Entradas Etiquetadas ‘english articles’

The GuruXP repository – March 2014

sábado, 5 de abril de 2014 Sin comentarios

Stuck messages on Draft with Exchange Server 2013

viernes, 14 de marzo de 2014 Sin comentarios



Hi all, today I had the opportunity to solve one of my customers Exchange Server 2013 issues that is very common in restrictive DNS environments. The issue was about sent messages being stuck at the drafts folder and Exchange Server wasn´t able to send them out when using OWA (or Outbox with Outlook).


Well, of course it´s Exchange Server 2013 we´re talking about, but… do you know what Exchange Online is running on??? Yep!, Exchange Server 2013 :), so it can happen also if you´re on Exchange Online with the difference that the solution resides on what you can´t see and Microsoft Support Team will be the only ones able to solve it on this case.

But the story is different when you have an On-Prem or Hybrid environment :)

The main reason of why the outgoing messages are being stuck at the drafts folder is because of DNS bindings that may be incorrectly configured, and Exchange has to know where the message has to be given.

So, you would like to take a look at the EAC – Servers – Double Click to the CAS server that has the issue – DNS Lookups, and configure the DNS servers for both, Internal and external mails.



After that your users should be able to send messages normally.

Multi-Factor Auth inside Office365

viernes, 21 de febrero de 2014 Sin comentarios



Hi, todays article is about Multi-Factor Auth for Office365.

First of all, lets explain what is it, what are the benefits and then proceed to explain how to enable, configure and manage it via GUI and PowerShell…


Multi-Factor Auth is a multiple validation system that allows us to fortify the security when accessing out system, but not just that, it also allows us to know when someone is trying to access our data and be able to notify as fraud the undesired access. All this with the smple use of an SMS code, telephone call, mobile phone call or via APP.

So, does that means that I will have to input a code each time a access my mailbox?, not exactly, unless you select the send message or call options, our installed APP will be the one in charge to notify us of the access petition and be able to answer if we authorize or decline it.

And what happens with each program on which a make use of my account, will I have to authorize them each time they try to access my data? no, we have the option to configure a unique «APP Password» for every program with a unique activation.

Does that means I can create as many APP Passwords I want? No, we have a 40 APP Passwords limit.

What programs can I use with my APP Password? We can make use of known programs like Microsoft Outlook, Microsoft Lync, Office 2013 suite, and some others like Lync mobile client, Windows 8 and 8.1 Mail APP or the Office365 Activation assitant.

What is the name of the APP that I can use to authenticate the access? The APP is called «Multi-Factor Auth» and it’s available for IOS, Android and Windows Phone of course, just search for it on the store.

Is this feature available for all of the Office365 plans? No, just for MidSize, Enterprise (E1, E3 and E4) and Standalone (Exchange Online and Sharepoint Online) plans, so no Small Business plans are supported.


To enjoy this feature we just have to enter our Office365 portal as an admin and enable it for the users we want:

  • Enter our Office365 portal ( as an admin and click on «Users and Groups» and then on «Set up» dentro de «Set Multi-factor Authentication requirements»:


  •  On «View» select the view to be applied of the users we want to be shown, in my case I selected «Sign in allowed users«:


  • Select the users we want to enable and click on «Enable» and «Enable multi-factor auth» on the popup window:

0auth3 0auth4

Once the admin part is done, we can now proceed to do the user part. This is what the user is supposed to do once he enters the first time to the portal. It’s very important that the user logs in onto the portal before doing anything else with his account.


  • This will take us to the aditional security verification page, select the option we want and continue, on this case we will select «Notify me through app» and then click on  «Configure«:


  • Follow the steps and click on «Done«:


  • Once this is done, t will ask us if we make use of programs like Microsoft Outlook or Lync to create APP Passwords, in this case we will assume the user makes use of Microsoft Outlook, so we’ll create one clicking on «Create«:


  • Assign a name for the program, copy and paste the generated code inside the credentials request of our Microsoft Outlook. This password will not be shown again so it’s important to copy and paste it directly :


  • If we have the need to create more APP Passwords or modify the contacting method, we just have to enter our portal, click on the little hog on the upper right side and then on  «Office365 Settings», select the option «additional security verification» and click on «Update my pnone numbers used….», this will give us access to the settings and APP Passwords configuration area:


auth10 auth11

Auth9 Auth8.19


In order to work with Multi-Factor Auth, we must follow the next steps:

Connect-MsolService $MultiFactorAuth= New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $MultiFactorAuth.RelyingParty = «*» $MultiFactorAuth = @($MultiFactorAuth)

Once the object has been created, you can start running the different options:

  • To enable just one specific user:

Set-MsolUser -UserPrincipalName -StrongAuthenticationRequirements $MultiFactorAuth

  • Enable on all users:

Get-MsolUser -All | Set-MsolUser -StrongAuthenticationRequirements $MultiFactorAuth

  • List all users with the enabled feature:

Get-MsolUser | Where-Object {$_.StrongAuthenticationRequirements -like «*»}  | select DisplayName,UserPrincipalName,StrongAuthenticationMethods,StrongAuthenticationRequirements

  • Disable the feature on a specific user:

$MultiFADisable = @() Set-MsolUser -UserPrincipalName -StrongAuthenticationRequirements $MultiFADisable


Just one thing, If we enable this feature on an admin account, keep in mind it wont be able to manage the subscription via PowerShell because its not supported, to do so, Microsoft recommends to create another account without any license applied and strong password to be used for powershell.


Once we try to log in via the portal, it will show us a notification on the app where it asks us to verify or cancel:

wp_ss_20140217_0001 wp_ss_20140217_0002 wp_ss_20140217_0003



Dissallow sending mails outside the org

sábado, 8 de febrero de 2014 Sin comentarios



Hi, today I´ll explain a very quick and simple process to avoid users from sending messages outside the org using Exchange Online.

First of all, we need to enter our Office365 subscription portal ( and then access our Exchange Admin Center (EAC) from the upper right side where it says «Admin» and then clicking on «Exchange» (check this out if you have a small business subscription).


Once we´re inside, click on the «Mail flow» section and then on the «rules» tab  to create a new transport rule, click on the «+» sign and then on «create a new rule…«.

  • Type a name to identify the rule and be able to associate with like «outgoing messages restrictions».
  • Click on the bottom part where it says «More options«
  • On «Apply this rule if…» select «The sender is this person» and select all users that will apply the restriction.
  • Click on «Add condition«
  • Select «The recipient is, external/internal«, and «Outside the organization«
  • On «Do the following…» select the «Block the message» and «Reject the message and include an explanation» option.
  • Specify a message to be delivered as a reason for the blocked users that try to send messages outside the org like «Sending messages outside the org is not permitted» and accept..
  • Click on «Save» and we´re done.


Best of all is that we don´t need to create another rule for each user that we want to apply the same behaviour, we just simply have to edit the rule and add the users we want or create a group and add it as a recipient.


The new Yammer APP for Windows

domingo, 19 de enero de 2014 Sin comentarios




Hi, it’s well known that Yammer as well is great for team collaboration in a social level, but is also known that one of the weaker points of Microsoft social platform either if it’s part of the Office365 suite or as a standalone plan, is their notification APPS.

Well, some days ago I received a mail from the Yammer product team on which they announce the end of the actual Windows APP based on  Adobe Air to give pass to the new Windows Notifier APP.

From my point of view, the only problem that had the Windows APP was that when you read a message or a thread on the APP, these weren’t synced with the web, I mean, if we read a message on the APP, and then, we enter some days later to the web, the messages were still on an unread status.

According to the mentioned E-Mail, this is being done because they don’t want the APP to be a replacement of the web, but a companion APP to notify about changes on conversations in real time so we can read on the web directly by clicking on the alert.

I decided to test it out and these were the results:

  • The installation was fast and easy.
  • The configuration represented no complication for basic users.


  • Once the APP was running, I observed that it limits Only to alert over the home network, what it means that if we have more than one network inside our Yammer (which is more common every day) we wont have any type of alert like we had on the old APP where we could select the network to work with.
  • Once read all the alerts and inbox messages on the web, passed a few seconds, the APP will update and remove the notifications.


  • It will show us alerts not only of the inbox messages, but also the all company messages and all group messages,  and not only as a visual notidication but also with a sound notification (something we didn’t had before).


In conclusion, we hope some features like alerts for multiple networks be part of the APP on a close future if what they pretend is to be a companion APP and not a replace of the web, so it will make sense for the many profiles that make use of multiple yammer networks with one account.

If you want to try it out you can download it from here:

PS: Enable RMS for Office365

sábado, 11 de enero de 2014 Sin comentarios



Many of you already know what Rights Management Services (RMS) can do for us on an AD environment under the ADRMS role, and also are up to date that Office365 integrates this as a feature on enterprise plans.

Well, there are some situations which you want to enable RMS on a tenant via GUI and just after clicking the activate now button, the process gets stuck with the following screen no matter how much time you leave it (normally it takes no much more than 2 minutes):


For all of those that are suffering the situation, you have an inmediate solution via PowerShell following these steps:

Import-Module AADRM

  • Connect to the service with Global Administrator credentials:

Connect-AadrmService -Verbose

  • Finally enable RMS:



This process shouldn’t last longer than 2 minutes, after then we can disconnect off the service with the following CmdLet:




PS: Configuring read receipts in Exchange Online

viernes, 3 de enero de 2014 Sin comentarios




Hi, today I’ll be bringing you a short but useful article for large orgs. Often we encounter with read receipts confirmations when we receive e-mails and many of the users reject them, what are the meaning of those then?, well if we can’t control external users from doing that, we can for our org users.

Of course we can do it via GUI either by OWA or by Outlook, but we have two inconvenients, one is that those settings will be applied only with client depending, and the other one is that is not operative to do it one by one on large orgs. So what happens when we have 300+ users? POWERSHELL!

To do so, we need to get our environment configured and once this is done, run the following CMDLET:

Set-MailboxMessageConfiguration -Identity -ReadReceiptResponse NeverSend

In this case we will be configuring the user to never send read receipt confirmations, but we can customize it replacing the «NeverSend» with the following options:

  • «DoNotAutomaticallySend»  To always ask for confirmations
  • «AlwaysSend» To always send confirmations
  • «NeverSend» To never send confirmations

But how do we apply this to all users? very simple, making use of the «|» to the command we want to preceed, i.e:

Get-User | Set-MailboxMessageConfiguration -ReadReceiptResponse AlwaysSend

To confirm that the value has been correctly applied, we can run the following:

Get-MailboxMessageConfiguration -Identity | fl ReadReceiptResponse


Migrate Office365 family plans easily

viernes, 27 de diciembre de 2013 Sin comentarios


Until now, we had to be really careful when choosing the right Office365 plan for our Org, because if we chose a P1 plan and later on we wanted to change to an E1 plan because of the need to, we would have to pass thru a hell setting up a new E1 subscription, create users, configure the environment again, add the domain, export one by one the users data to later on import them to the new subscription, etc…

Well, after so many time, Microsoft made possible the path to migrate different family plans (SKU) through the portal to another one greater than the one we have, without the need of any of the previous steps.

Of course there are some limitations when doing it and in resume, you cannot downgrade, only upgrade to a different plan.

If you want to learn some more about it, here’s a link from Microsoft on how to do it and the limitations that may exist:

Get subscription managed by Office365 Partner

sábado, 13 de abril de 2013 Sin comentarios



It´s a lot of time i haven´t published anything about Office365 with the use of PowerShell, so today i will not just write about it, but also be writing about helping partners with the Office365 client management.

Actually there are many partners that use some PowerShell commands to manage their client subscriptions to be able to apply changes massively, but not much know about two commands:

Get-MsolPartnerContract and Get-MsolPartnerInformation

So let´s get what these return to us:

  • First of all (of course) will be to get our environment prepared for PoweShell and Online services.
  • Second thing we´ll do is to start the Microsoft Online Services for Windows PowerShell Module (we´ll find it on the installed program list)
  • Once it´s started, run the Connection chain and use your admin credentials as a partner:

$LIveCred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $LIveCred -Authentication Basic -AllowRedirection Import-PSSession $Session

  • Then connect to the MSOL service with the Partner admin credentials once more:


  • Once we´re inside the system, run the following command to get a list of the subscription we manage as a Partner:


The only problem here is that it doesn´t give us a clear output because the only value it returns is the Tenant Id:


So here´s where the other command will help us:

  • The Following command will let us obtain the Info associated to a Tenant Id:

Get-MsolPartnerInformation -TenantId <id>

This would be the result:


The only problema is that we would have to run two commands to get the Info we want and it´s a bit messy, so lets use the functionality and power that PowerShell gives us like the chained commands and use the next command::

Get-MsolPartnerContract | Get-MsolPartnerInformation

This way we will get the Info without the need to investigate about the id that is linked to it.

Hope you Partners find it useful.

Creating shared mailboxes in Office365 – Wave15

viernes, 12 de abril de 2013 Sin comentarios





One of the new things in Office365 new plattform admisnitration is the new graphical way to create shared mailboxes without the need to use PowerShell (we still can do it the PowerShell way) so here´s how to do it:


  • The first thing we need to do is Access the Office365 Portal with our admin credentials.
  • Then we need to click on the upper right hand corner where it says «Admin» and select «Exchange«.


  • Then click on «Shared«.


  • Click on  «+» to create a new mailbox.
  • Give a Display Name, an E-mail address and assign the Full Access and Send As permissions for the users we want to include on it and finally click on Save.


If we double click the recently created shared mailbox we´ll get some other options of interest like restricting access to the mailbox via OWA, IMAP, policies asignment or inclusive hide it from the GAL.

Hope you find the Info useful.