Archivo

Archivo para la categoría ‘Exchange Online’

Dissallow sending mails outside the org

sábado, 8 de febrero de 2014 Sin comentarios

Cambiar-idioma-esp

ExchangeOnline

Hi, today I´ll explain a very quick and simple process to avoid users from sending messages outside the org using Exchange Online.

First of all, we need to enter our Office365 subscription portal (http://portal.microsoftonline.com) and then access our Exchange Admin Center (EAC) from the upper right side where it says «Admin» and then clicking on «Exchange» (check this out if you have a small business subscription).

shared_1

Once we´re inside, click on the «Mail flow» section and then on the «rules» tab  to create a new transport rule, click on the «+» sign and then on «create a new rule…«.

  • Type a name to identify the rule and be able to associate with like «outgoing messages restrictions».
  • Click on the bottom part where it says «More options«
  • On «Apply this rule if…» select «The sender is this person» and select all users that will apply the restriction.
  • Click on «Add condition«
  • Select «The recipient is, external/internal«, and «Outside the organization«
  • On «Do the following…» select the «Block the message» and «Reject the message and include an explanation» option.
  • Specify a message to be delivered as a reason for the blocked users that try to send messages outside the org like «Sending messages outside the org is not permitted» and accept..
  • Click on «Save» and we´re done.

 

Best of all is that we don´t need to create another rule for each user that we want to apply the same behaviour, we just simply have to edit the rule and add the users we want or create a group and add it as a recipient.

 

GAL Segregation

sábado, 8 de febrero de 2014 Sin comentarios

Cambiar-idioma-esp

 

ExchangeOnline

Hi!, todays post will be covering something that the education and enterprises normaly ask for, it´s the GAL segregation on a Exchange Online environment.

So, what is the GAL segregation for? well, a very good example would be a university with 300.000 users and the teachers don’t want to be visible from the student side or viceversa.

Another example would be a recently adquired company and the source wants to integrate the email system but don’t want the recently bought to be able to see each other on the Global Address List. (here you can see an explanation on how Address Book Policies work: http://technet.microsoft.com/en-us/library/hh529948(v=exchg.150).aspx#How)

Well, this was posible before on an on-premises environment but what about Exchange Online?, now is is!. One of the things we need to keep in mind is that in order for this to work fine, we will have to base on the details fields of eah user. On this guide I will be using the «Company» field so I can use the second example I proposed before.

First of all we will have to assign the «Address Lists» role to the «Organization Management» Administrator role and be able to work with the CmdLets we need:

  •  Access our Office365 portal.
  • Click on «Admin» and then on «Exchange» to enter the EAC
  • Click on «Permissions» and then on «admin Roles«
  • Double-click «Organization Management» and add «Address Lists» using the «+» button from the list.
  • SAVE

Then we’ll need to prepare our powershell environement in order to connect to Exchange Online.

Once we’re connected, we will search for users that have the @contoso.com UPN suffix inside their UserPrincipalName and assign the «Contoso Ltd.» value on the Company field of the user detailes with the following CmdLet:

  Get-User -Filter {userprincipalname -like «*@contoso.com«} | Set-User -company «Contoso Ltd.»

Now we have to create the four address lists that the ABP uses.

Creating the GAL:

New-GlobalAddressList -name ContosoGAL -RecipientFilter {(recipienttype -eq «usermailbox») -and (Company -eq «Contoso Ltd.»)}

Creating the Address List:

New-AddressList -name ContosoAddressList -RecipientFilter {(recipienttype -eq «usermailbox») -and (Company -eq «Contoso Ltd.»)}

Creating the OAB:

New-OfflineAddressBook -name ContosoOAB -AddressList ContosoAddressList

Creating the Resource List:

New-AddressList -name ContosoResourceAddressList -RecipientFilter {(recipientdisplaytype -eq «conferenceroommailbox») -and (Company -eq «Contoso Ltd.»)}

Once we have created the four required lists, we will proceed to create the ABP:

New-AddressBookPolicy -Name ContosoABP -AddressLists ContosoAddressList -GlobalAddressList ContosoGAL -OfflineAddressBook ContosoOAB -RoomList ContosoResourceAddressList

And last of all, assign the recently created ABP to the desired users:

Get-User -Filter {userprincipalname -like *@contoso.com} | Set-Mailbox -AddressBookPolicy ContosoABP

If what we want is to assign the ABP to a specific user, simply run this CmdLet:

Set-Mailbox usuario@contoso.com -AddressBookPolicy ContosoABP

Sources:

Microsoft Spain Exchange support team blog (Thanks to Pablo García Merlo): http://blogs.technet.com/b/esexblog/

Microsoft TechNet: http://technet.microsoft.com/en-us/library/hh529948(v=exchg.150).aspx#How

PS: Configuring read receipts in Exchange Online

viernes, 3 de enero de 2014 Sin comentarios

 

Cambiar-idioma-esp

o365

Hi, today I’ll be bringing you a short but useful article for large orgs. Often we encounter with read receipts confirmations when we receive e-mails and many of the users reject them, what are the meaning of those then?, well if we can’t control external users from doing that, we can for our org users.

Of course we can do it via GUI either by OWA or by Outlook, but we have two inconvenients, one is that those settings will be applied only with client depending, and the other one is that is not operative to do it one by one on large orgs. So what happens when we have 300+ users? POWERSHELL!

To do so, we need to get our environment configured and once this is done, run the following CMDLET:

Set-MailboxMessageConfiguration -Identity user@yourdomain.com -ReadReceiptResponse NeverSend

In this case we will be configuring the user user@yourdomain.com to never send read receipt confirmations, but we can customize it replacing the «NeverSend» with the following options:

  • «DoNotAutomaticallySend»  To always ask for confirmations
  • «AlwaysSend» To always send confirmations
  • «NeverSend» To never send confirmations

But how do we apply this to all users? very simple, making use of the «|» to the command we want to preceed, i.e:

Get-User | Set-MailboxMessageConfiguration -ReadReceiptResponse AlwaysSend

To confirm that the value has been correctly applied, we can run the following:

Get-MailboxMessageConfiguration -Identity user@yourdomain.com | fl ReadReceiptResponse

Greetings.

Force Outlook to connect to Office365 instead of Exchange On-Premise

martes, 29 de octubre de 2013 Sin comentarios

Cambiar-idioma-esp

o365

When we do a cutover migration, we encounter just after migrating all the content and configure the new profile in Microsoft Outlook, it autoconfigures itself directly with the On-Premise Exchange server.

Besides, if we make a ping to autodiscover.dominio.com, it will always resolve the local exchange server ip instead of the Office365 autodiscover, no matter if we add it to the hosts file, configure external DNS or even add the entry to the local DNS.

This is because Exchange 2010 presents the built-in functionality of autodiscover, and in order to the new profiles take effect of the new configuration needed, is necessary to do one of the two following steps:

1- Delete the Autodiscover virtual dir in IIS (at the local Exchange server):

  • Run the Exchange Management Shell
  • Execute the following commands

Remove-AutodiscoverVirtualDirectory -Identity «MyServer\autodiscover(autodiscover.contoso.com)»

Set-ClientAccessServer name -AutoDiscoverServiceInternalUri $null

  • Restart IIS running «IISRESET» command inside a Command Line Console

2- Add the following registry entries on the client machine:

  • Navigate to the path, if it´s Outlook 2007: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
  •  Navigate to the path, if it´s Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Autodiscover
  • Add the following values:

«PreferLocalXML»
«ExcludeHttpRedirect»
«ExcludeHttpsAutodiscoverDomain»
«ExcludeHttpsRootDomain”
«ExcludeScpLookup»
«ExcludeSrvLookup»
«ExcludeSrvRecord»
«PreferLocalXML»=dword:0
«ExcludeHttpRedirect»=dword:0
«ExcludeHttpsAutodiscoverDomain»=dword:0
«ExcludeHttpsRootDomain»=dword:1
«ExcludeScpLookup»=dword:1 (forces Outlook to exclude SCP object check)
«ExcludeSrvLookup»=dword:1
«ExcludeSrvRecord»=dword:1

  • Restart the machine and créate the new profile.

Search and Delete messages in Exchange Online between dates

domingo, 20 de octubre de 2013 Sin comentarios

 Cambiar-idioma-esp

 o365

 

A few days ago I recieved a question out of the usual: How to delete messages from a mailbox between two dates without the need of applying retention policies.

Of course, this can´t be done from any admin console, but it can be done from PowerShell keeping in mind the following requisites:

Once we met the requisites, connect to the office365 subscription with the following CmdLets:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection Import-PSSession $Session

Finally, once inside run the following CmdLet:

Search-Mailbox usuario@dominio.com -SearchQuery «Received: $(‘mm/dd/yyyy’) and Received:< $(‘mm/dd/yyyy’)» -DeleteContent

This will Soft-Delete the content between these dates.

Hope you find this useful.

 

Dynamic Distribution Groups in Exchange Online

viernes, 16 de agosto de 2013 Sin comentarios

ExchangeOnline

If just a few days ago i explained how to create and manage Distribution Groups under Exchange Online, now i come to do the same about Dynamic Distribution Groups under Exchange Online.

Definition and Functionality

Dynamic Distribution Groups are a functionality that allows to receive E-Mails under a virtual address and distribute them between their members, defining members to be the ones that meet one or more of the conditions we specify under the properties of the group according to values of the user properties.

An example of this would be a department like Office365 IT Support located at NY with one or more employees that have the need of forwarding all the E-mails sent to an address like o365.support.NY@contoso.com. Due that this department has fluent employees that come and go out of the company, it’s management could be more loaded than expected. To avoid this, Microsoft thought of a new functionality that could automatically add members located at the NY office and the Office365 IT support department.

With this functionality we will not only avoid configuring a POP account PC by PC, but also be able to assign permissions to users who want to send E-mails as the department address or on behalf of in difference to the Distribution Groups of other platforms, and also avoid high workload on the management area as it’s automatic.

Configuration through the Office365 Portal

– The first thing we have to do is access our Office365 portal (http://portal.microsoftonline.com). – Then we need to access the Exchange Control Panel or ECP clicking on the upper side of the screen where it says «Admin» and then on «Exchange». (Click here to access the ECP if you have a Small Business Plan).

dg1

– Once inside, click on «Groups».

dg2

– Click on the «+» Symbol and then where it says «Dynamic Distribution Group» – Set the properties of the group we want to create:

dyndg1

Display Name: this is the name it will appear on the Global Address List and also on the recipients as the Department.

Alias: this field is the identifier that the system will use to localize and identify this group.

Description: we can assign a short description of the use we’ll use the group for.

Owners: indicates who will have the permissions to make modifications over this group.

Members: here we will define who will form part of this group, allowing to receive all the messages sent to the virtual address, only if they meet the conditions we set below.

– Once you’ve created the group, we can define additional properties doing a double click on it.

The screens we will find are:

General, where we can define or edit options like Display Name, the SMTP address it will use, Description and something very important, the ability to hide the group from the Global Address List (GAL).

dyndg2

Ownership, where we can set the owners that can make modifications to the group, including the new member approvals.

esdg5

Membership, here we can set the members or recipients of the mails sent to the virtual address and the conditions they have to meet to be one of it.

dyndg4

Membership Approval, to set the permissions config to join or leave the group.

esdg7

Delivery Management, where we can set the senders that can send messages to this group. By default the selected option is set to «Only senders inside the organization», so if we want to receive messages from outside the organization we must select the other option where it says «Senders inside and outside of my organization». Also we can set specific members that can send to this group.

dyndg5

Message Approval, here we can set the message flow to moderate the messages in case we want to approve the received messages before distributing it to its members. We can also define the moderators we want and if we want to exclude from this rule certain senders in who we trust. Also have the possibility to notify the sender in case his message has been rejected.

 dyndg6

E-mail Options, from this section we can define one or various SMTP addresses to be used to receive using this group.

 dyndg7

Mailtip, we can also define the message that will appear to users inside our organization using Microsoft Outlook when selecting the group as recipient. For example a message indicating it can be a delay of two days for answering the message.

 dyndg8

Group Delegation, here we can assign permissions to «Send As» or «Send on Behalf Of» to users so they can send messages using the group as the sender.

 dyndg9

Configuration through PowerShell

– First of all we need to prepare our environment to connect with our Office365 subscription via PowerShell.

– Then we only need to run the following:

New-DynamicDistributionGroup -Name «Dynamic DG Name» -RecipientFilter {(RecipientType -eq ‘UserMailbox’) -and (Department –like <DeptName’>)}

– Set the group to allow messages to be received from outside and inside the org:

Set-DynamicDistributionGroup «Group Name» -RequireSenderAuthenticationEnabled $False

– Assign other owners of the group:

Set-DynamicDistributionGroup -Identity «Group Name» –ManagedBy user@company.com -BypassSecurityGroupManagerCheck

– Add additional SMTP addresses to the group:

Set-DynamicDistributionGroup «Group Name» -EmailAddresses SMTP: dept@company.com, alias@company.com

– Hide the group from the Global Address List (GAL):

Set-DynamicDistributionGroup «Group Name» -HiddenFromAddressListsEnabled $True

– Show members of a Dynamic Distribution Group:

$DDG = Get-DynamicDistributionGroup «Dynamic DG Name» Get-Recipient -RecipientPreviewFilter $DDG.RecipientFilter |ft alias

I hope you find this useful.

Exchange Online Distribution Groups

domingo, 4 de agosto de 2013 Sin comentarios

Definition and Functionality

Distribution Groups are a functionality that allows to receive E-Mails under a virtual address and distribute them between their members.

An example of this would be a department like sales with one or more employees that have the need of forwarding all the E-mails sent to an address like sales@contoso.com.

With this functionality we will not only avoid configuring a POP account PC by PC, but also be able to assign permissions to users who want to send E-mails as the department address or on behalf of in difference to the Distribution Groups of other platforms.

dgscheme

Configuration through the Office365 Portal

– The first thing we have to do is access our Office365 portal (http://portal.microsoftonline.com).
– Then we need to access the Exchange Control Panel or ECP clicking on the upper side of the screen where it says «Admin» and then on «Exchange». (Click here to access the ECP if you have a Small Business Plan).

dg1

– Once inside, click on «Groups».

dg2

– Click on the «+» Symbol and then where it says «Distribution Group» – Set the properties of the group we want to create:

esdg3Display Name: this is the name it will appear on the Global Address List and also on the recipients as the Department.

Alias: this field is the identifier that the system will use to localize and identify this group.

Description: we can assign a short description of the use we’ll use the group for.

Owners: indicates who will have the permissions to make modifications over this group.

Members: here we will define who will form part of this group, allowing to receive all the messages sent to the virtual address.

Joining approval permissions: we can define if the employees can join this group without any approval (open), they can be manually added by any owner without having the option to send a request (closed), or if the employees can send requests to join the group in order to be accepted or rejected by any owner of the group (Owner Approval).

Leave permissions: we can define if the members can leave the group without any permission or approval (open), or if it needs to be approved by any owner (closed).

– Once you’ve created the group, we can define additional properties doing a double click on it.

The screens we will find are:

General, where we can define or edit options like Display Name, the SMTP address it will use, Description and something very important, the ability to hide the group from the Global Address List (GAL).

esdg4

Ownership, where we can set the owners that can make modifications to the group, including the new member approvals.

esdg5

Membership, here we can set the members or recipients of the mails sent to the virtual address.

esdg6

Membership Approval, to set the permissions config to join or leave the group.

esdg7

Delivery Management, where we can set the senders that can send messages to this group. By default the selected option is set to «Only senders inside the organization», so if we want to receive messages from outside the organization we must select the other option where it says «Senders inside and outside of my organization». Also we can set specific members that can send to this group.

esdg8

Message Approval, here we can set the message flow to moderate the messages in case we want to approve the received messages before distributing it to its members. We can also define the moderators we want and if we want to exclude from this rule certain senders in who we trust. Also have the possibility to notify the sender in case his message has been rejected.

 esdg9

E-mail Options, from this section we can define one or various SMTP addresses to be used to receive using this group.

 esdg10

Mailtip, we can also define the message that will appear to users inside our organization using Microsoft Outlook when selecting the group as recipient. For example a message indicating it can be a delay of two days for answering the message.

 esdg11

Group Delegation, here we can assign permissions to «Send As» or «Send on Behalf Of» to users so they can send messages using the group as the sender.

 esdg12

Configuration through PowerShell

– First of all we need to prepare our environment to connect with our Office365 subscription via PowerShell.

– Then we only need to run the following:

New-DistributionGroup -Name «Group Name» -DisplayName «Display Name» -Alias «Group Alias» -PrimarySmtpAddress dept@company.com

– Add the members:

Add-DistributionGroupMember  «Group Name» -Member user@company.com -BypassSecurityGroupManagerCheck

– Set the group to allow messages to be received from outside and inside the org:

Set-DistributionGroup «Group Name» -RequireSenderAuthenticationEnabled $False

– Assign other owners of the group:

Set-DistributionGroup -Identity «Group Name» –ManagedBy user@company.com -BypassSecurityGroupManagerCheck

– Add additional SMTP addresses to the group:

Set-DistributionGroup «Group Name» -EmailAddresses SMTP: dept@company.com, alias@company.com

– Hide the group from the Global Address List (GAL):

Set-DistributionGroup «Group Name» -HiddenFromAddressListsEnabled $True

I hope you find this useful.

Restrict access to Exchange Online

martes, 26 de marzo de 2013 Sin comentarios

 

Cambiar-idioma-esp

ExchangeOnline

Some days ago, i found myself with a client petition, where they wanted to restrict the access to Exchange Online on a few users only to be able to access their e-mail via OWA. Well after i bit of investigation i found out how to do it via PowerShell, so here are some CmdLets to do so:

Of course, we need to have our environment ready for Office365 administration via PowerShell.

Once we have our system logged on to Office365 via PowerShell with our admin credentials, we can run the following commands as needed:

Disable OWA Access

set-CASmailbox user@domain.com -OWAEnabled $false

Enable OWA Access

set-CASmailbox user@domain.com -OWAEnabled $false

Disable IMAP Access

set-CASMailbox user@domain.com -ImapEnabled $false

Enable IMAP Access

set-CASMailbox user@domain.com -ImapEnabled $true

Disable POP Access

set-CASMailbox user@domain.com -PopEnabled $false

Enable POP Access

set-CASMailbox user@domain.com -PopEnabled $true

Disable Exchange ActiveSync use with mobile devices

set-CASMailbox user@domain.com -ActiveSyncEnabled $false

Enable Exchange ActiveSync use with mobile devices

set-CASMailbox user@domain.com -ActiveSyncEnabled $true

Disable SMS for all the organization

Set-OwaMailboxPolicy Default -TextMessagingEnabled $false

Enable SMS for all the organization

Set-OwaMailboxPolicy Default -TextMessagingEnabled $true

Disable Outlook Access

Set-CASmailbox user@domain.com –mapienabled $false

Enable Outlook Access

Set-CASmailbox user@domain.com –mapienabled $true

 

I hope you find them useful…

Inactive mailboxes on Exchange Online

domingo, 24 de marzo de 2013 Sin comentarios

Cambiar-idioma-esp

 

o365

Today we´ll cover something new in Office365 Exchange Online and Exchange 2013, it´s about Inactive Mailboxes. These mailboxes let you keep the contents of a mailbox you´re about to delete indefinitely without the need of a license.

The only requisites we must have in order to get this feature working are:

  • Have an Exchange Online Plan 2 or the Online Archive feature.
  • Activate the «In-Place Hold» function on every mailbox before the deletion. If we´ve already deleted the mailbox without activating this function, we can bring it back during 30 days from it´s deletion and actívate the function.

So, how do we do it?.

  1. First of all will be create/convert a mailbox into inactive. To do so, we must define an undefined retention or a time based retention:
    1. Via GUI:
      1. Access the Exchange Administration Console (EAC)
      2. Click on Compliance Management
      3. Click on the “In-Place eDiscovery & Hold“ tab.
      4. Click on the “+” button.
      5. Give a name and a description to the retention policy and click on “next
      6. Select the mailboxes you want to include on the retention policyand click on “next
      7. Click once again on “next” and mark the checkbox that says “place content matching….” and select the time we want to hold the content, indefinitely or by days.
      8. Click on “Finish
    2. Via PowerShell:
      1. Prepare our environment to run with PowerShell
      2. Run the following command:New-MailboxSearch “Retention_Name” -SourceMailboxes user@domain.com -InPlaceHoldEnabled $true
  2. The second thing will be to delete the mailbox we want to retain via the Office365 Administration portal or with the PowerShell command “Remove-Mailbox”

Well, we now have our mailbox archived and hold indefinitely (or the days we want to), so how do we access that content?, via PowerShell:

  1. Run the following command on PowerShell:

    New-MailboxSearch “Search_Name” -SourceMailboxes “Source_mailbox” -TargetMailbox “Discovery Search Mailbox” -IncludeUnsearchableItems -LogLevel Full

We´ll get the results on our discovery mailbox

Until next time!

Solution to the winmail.dat and Exchange Online Problem

sábado, 23 de marzo de 2013 Sin comentarios

 

Cambiar-idioma-esp

ExchangeOnline

Sometimes when we send an E-mail to a recipient with an attachment (i.e, a pdf file), and that recipient uses Outlook Express as an e-mail client, instead of receiving the pdf file, it will receive a file named winmail.dat as an attachment. Well stop looking no more on the recipients server, antivirus software or even the antispam because the problem is in your Exchange server and it can be easily solved.

This situation is due to the encapsulation format that the Exchange servers uses by default and that Microsoft is propietary named TNEF or  Transport Neutral Encapsulation Format. This encapsulates the MAPI properties of the message.

When we send the message with an attachment, and leaves our Exchange Organization but it arrives on an E-mail client that is not compatible with Outlook´s rich text format, the attachment will be replaced for another one named  winmail.dat.

To avoid this situation, whe must simply login to our Office365 subscription using PowerShell with our admin credentials (of course we must have our environment ready for it), and run the following command:

Set-RemoteDomain Default -TNEFEnabled $false

This way all the outgoing messages sent outside our organization wont be using this encapsulation format. Hope many of you find it useful.