Recent Discussions
Change Coming for How Outlook Extracts Events from Email
The Outlook events from email feature changes from January 31, 2026. Events will only be created if notifications support the properties for events defined by schema.org. Seeking consistency is a good idea, especially if it means that Outlook can process notifications sent by airlines, car hire companies, and other event providers in a way that doesn’t happen today. However, some disruption is likely. https://office365itpros.com/2025/09/30/events-from-email-schema/
Meeting rooms - end of synchronization with AD
Hi all, We have a hybrid environment, and the meeting rooms are "physically" in Exchange Online—I can no longer see them on the on-premises Exchange server. However, they are still synchronizing from AD. What do I need to do to ensure that the meeting rooms are completely in Exchange Online and do not synchronize from AD? So that the "point of truth" is in Exchange Online? Thank you for your tips.
Exchange 2016 to SE and Exchange Online questions
Hi, We're currently in the process of migrating from Exchange 2016 to Exchange Subscription Edition (SE), along with moving a portion of our mailboxes to Exchange Online. We have approximately 3,000 mailboxes, and around 2,000 of those will eventually end up in Exchange Online—for various reasons (don’t ask why…). I have a few questions I'd like to clarify and hope you can assist: Exchange On-Premises Questions: If a user mailbox is moved to Exchange SE, can they still access shared or user mailboxes that remain on Exchange 2016? Do we need to migrate them in the same batch to preserve access/permissions? (should't be an issue in the same Exchange Org right?) If a shared mailbox is migrated to Exchange SE while the user mailbox remains on Exchange 2016, will access still work? Do we need to point the Hardware Load Balancer (HLB) to the new Exchange SE servers before mailbox moves to allow proper client connectivity and proxying back to Exchange 2016? Or is it okay to keep the HLB pointed to the Exchange 2016 servers until all migrations are complete and then switch it over? Proxy upwards from Exchange 2016 to Exchange SE? What’s the best practice here? Pros/cons? Exchange Online Questions: If we want all outbound mail to go through the on-prem Exchange environment—even for Exchange Online mailboxes—is this configured via the Hybrid Configuration Wizard (HCW)? Is the Litigation Hold status preserved when migrating a mailbox to Exchange Online? Can a mailbox hosted in Exchange Online access a shared mailbox still residing on-prem? (Should't be an issue right?) Can an on-prem mailbox access a shared mailbox that has been migrated to Exchange Online? For mailboxes with Full Access or Send As permissions (e.g. user mailboxes tied to shared mailboxes), do they need to be migrated together in the same batch to retain functionality? We’ll be using native Microsoft migration tools (no 3rd-party solutions). If I recall correctly, separate migrations will still allow Full Access?!?, but Send As may not work properly unless migrated together. Is that still accurate?Migrating on-prem functional shared mailboxes to 365
I have an on-premises Exchange environment (SE Edition) with Edge servers, configured in a hybrid setup. New users are provisioned directly in Office 365, but many legacy users still exist solely on-premises. In addition, we have around 800 shared/functional mailboxes that are local and were not created as hybrid objects. I need to migrate these on-prem shared mailboxes to Office 365. I’m unsure of the best approach—should I: Convert them to full hybrid and migrate using the hybrid tools? Recreate them manually in Office 365? Or is there another recommended method? My goal is to make the transition as seamless and transparent as possible for users, while keeping the process simple and efficient on the admin side.Exchange 2016 and deffer delivery
Hi! Is it possible to configure delay of outgoing sending messages for user mailbox, like outlook's deffered delivery? I couldn't find such an option in mailflow-rules, as deepseek says "New-TransportRule -Name "DelaySendForUser" -SenderAddressEquals "email address removed for privacy reasons" -DeferMessageMinutes 2 -Enabled $true" - it doesn't work:))
Issue with Distribution Groups Members
Hello Please i need your help on this issue. Issue with Distribution Groups Members. I created Manually Dynamic Distribution Group and added Users with Exchange Mailbox option but its added all the active licenced users and shared mailboxes and unlicenced users also. I only want Licenced users only in that group where E3 Licenced are assigned and users are active. But all users are added in that group instead of Licenced active users. I need only automatically add active users who has Office 365 Licence. I do not require any shared mailbox users I do not require non-active users NOTE: I do not want to create the users through PowerShell. So please is there a solution for GUI onlyHow to extract domain of the original link from a SafeLink
I'm trying to extract the original domain from the links that are warped by Microsoft SafeLinks I use the Nager.publicsuffix library in C# to parse domains, but with SafeLink's it only returns the SafeLink domain instead of the real one Example: https://ind01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstspg.io%2Fn504fyn3g38x... https://nam.safelink.emails.azure.net/redirect/?destination=https%3A%2F%2Fentra.microsoft.com%2Fdemodomain.cf%23blade... I've tried writing custom logic for SafeLink pattern, but Microsoft seems to use different formats, so it's not reliable Question: What's the best way in C# to reliably detect and unwrap these SafeLink's (or other tracking URLs) so I can extract the original domain before passing it to Nager.PublicSuffix
Missing Teams Contacts after Migration
Hello, We are currently migrating mailboxes from exchange 2019 to exchange online. The migration works absolute flawless. Now we have some employees complaining about missing teams contacts that were previously created in Teams only. The MS support told me that this is a teams limitation and the local contacts are gone. I know about unified contacts, thats contacts are synced now between outlook and teams and newly created contacts are stored in exchange online mailbox. But whatabout the old contacts ?? cant believe that theres no workaround to keep this contacts. Do you know something about this ? Rene
Which ExchangeServerApp is the right one? How to tell?
From running HCW multiple times w/ various exceptions, we have a number of separate ExchangeServerApp instances in Entra. How can I definitively tell which one (or more) is the correct instance? I can't find any of the UUIDs in the Entra entries anywhere in the Exchange Server configuration. I can't run the ConfigureHybridExchangeApplication script because (from the error it gives) it doesn't handle the multiple app identifiers. I submitted feedback but haven't heard back from the CSS-Exchange people. Any guidance appreciated.How to consistently differentiate Microsoft service notification emails from normal user emails?
I receive a large number of notification mails from Microsoft services (SharePoint, Teams, etc.) and they clutter my mailbox. I’ve tried: Inbox rules filtering by sender (e.g., email address removed for privacy reasons) → doesn’t work since Microsoft uses many changing domains. Filtering by Microsoft IP ranges → some internal org mails also get caught. Filtering by domains from Microsoft endpoint list → works, but the list updates monthly, so not reliable. Question: Is there a consistent way (e.g., via Internet message headers or any other property) to reliably identify Microsoft-generated notification emails vs normal user emails?
Licensing question: Exchange Server SE for CSP M365 E3/E5 customers without Extended Use Rights
Does anyone have any information on licensing the new Exchange Server SE for customers who have M365/O365 E3/E5 purchased via CSP but do not have Extended Use Rights (i.e., no EA/EAS -> no on-prem Office server licenses included)? Specifically: Is it enough to license Exchange Server SE per node only, or Do customers also need to purchase Exchange Server CALs per user (even if they already have M365 E3/E5)? I’ve spoken with multiple licensing distributors and a Microsoft partner contact, but I still haven’t been able to get a definitive answer. According to a comment from Jeremy Carlson and Microsoft’s licensing documentation, certain licenses appear to include "CAL-equivalency rights". Can anyone here confirm whether these CAL-equivalency rights cover access to Exchange Server SE in the CSP E3/E5 (no Extended Use Rights) scenario? licensing reference: https://www.microsoft.com/licensing/terms/product/CALandMLEquivalencyLicenses/MCA#clause-2165-h3-1Our mail domain isn't safe by default for Exchange Online users
Hello all, Our PR Team requested to force automatic download of pictures for internal letters that are sent by the team. We decide to use GP setting "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" from Office an administrative template. It works fine for users with on-prem mailboxes because our mail domain is in the Safe Senders by default, but it doesn't work for users with mailboxes in Exchange Online. For EO mailboxes, pictures of internal letters are not downloaded automatically in classic Outlook. They have to add "@<our mail domain" to Safe Senders list to download pictures automatically. Any attempts to add the same domain by using Set-MailboxJunkEmailConfiguration fail because "the domain is the default mail domain"! (And should be treated as safe). Headers show that letters are not "Anonymous" but internal. It looks like a bug, or we missed something in our Hybrid configuration. Any ideas? King regards, Dmitry HorushinMicrosoft some server IP not in SPF List?
We Have add DNS record v=spf1 include:spf.protection.outlook.com -all , but find to SPF is failed spf:demo.com:2603:1096:301:11b::15 how can we solve this problem , because we need increase the security Level , would like quarantine / set to junk mailbox for SPF Fail mail Thank
Configure Dedicated Exchange Server Application
Currently our product ranning exchange 2019 CU15 with Exchange hybrid, so what else need configure other task for configuration of the dedicated application for Exchange Server. HCW8126 - Admin consent was not granted during the configuration of the dedicated application for Exchange Server. The application will be created but will not function until consent is provided. Please re-run the Hybrid Configuration Wizard (HCW) or grant consent via the Entra ID portal before using the application.Hotfix update for 2016 CU23 HU18: (KB5066370) breaks OWA and leaves all services disabled
Has anyone else applied the latest hotfix? First of all it tries to validate open files instead of just killing these processes as part of the update, then after rebooting all the services are left in a disabled state. Then I discover it has broken IIS and OWA doesnt work. We have had client issues all day in the office. It looks like another update has been pushed out without sufficient testing. Any help would be grateful at this point, I am looking to take 2 out of 4 servers offline.
Update Federation Trust Certificate
Almost five years ago, I had set this up. I realized the cert is about to expire. I only have on test account on prem, everything else is in the cloud. Oauth is set up and we do have token based auth. I followed the steps to generate a new self signed cert, everything looks good even the text file in DNS. The issue is, when I run set-federationtrust - identity "Microsoft Federation Gateway -publishfederationcertificate, I get the following error. [FailureCategory=Cmdlet-Live DomainServicesException] 2B0D1031,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederationTrust + PSComputerName I have search and and tried several things for TLS 1.2 Enforcing TLS 1.2 on Windows 2019 via the reg Windows Registry Editor Version 5.00 enforce SchUseStrongCrypto Force Powershell to run tls1.2 I had to remove some of the verbage - i think the forum does not like it. Does anyone have any ideas Thanks PaulI need help with migration
Hello I need to migrate our account to a wider business due to a merger. In general, I need to change the domain name while keeping my email history without losing any data. On top, I need to ensure after that after the change the extensions of our emails from (i.e @ abc.com to @ abd.com) to have access to the emails which are still being sent to @ abc.com, for example being automatically forwarded to the new email addresses.Domain not routing mail or logins correctly after tenant transfer
Hello Please i need your help on this issue. Domain not routing mail or logins correctly after tenant transfer. I recently removed the domain sustainable.XXXX from an old Microsoft 365 tenant (based in Chile) and added it as the default domain in my new tenant (based in Spain). The domain is showing as Authoritative and in a healthy state in the Microsoft 365 Admin Center. DNS records (MX, SPF, CNAME autodiscover) are all configured correctly and propagate globally (checked with multiple DNS tools). However, I am still experiencing two critical issues: Authentication / Login Redirect. When I try to log in with rphilippe@ sustainable.XXXX in Office apps (desktop and mobile), the login is automatically redirected to the old Chile tenant (…onmicrosoft.com), which no longer has my domain or licenses. This prevents me from signing into Office apps with my licensed email address in the new Spain tenant. Mail Flow – No Inbound Delivery I can send outbound emails from rphilippe@ sustainable.XXX without problems. But inbound emails from Gmail/Yahoo do not appear in Message Trace in Exchange Online. This indicates that messages are not reaching my new tenant at all, despite correct MX records. Steps already taken: Removed domain completely from old tenant. Verified domain ownership in new tenant. Configured all required DNS records at my registrar (Wix). Waited more than X hours since DNS propagation completed (global MX records confirmed). Tested with Message Trace and Quarantine: no trace of inbound messages. Request: Please verify and force a refresh of Home Realm Discovery (HRD) and Exchange Online domain routing for sustainable.XXX, to ensure: Authentication requests for @ sustainable.XXXX point to the correct (Spain) tenant. Inbound email is routed correctly to the new tenant. This appears to be an internal Microsoft propagation/cache issue, not a DNS or local client issue.
Recent Blogs
- A reminder that on September 16 2025, we will enforce the first temporary block of shared security principal use for our hybrid customers.Sep 12, 2025
