The GuruXP Blog

Since the plattform upgrade of Office365 P1 plan (Office365 for Small Business), the Exchange Control Panel (ECP) link to administer it has become invisible, so many of you can´t find out how to access it, so here´s how to do it:

First of all, access your subscription with your admin credentials.

Once inside, this is the only administration links we´ll see:

Now type on your Internet Explorer address bar the following url: http://outlook.com/ecp as shown on the following image:

And we will get our credentials validated automatically, so we´ll get our Exchange Control Panel  as shown on the following image:

Ihope many of you find this post usefull.

Once i wrote a post about configuring SendAs and SendOnBehalfOf on the previous version of Office365 (wave14) with the use of PowerShell, even though this procedure is totally valid for multiple users and migration processes, i´ll explain one of the new features of the new version of Office365 (Wave15), and this is how to achieve this using the graphical interface.

1. To start, we must enter the Office365 Administration portal with out admin credentials.
2. Once we´re in, click on Admin and then on Exchange to Access the ECP.
3. Then click on Groups, and double click the distribution group we want to apply the changes on.

   

4. Then simply click on Group Delegation and add the users on the desired box (SendAs or SendOnBehalfOf).
   

It´s a lot of time i haven´t published anything about Office365 with the use of PowerShell, so today i will not just write about it, but also be writing about helping partners with the Office365 client management.

Actually there are many partners that use some PowerShell commands to manage their client subscriptions to be able to apply changes massively, but not much know about two commands:

Get-MsolPartnerContract and Get-MsolPartnerInformation

So let´s get what these return to us:

• First of all (of course) will be to get our environment prepared for PoweShell and Online services.
• Second thing we´ll do is to start the Microsoft Online Services for Windows PowerShell Module (we´ll find it on the installed program list)
• Once it´s started, run the Connection chain and use your admin credentials as a partner:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection Import-PSSession $Session

• Then connect to the MSOL service with the Partner admin credentials once more:

Connect-MsolService

• Once we´re inside the system, run the following command to get a list of the subscription we manage as a Partner:

Get-MsolPartnerContract

The only problem here is that it doesn´t give us a clear output because the only value it returns is the Tenant Id:

So here´s where the other command will help us:

• The Following command will let us obtain the Info associated to a Tenant Id:

Get-MsolPartnerInformation -TenantId <id>

This would be the result:

The only problema is that we would have to run two commands to get the Info we want and it´s a bit messy, so lets use the functionality and power that PowerShell gives us like the chained commands and use the next command::

Get-MsolPartnerContract | Get-MsolPartnerInformation

This way we will get the Info without the need to investigate about the id that is linked to it.

Hope you Partners find it useful.

One of the new things in Office365 new plattform admisnitration is the new graphical way to create shared mailboxes without the need to use PowerShell (we still can do it the PowerShell way) so here´s how to do it:

• The first thing we need to do is Access the Office365 Portal with our admin credentials.
• Then we need to click on the upper right hand corner where it says «Admin» and select «Exchange«.

• Then click on «Shared«.

• Click on  «+» to create a new mailbox.
• Give a Display Name, an E-mail address and assign the Full Access and Send As permissions for the users we want to include on it and finally click on Save.

If we double click the recently created shared mailbox we´ll get some other options of interest like restricting access to the mailbox via OWA, IMAP, policies asignment or inclusive hide it from the GAL.

Hope you find the Info useful.

One of the new features that Office365 new platform (Wave 15) brings us by the hand of Exchange 2013 is to be able to work in Offline mode and that´s what i´ll be explaning in today.

Just to be clearer, this is not meant to be a Microsoft Outlook substitute, this new feature has been created to avoid networking cuts during a travel and avoid networking issues, so if what you want is to be able to work in complete offline mode, then you should use Microsoft Outlook for it as it offers a lot more advantages tan just OWA.

Also when we work with these feature we´ll wet some limitations like:

• Only the content of the inbox, drafts and the last viewed folders in the past 7 days.
• It´ll only show the first 100 ítems of each folder.
• The attachments are not stored so we will be able to see the message but not the attachment when we don´t have an internet connection active.
• We will be able to reply and forward mails as compose new ones, but they wont be sent until we get internet and they´ll be stored on the the lower side of the screen as a notification but not on the Out Box.

Once all this is said, here´s how to enable this functionality:

• Access your inbox through Office365 portal.
• Click on the Little gear icon (settings) and select the «Offline Settings» option:

• Select the «Turn on Offline Access» option and click on «Next«:

• Select «YES» and click on «Next«:

• Click on «Next«:

• Click on «Next» again:

• And lastly click on «Ok«:

Hope you find this article useful.

Some days ago, i found myself with a client petition, where they wanted to restrict the access to Exchange Online on a few users only to be able to access their e-mail via OWA. Well after i bit of investigation i found out how to do it via PowerShell, so here are some CmdLets to do so:

Of course, we need to have our environment ready for Office365 administration via PowerShell.

Once we have our system logged on to Office365 via PowerShell with our admin credentials, we can run the following commands as needed:

Disable OWA Access

set-CASmailbox user@domain.com -OWAEnabled $false

Enable OWA Access

set-CASmailbox user@domain.com -OWAEnabled $false

Disable IMAP Access

set-CASMailbox user@domain.com -ImapEnabled $false

Enable IMAP Access

set-CASMailbox user@domain.com -ImapEnabled $true

Disable POP Access

set-CASMailbox user@domain.com -PopEnabled $false

Enable POP Access

set-CASMailbox user@domain.com -PopEnabled $true

Disable Exchange ActiveSync use with mobile devices

set-CASMailbox user@domain.com -ActiveSyncEnabled $false

Enable Exchange ActiveSync use with mobile devices

set-CASMailbox user@domain.com -ActiveSyncEnabled $true

Disable SMS for all the organization

Set-OwaMailboxPolicy Default -TextMessagingEnabled $false

Enable SMS for all the organization

Set-OwaMailboxPolicy Default -TextMessagingEnabled $true

Disable Outlook Access

Set-CASmailbox user@domain.com –mapienabled $false

Enable Outlook Access

Set-CASmailbox user@domain.com –mapienabled $true

I hope you find them useful…

Today we´ll cover something new in Office365 Exchange Online and Exchange 2013, it´s about Inactive Mailboxes. These mailboxes let you keep the contents of a mailbox you´re about to delete indefinitely without the need of a license.

The only requisites we must have in order to get this feature working are:

• Have an Exchange Online Plan 2 or the Online Archive feature.
• Activate the «In-Place Hold» function on every mailbox before the deletion. If we´ve already deleted the mailbox without activating this function, we can bring it back during 30 days from it´s deletion and actívate the function.

So, how do we do it?.

1. First of all will be create/convert a mailbox into inactive. To do so, we must define an undefined retention or a time based retention:
   1. Via GUI:
      1. Access the Exchange Administration Console (EAC)
      2. Click on Compliance Management
      3. Click on the “In-Place eDiscovery & Hold“ tab.
      4. Click on the “+” button.
      5. Give a name and a description to the retention policy and click on “next“
      6. Select the mailboxes you want to include on the retention policyand click on “next“
      7. Click once again on “next” and mark the checkbox that says “place content matching….” and select the time we want to hold the content, indefinitely or by days.
      8. Click on “Finish“
   2. Via PowerShell:
      1. Prepare our environment to run with PowerShell
      2. Run the following command:New-MailboxSearch “Retention_Name” -SourceMailboxes user@domain.com -InPlaceHoldEnabled $true
2. The second thing will be to delete the mailbox we want to retain via the Office365 Administration portal or with the PowerShell command “Remove-Mailbox”

Well, we now have our mailbox archived and hold indefinitely (or the days we want to), so how do we access that content?, via PowerShell:

1. Run the following command on PowerShell:
   

   New-MailboxSearch “Search_Name” -SourceMailboxes “Source_mailbox” -TargetMailbox “Discovery Search Mailbox” -IncludeUnsearchableItems -LogLevel Full

We´ll get the results on our discovery mailbox

Until next time!

Sometimes when we send an E-mail to a recipient with an attachment (i.e, a pdf file), and that recipient uses Outlook Express as an e-mail client, instead of receiving the pdf file, it will receive a file named winmail.dat as an attachment. Well stop looking no more on the recipients server, antivirus software or even the antispam because the problem is in your Exchange server and it can be easily solved.

This situation is due to the encapsulation format that the Exchange servers uses by default and that Microsoft is propietary named TNEF or  Transport Neutral Encapsulation Format. This encapsulates the MAPI properties of the message.

When we send the message with an attachment, and leaves our Exchange Organization but it arrives on an E-mail client that is not compatible with Outlook´s rich text format, the attachment will be replaced for another one named  winmail.dat.

To avoid this situation, whe must simply login to our Office365 subscription using PowerShell with our admin credentials (of course we must have our environment ready for it), and run the following command:

Set-RemoteDomain Default -TNEFEnabled $false

This way all the outgoing messages sent outside our organization wont be using this encapsulation format. Hope many of you find it useful.

In order to Add or Remove Office365 users using PowerShell, we must hace our environment ready to use with PowerShell and connect with Office365.

Once this is done, we can proceed…

Add Users:

We must have available licenses on our subscription if we want to assign one, if this is not the case, then we must Access to our Office365 Administration portal and buy some.

• Log in to our office365 using powershell.
• Run the following command to create the user:

New-MsolUser -UserPrincipalName a.lopez@contoso.com -DisplayName “Antonio Lopez – Contoso Ltd.” -FirstName “Antonio” -LastName “Lopez“

• Specify the location of the user (in this case, Spain)

Set-MSOLUser –UserPrincipalName a.lopez@contoso.com –UsageLocation ES

• Assign a license to the recently created user with the following Cmdlet

Set-MsolUserLicense -UserPrincipalName a.lopez@contoso.com -AddLicenses “tenantname:AccountSKUId”

Where “tenantname” will be in our case “contoso” and “AccountSKUId” will be the plan we wish to assign. The available AccountSKUId are:

K1: SHAREPOINTDESKLESS EXCHANGE_S_DESKLESS

K2: SHAREPOINTWAC SHAREPOINTDESKLESS EXCHANGE_S_DESKLESS

P1: MCOLITE SHAREPOINTLITE EXCHANGE_L_STANDARD

E1: MCOSTANDARD SHAREPOINTSTANDARD EXCHANGE_S_STANDARD

E3: OFFICESUBSCRIPTION MCOSTANDARD SHAREPOINTWAC SHAREPOINTENTERPRISE EXCHANGE_S_ENTERPRISE

E4: OFFICESUBSCRIPTION MCOSTANDARD SHAREPOINTWAC SHAREPOINTENTERPRISE EXCHANGE_S_ENTERPRISE

A2: SHAREPOINTWAC_EDU MCOSTANDARD SHAREPOINTSTANDARD_EDU EXCHANGE_S_STANDARD

Besides, we can run the following cmdlet to determine the AccountSKUId used on our Office365

Get-MsolAccountSku | Format-Table AccountSkuId, SkuPartNumber

Note: if we want to do a license upgrade to a selected user, we must first remove the assigned license and then assign the new one.

To remove a license to a user, run the following:

Set-MsolUserLicense -UserPrincipalName a.lopez@contoso.com -RemoveLicenses “tenantname:AccountSKUId“

Remove a User:

Simply run the following Cmdlet:

Remove-MsolUser -UserPrincipalName a.lopez@contoso.com

This will move the user to the «Deleted Mailboxes» área because it´s not a HardDelete…

Until next post….

Sometimes, there are situations where recieving department messages is not sufficient via distribution groups, but also exists the need to answer them or even write new ones using the department address and not from the personal assigned mailbox… For that, Microsoft has brought some Cmdlets that we can use with PowerShell: SendAs and SendOnBehalfOf.

So lets begin telling the differences between them:

SendAs: It let us send messages using the department address (i.e: administration@contoso.com) from the personal assigned mailbox (i.e: user@contoso.com , this way, the destinatary will recieve the sent message with the department name as the sender.

This method is really useful in situations where we have two personal addresses inside the organization (i.e: an alias) and don´t want to spend on another license to use with a new mailbox…

Also, if what we want is to set a rule where the personal assigned mailbox cannot send messages outside the organization except if the message is sent using the department address, this method is the solution for it.

SendOnBehalfOf: It let us send messages On Behalf Of the company department (i.e: user@contoso.com on behalf of administration@contoso.com), this way the destinatary will recieve the message with the sender as “User on behalf of department» (i.e: John Summer on behalf of Contoso Administration Department).

This method is really useful when what we want is to let know the destinatary who sent the message inside the company department, or who did the reply, and all the department recieve the reply when the destinatary does it.

Well once this is all cleared, lets explain the process for doing this with both methods. Lets keep in mind that to do so, we must have our PowerShell environment prepared for administrating Office365 services…

SendAs

• For use with one specific user:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Add-RecipientPermission department@contoso.com -AccessRights SendAs -Trustee user@contoso.com -Confirm:$false

• For use with Security or Distribution Groups:

Add-RecipientPermission department@contoso.com -AccessRights SendAs -Trustee group@contoso.com -Confirm:$false

• Viewing the SendAs permissions applied on the organization:

Get-RecipientPermission | where {($_.Trustee -ne ‘nt authority\self’) -and ($_.Trustee -ne ‘null sid’)}

• Viewing the SendAs permissions applied to a specific user:

Get-RecipientPermission –Trustee User@contoso.com

• Revoke SendAs permissions to a specific user:

Remove-RecipientPermission department@contoso.com -AccessRights SendAs –Trustee user@contoso.com

SendOnBehalfOf

• For use with one specific user:

$LIveCred = Get-Credential$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Set-DistributionGroup Department@contoso.com -GrantSendOnBehalfTo user@contoso.com

The only problem with this code is that when we run it again for another user, this last execution will replace the previous one (always with the same department) and will be the only one to send on behalf of the department. To avoid this problem here´s a workarround:

$a = Get-DistributionGroup department@contoso.com

$b = Get-User user@contoso.com

$a.GrantSendOnBehalfTo += $b.DistinguishedName

Set-DistributionGroup department@contoso.com -GrantSendOnBehalfTo $a.GrantSendOnBehalfTo

Get-DistributionGroup department@contoso.com | fl name,grant* > List_SendOnBehalfOf_assigned_permissions_on_department.txt

This way we can add users to Send On Behalf Of in nested mode, but instead it will require to run this code each time we want to add another user and the administration task will be some lines more to achieve our goal…

• For use with Distribution and Security Groups: This is the best option, it´ll sabe us administration time, avoiding unnecessary lines in our PowerShell each time a new user enters a department…

$a = Get-DistributionGroup department@contoso.com

$b = Get-DistributionGroup «Distribution Group»

$a.GrantSendOnBehalfTo += $b.DistinguishedName

Set-DistributionGroup department@contoso.com -GrantSendOnBehalfTo $a.GrantSendOnBehalfTo

Get-DistributionGroup department@contoso.com | fl name,grant* > List_SendOnBehalfOf_assigned_permissions_on_department.txt

I´ve added the «> List_SendOnBehalfOf_assigned_permissions_on_department.txt» on the last line to know who has SendOnBehalfOf permissions inside the department and send it to whoever asks for it (i.e: our IT Manager)

Once this is done, the user will only have to specify the address from where he wants to send the message inside OWA or Microsoft Outlook.

In Microsoft Outlook (if the user doesn´t have more than one account configured) we must enable the «From:» field inside a new E-Mail – Options – From: (above «show fields») and then we can specify the address where we want to send the message from typing it after clicking in «Othe E-Mail address»

Inside OWA occurs the same thing, and we must proceed the same way to enable de From: field.