Block direct delivery to @onmicrosoft.com addresses

We’re all familiar with how Office 365 tenants work–when you spin up a new Office 365 tenant, you get a managed domain (tenant.onmicrosoft.com).  Then, maybe you configure a hybrid environment, and now your tenant has your domain, as well as your original tenant.onmicrosoft.com domain, and a new tenant.mail.onmicrosoft.com.  The two managed domains–tenant.onmicrosoft.com and tenant.mail.onmicrosoft.com both…

1

Detecting Outlook / Exchange data exfiltration

While I was working on a script to configure Office 365 Secure Score settings, I came up with a few scripts that I thought would be helpful in monitoring your messaging environments.  Many organizations have policies against data exfiltration, but detecting and enforcing are totally different animals.  One method that an attacker can set up…

2

Update to Wipe Exchange Online Mailbox script

Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes.  Fortunately, it ended up being much easier than I anticipated: When I enumerated the mailbox originally, I used: $Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service, [Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root) In order to access the Archive folder, I just had to change…

0

Manage Office 365 Distribution Groups via Excel spreadsheet or CSV

A consultant friend of mine posed an interesting question to me this week–one of his customers wanted to be able to let his users administer a cloud-managed Office 365 distribution group by uploading a CSV or Excel spreadsheet.  From an administration perspective, I have done an incredible amount of directory management tasks using CSVs, so…

3

Disable Office 365 Groups Creation: Redux

Several months ago, I wrote a blog on Disabling Office 365 Groups.  It seems as though we couldn’t leave well enough alone.  Such is a price of progress. I got a new laptop a few weeks ago, and then found myself in the position of helping out a few colleagues this week.  One of the tasks…

21

Migrating Hybrid Public Folders to Office 365

So, tonight I started the last phase of one of my longest-running projects since joining Microsoft–an Exchange Online migration for a school district that I began nearly a year and a half ago.  40,000 mailboxes down and 13,000 public folders remaining. One of the things that we recommend for Hybrid Public Folders is that you…

65

Troubleshooting Mailbox Migration Error “You can’t use the domain because it’s not an accepted domain for your organization.”

While migrating users via MRS between organizations (especially to Exchange Online), a pretty common error that I run across is: You can’t use the domain because it’s not an accepted domain for your organization. This error is generated because the MailUser object of the user you’re attempting to migrate has a proxy address attached to…

12

Removing Proxy Addresses from Exchange Recipients

I saw a request come through the other day for a method to remove unwanted proxy addresses for contacts.  I’d had some code sitting around from a project a few years back and decided to freshen it up, and maybe add some newer tricks. So, the original idea was to select a bunch of users…

8

Migrating EOP Settings Between Tenants

I find myself currently writing tools to both support my and other organization projects, as well as looking for ways to refine existing tools and scripts, make my life easier for future migrations, and provide additional resources to the community to help other customers more successfully use our products. Today’s tool fulfills all of those…

0

Export and Import Calendar Processing Information

During my current project, it became necessary to capture additional calendar processing parameters that are not preserved during a normal hybrid move–such as booking policies. Some of the challenges that I faced with this tool: Blank or unpopulated attributes Conversion of sAMAccountName values to PrimarySmtpAddress Multiline attributes with special characters Attributes that were set for…

4