Mail-enabling Guest Users or “How I made everyone show up in the Address Book”

So, today, I received an email from one of my esteemed colleagues asking how we could get B2B Azure AD tenant guests to show up in the Office 365 GAL.  I thought, “Yeah, that should be something that’s possible.  I mean, they have email addresses.” In a rare turn of events, it actually is as…

2

Using “Restore-RecoverableItems”, or “how I saved my own bacon”

Since the dawn of time (or at least, since the dawn of the Epoch), people have been inadvertently deleting stuff.  As is attributed to Uncle Ben, “with great power comes great responsibility,” and so it is true with the system administrator.  The ability to delete an email is insignificant next to the power of the…

0

Updated Tool Roundup!

Over the last couple of days, I’ve updated a few tools that I have published on the gallery.  Here’s the run-down: AAD Connect Network and Name Resolution Test I’ve been busy with this tool a lot lately, both adding tests and tweaking the way things are done.  This week, I did work with Seamless SSO…

0

Export Exchange Online Client Access Report

So, imagine this: The security team comes to you and asks you for a report on how people are accessing Exchange Online services–browser, mobile, Outlook client.  In the olden days of Exchange on-premises, you could look at the IIS logs to check browser traffic.  It’s not quite the same in Exchange Online, since you don’t…

0

Block direct delivery to @onmicrosoft.com addresses in a hybrid environment

We’re all familiar with how Office 365 tenants work–when you spin up a new Office 365 tenant, you get a managed domain (tenant.onmicrosoft.com).  Then, maybe you configure a hybrid environment, and now your tenant has your domain, as well as your original tenant.onmicrosoft.com domain, and a new tenant.mail.onmicrosoft.com.  The two managed domains–tenant.onmicrosoft.com and tenant.mail.onmicrosoft.com both…

5

Detecting Outlook / Exchange data exfiltration

While I was working on a script to configure Office 365 Secure Score settings, I came up with a few scripts that I thought would be helpful in monitoring your messaging environments.  Many organizations have policies against data exfiltration, but detecting and enforcing are totally different animals.  One method that an attacker can set up…

1

Update to Wipe Exchange Online Mailbox script

Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes.  Fortunately, it ended up being much easier than I anticipated: When I enumerated the mailbox originally, I used: $Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service, [Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root) In order to access the Archive folder, I just had to change…

0

Manage Office 365 Distribution Groups via Excel spreadsheet or CSV

A consultant friend of mine posed an interesting question to me this week–one of his customers wanted to be able to let his users administer a cloud-managed Office 365 distribution group by uploading a CSV or Excel spreadsheet.  From an administration perspective, I have done an incredible amount of directory management tasks using CSVs, so…

5

Disable Office 365 Groups Creation: Redux

Update: I posted roll-back steps at the bottom of the article. Several months ago, I wrote a blog on Disabling Office 365 Groups.  It seems as though we couldn’t leave well enough alone.  Such is a price of progress. I got a new laptop a few weeks ago, and then found myself in the position of…

26

Migrating Hybrid Public Folders to Office 365

Update: Shameless plug: I’ve written more extensively about public folder migrations from both the 2007/2010 and 2013/2016 perspectives in the book, “Office 365 Administration: Inside Out,” available at http://aka.ms/thebookonit. So, tonight I started the last phase of one of my longest-running projects since joining Microsoft–an Exchange Online migration for a school district that I began…

94