Archivo

Entradas Etiquetadas ‘administration’

Restrict access to Exchange Online

martes, 26 de marzo de 2013 Sin comentarios

 

Cambiar-idioma-esp

ExchangeOnline

Some days ago, i found myself with a client petition, where they wanted to restrict the access to Exchange Online on a few users only to be able to access their e-mail via OWA. Well after i bit of investigation i found out how to do it via PowerShell, so here are some CmdLets to do so:

Of course, we need to have our environment ready for Office365 administration via PowerShell.

Once we have our system logged on to Office365 via PowerShell with our admin credentials, we can run the following commands as needed:

Disable OWA Access

set-CASmailbox user@domain.com -OWAEnabled $false

Enable OWA Access

set-CASmailbox user@domain.com -OWAEnabled $false

Disable IMAP Access

set-CASMailbox user@domain.com -ImapEnabled $false

Enable IMAP Access

set-CASMailbox user@domain.com -ImapEnabled $true

Disable POP Access

set-CASMailbox user@domain.com -PopEnabled $false

Enable POP Access

set-CASMailbox user@domain.com -PopEnabled $true

Disable Exchange ActiveSync use with mobile devices

set-CASMailbox user@domain.com -ActiveSyncEnabled $false

Enable Exchange ActiveSync use with mobile devices

set-CASMailbox user@domain.com -ActiveSyncEnabled $true

Disable SMS for all the organization

Set-OwaMailboxPolicy Default -TextMessagingEnabled $false

Enable SMS for all the organization

Set-OwaMailboxPolicy Default -TextMessagingEnabled $true

Disable Outlook Access

Set-CASmailbox user@domain.com –mapienabled $false

Enable Outlook Access

Set-CASmailbox user@domain.com –mapienabled $true

 

I hope you find them useful…

SendAs and SendOnBehalfOf with Exchange Online via PowerShell

viernes, 11 de enero de 2013 Sin comentarios

 

Cambiar-idioma-esp

Sometimes, there are situations where recieving department messages is not sufficient via distribution groups, but also exists the need to answer them or even write new ones using the department address and not from the personal assigned mailbox… For that, Microsoft has brought some Cmdlets that we can use with PowerShell: SendAs and SendOnBehalfOf.

So lets begin telling the differences between them:

SendAs: It let us send messages using the department address (i.e: administration@contoso.com) from the personal assigned mailbox (i.e: user@contoso.com , this way, the destinatary will recieve the sent message with the department name as the sender.

This method is really useful in situations where we have two personal addresses inside the organization (i.e: an alias) and don´t want to spend on another license to use with a new mailbox…

Also, if what we want is to set a rule where the personal assigned mailbox cannot send messages outside the organization except if the message is sent using the department address, this method is the solution for it.

SendOnBehalfOf: It let us send messages On Behalf Of the company department (i.e: user@contoso.com on behalf of administration@contoso.com), this way the destinatary will recieve the message with the sender as “User on behalf of department» (i.e: John Summer on behalf of Contoso Administration Department).

This method is really useful when what we want is to let know the destinatary who sent the message inside the company department, or who did the reply, and all the department recieve the reply when the destinatary does it.

Well once this is all cleared, lets explain the process for doing this with both methods. Lets keep in mind that to do so, we must have our PowerShell environment prepared for administrating Office365 services

 

SendAs

  • For use with one specific user:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Add-RecipientPermission department@contoso.com -AccessRights SendAs -Trustee user@contoso.com -Confirm:$false

  • For use with Security or Distribution Groups:

Add-RecipientPermission department@contoso.com -AccessRights SendAs -Trustee group@contoso.com -Confirm:$false

  • Viewing the SendAs permissions applied on the organization:

Get-RecipientPermission | where {($_.Trustee -ne ‘nt authority\self’) -and ($_.Trustee -ne ‘null sid’)}

  • Viewing the SendAs permissions applied to a specific user:

Get-RecipientPermission –Trustee User@contoso.com

  • Revoke SendAs permissions to a specific user:

Remove-RecipientPermission department@contoso.com -AccessRights SendAs –Trustee user@contoso.com

 

SendOnBehalfOf

  • For use with one specific user:

$LIveCred = Get-Credential$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LIveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Set-DistributionGroup Department@contoso.com -GrantSendOnBehalfTo user@contoso.com

The only problem with this code is that when we run it again for another user, this last execution will replace the previous one (always with the same department) and will be the only one to send on behalf of the department. To avoid this problem here´s a workarround:

$a = Get-DistributionGroup department@contoso.com

$b = Get-User user@contoso.com

$a.GrantSendOnBehalfTo += $b.DistinguishedName

Set-DistributionGroup department@contoso.com -GrantSendOnBehalfTo $a.GrantSendOnBehalfTo

Get-DistributionGroup department@contoso.com | fl name,grant* > List_SendOnBehalfOf_assigned_permissions_on_department.txt

This way we can add users to Send On Behalf Of in nested mode, but instead it will require to run this code each time we want to add another user and the administration task will be some lines more to achieve our goal…

  • For use with Distribution and Security Groups: This is the best option, it´ll sabe us administration time, avoiding unnecessary lines in our PowerShell each time a new user enters a department…

$a = Get-DistributionGroup department@contoso.com

$b = Get-DistributionGroup «Distribution Group»

$a.GrantSendOnBehalfTo += $b.DistinguishedName

Set-DistributionGroup department@contoso.com -GrantSendOnBehalfTo $a.GrantSendOnBehalfTo

Get-DistributionGroup department@contoso.com | fl name,grant* > List_SendOnBehalfOf_assigned_permissions_on_department.txt

I´ve added the «> List_SendOnBehalfOf_assigned_permissions_on_department.txt» on the last line to know who has SendOnBehalfOf permissions inside the department and send it to whoever asks for it (i.e: our IT Manager)

Once this is done, the user will only have to specify the address from where he wants to send the message inside OWA or Microsoft Outlook.

In Microsoft Outlook (if the user doesn´t have more than one account configured) we must enable the «From:» field inside a new E-Mail – Options – From: (above «show fields») and then we can specify the address where we want to send the message from typing it after clicking in «Othe E-Mail address»

Inside OWA occurs the same thing, and we must proceed the same way to enable de From: field.

Hide an Office365 user from Global Address List (GAL) via Powershell

miércoles, 9 de enero de 2013 Sin comentarios

Spain__Flag-679

logo-powershell

Today we´ll see how to hide a user from the Global Address List (GAL from now on) in Office365 with the user of Poershell.

We all know that it´s possible to hide a Distribution Group or a Security Group from the GAL, but that option is not available for new and existing mailboxes and users via GUI (Graphical User Interface), but it´s possibe with the user of Powershell. So lets see how to do it:

hide_group

The first thing will be to prepare our environment if we already don´t have it to connect with Microsoft Online Services.

Then we must log on to our Office365 subscription with admin credentials using powershell, and run the following command:

 Set-Mailbox -Identity user@contoso.com -HiddenFromAddressListsEnabled $true

Once it finishes, the user will be hidden from the GAL :)

Fast and easy! until next post.

Disable password expiration on Office365 accounts

martes, 8 de enero de 2013 Sin comentarios

Spain__Flag-679

 

Before beginning this post, i must say that this is only possible via powershell, so we must have our environment ready for office365, if you don´t have it, click here to get it done..

If you alredy have the envornment ready for it, then proceed with the following code:

  • $LiveCred = Get-Credential (Get credentials to log on our office365 subscription)
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection (configure the type of session)
  • Import-PSSession $Session (import the session from the server)
  • Connect-MsolService (connect to Online services and input one more time our admin credentials)
  • Get-MsolUser -UserPrincipalName user@contoso.com | Set-MsolUser -PasswordNeverExpires $true (specify that the user user@contoso.com to never expire his password)

If we want to apply for all users created, then run the following commands:

  • Get-MsolUser | Set-MsolUser -PasswordNeverExpires $true
  • Get-MsolUser | Select UserPrincipalName, PasswordNeverExpires

Hope it helps someone.

How to append a disclaimer in Exchange Online

domingo, 6 de enero de 2013 Sin comentarios

Cambiar-idioma-esp

On this post, i´ll explain how to configure a disclaimer on our Exchange Online subscription.

Even though you can configure it as part of the signature in our Outlook, this tutorial is specially good for companies with many pcs and users on one or more sites.

It´s good to say that this procedure covers all that an outlook signature can´t, i.e, mobile devices like BlackBerry, Android, Windows Phone, IPhone, etc… that have the Exchange account configured, when sending e-mails, automatically append the disclaimer, and don´t write it every time we configure each one of our devices (including OWA).

It´s precise to remark before you continue reading this article, that the options we´ll be using, will only be available on E1, E2, E3, E4 and Exchange Online Plan 1 subscriptions. If we have an Office365 P1, we wont have those options available because that feature is not available on small and mid-sized company plans.

Once cleared this off, lets proceed creating our disclaimer on our Office365 environment.

  • First of all, access the administration portal http://portal.microsoftonline.com , using the admin credentials.
  • Once inside, go to «Manage» just under «Exchange» on the center area.
  • It will open the Exchange Administration console of our company, then click where it says «Mail Control«
  • Then go on and click on the button where it says «New«, in order to create a new rule.
  • It will open a new windows where we can choose conditions, actions and set the name of the rule. We´ll begin setting the condition «If: the recipient is…» and select «Outside the Organization«.
  • Then select the action to take if the condition is made. On our case we will select «Apply a disclaimer to the message» and «Append a Disclaimer».
  • Click on «Enter Text» and write the text we want to appear on the disclaimer
  • Then on Select One and «ignore«.
  • Indicate a name to the rule i.e: «Disclaimer» and with all this, we have our disclaimer configured. Besides we still have to do something else to avoid a disclaimer nesting within a conversation, so lets click on the text where it says «More Options» to enable the exceptions.
  • On this area, select the option «Except if…: the subject or the body…» and select the option «the subject contains one of this words…«
  • A new window will open, where we can add the following words (including the «:») «Re:» y «Fw:» to avoid appending any disclaimer on answers and forwards.
  • Accept and Save the rule, and from this moment we will have our disclaimer working.

Add an image as a signature inside OWA on Exchange Online

sábado, 5 de enero de 2013 Sin comentarios

Cambiar-idioma-esp

In this post i will teach you how to insert an image to use as a signature inside OWA on Exchange Online, so lets begin:

In order to do so, we will need to make some workarounds to beat the system, because Microsoft doesn´t support officially or at least in a clear way this feature.

  • The first thing will be pick our image or logo (my contact info in my case including my company logos as a single image) and upload it to any web server (i upload it inside a folder named «signatures» hanging out the root folder of my website).
  • The second thing will be, open the url where the image is located inside any web browser (including the whole http:// stuff, in example: http://www.myweb.com/signatures/mylogo.jpg)
  • Right Click on the displayed image in click on «Copy»
  • Access our OWA (https://portal.microsoftonline.com) and click on where it says «Outlook«.
  • Click on «options» and then on «see all options«
  • Then on «Settings» and where it says «E-Mail Signature», type the preceding text (i.e: «Cheers:» , «Sincerely yours»…) and then paste the previously copied image using the combination keys (Ctrl+v). Note that there´s no button labeled «paste» and that the context menu doesn´t work neither inside the signature area…
  • And finally just mark the checkbox where it says «Automatically include my signature on messages I send» and then click on «Save» at the bottom of the page.

 

 

From now on, all the outgoing messages sent using OWA, will be sent with the desired signature including the image ;).

Office365 Administration with Powershell

viernes, 4 de enero de 2013 Sin comentarios

Cambiar-idioma-esp

On this post, i´ll explain what we need to connect and administrate Office365 with powershell.

The first thing we will do is download and install Powershell if we don´t already have it.

The second thing will be to download and install the Microsoft Online Services Sign In Assistant (it says beta but it´s the last versión you need to install)

The third thing will be to download and install the Office365 Cmdlets (we will need it for running Online Services commands). for 32bits and for 64bits depending on the OS you have.

  • The next thing we´ll do is check that we have the environment correctly configured in order to run sequences for Office365:
    • Start PowerShell as Administrator.
    • Run the command «Get-ExecutionPolicy» and we will get a value, if the obtained value is NOT equal to «Remote Signed» we will have to change it using the command «Set-ExecutionPolicy RemoteSigned» (this way we indicate to the system that all scripts we run, must be signed by a trusted publisher)
    • Start a Command line as Admin (cmd) and run the following commands:
      • net start winrm
      • winrm get winrm/config/client/auth
      • winrm set winrm/config/client/auth @{Basic=»true»}
  • Once the environment is installed and checked, start Powershell as Admin and run the following commands:
    • $LiveCred = Get-Credential  (Get the Office365 Administration credentials of our subscription)

    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection (here we pass the introduced credentials to the Session variable in order to be used on our Office365 subscription via powershell)
    • Import-PSSession $Session (and finally import the session from the server, in order to work on it).

Once it´s all done, we can start working and do all the modifications we want over our Office365 subscription, like creating a shared mailbox, assign permissions over a mailbox and much more…

To get an idea of the commands you can use on this environment for Office365, here´s a list fo the available Cmdlets, nut the best thing we can do is investigate using the command Get-Help <command> ;).