access to Exchange Online via IMAP4 and POP3 using modern authentication. The approach Microsoft takes is reasonable and pragmatic and should be simple enough for app developers to implement. However, with an eye on the future, maybe this isn’t the best strategic choice to make. Moving to the Graph APIs will take more work, but it’s a better long-term solution.

Microsoft Introduces Control Over Delegated Access to Encrypted Email

Microsoft is introducing new controls for delegate access to encrypted emails accessed via Outlook clients other than Outlook for Windows. The controls are implemented in three new PowerShell cmdlets which can block, validate, and allow delegate access to encrypted messages. It’s nice to see some coherence being introduced for almost all the Outlook clients, even if Outlook for Windows does its own thing.

Comparing Shared and Inactive Mailboxes

Exchange Online tenants have a choice between inactive mailboxes and shared mailboxes when the need arises to keep “leaver” data like that belonging to ex-employees. Inactive mailboxes are essentially a compliance tool and sometimes shared mailboxes are better choices. We explore both in this short article.