Recent Discussions
Aggregate availability from multiple calendars
I prefer to keep personal appointments on one calendar (on Outlook.com) and work appointments on my work calendar (O365 Exchange), but Exchange only seems to use my work calendar to show my availability to other people in my organization. I'd like to have a way to aggregate my availability from multiple calendar sources, the way that you can overlay multiple calendars in Outlook. It's not really a matter of me seeing all my appointments, because I can easily see everything in a consolidated view in Outlook on my desktop or mobile; it's more about letting others in my organization know when I'm free to meet. I know there is (used to be?) a "free/busy server" option in Outlook client, but I feel like this should be something that can be set on my Exchange profile, so that it doesn't matter what client I'm using. Aside from that kind of option, I guess I'd guess I might be OK with a solution that duplicates anything added to my personal calendar as a block on my work calendar or vice versa, even if it's an IFTTT-type thing. I saw a similar post that mentions some 3rd-party tools from CodeTwo and Connecting Software, but given this is just a preference of mine, I'm probably not going to spend a lot on a workaround. TLDR: Is there a better approach to showing consolidated availability than manually duplicating my appointments between calendars? Thanks!Check out the new PST collection tool
Microsoft has released the successor of the PST Capture tool, named PST Collection tool. Apart from helping you with "collecting" PST files in your network, it can also "lock down" their usage. Details can be found in this article: https://support.office.com/en-us/article/Use-the-PST-Collection-tool-to-find-copy-and-delete-PST-files-in-your-organization-7a150c84-049c-4a9c-8c91-22355b35f2a7?ui=en-US&rs=en-US&ad=US#import And here's the downoad link: https://aka.ms/pstcollectiontoolBIMI Logos – Another Way to Stop Email Spoofing
Brand Indicators for Message Identification (BIMI) is a new industry effort to help identify email from reputable companies by displaying their logo alongside email (and potentially other items) in applications. https://office365itpros.com/2018/12/06/bimi-office365/Rebuild search index of a mailbox in Exchange Online
This was something new for me and couldn't find such a post here, so hereby I'm sharing the experience. One of our users showed me that there are some emails in her mailbox which can't be found by using search, nor in the Outlook 2013 rich client (in Online mode), neither in OWA. Tried to search for various texts and properties from those emails, but they was just 'invisible' for search. I've opened a case with the Office 365 support through the admin portal, and what they recommended was simply to run the following PS command: New-MoveRequest our_user@ourdomain.com It seems this, submitting a move request for that mailbox is the recommended way to force reindexing an ExO hosted mailbox. Once the move operation has completed (it takes a few hours depending on the mailbox size, progress can be checked with Get-MoveRequestStatistics) the mailbox got re-indexed, which fixed the search.Why has EOP ATP licensing been locked away?
When Advanced Threat Protection for EOP was released it could be purchased as an add-on service via the Office 365 admin portal. I added it to my own E3 tenant at one stage, before I later upgraded to E5. I'm currently working with a small business customer who could use the extra protection of ATP, particularly Safe Attachments. They are running Office 365 Business Premium. Neither they, nor any of my own prod or demo tenants, are able to purchase ATP as a standalone add-on today. I guess I found the reason, which doesn't sit well with me: https://technet.microsoft.com/en-us/library/mt148491(v=exchg.150).aspx "ATP is included in the E5 subscription. If you don’t have an E5 subscription, in order to begin using the safeguards provided by ATP technology along with your Exchange Online service, you need to purchase a separate subscription for ATP. You can order ATP through the Microsoft Online Subscription Program." What possible justification is there for limiting the customer's choice like this? It can't be to make things simpler - the "Purchase Services" page still lists 52 other items they can buy, some of which cost less than ATP did. So they need to either increase their costs by more than 2x to get ATP, or sign up to a VL agreement they don't want or need. Even if I can get them to accept the cost of E5 licenses by making use of other things that E5 includes, they don't want to move off Business Premium because they're excited about the new Microsoft Bookings app that is not available for E* tenants. Surely making it easier for customers to buy valuable services like ATP should be the priority here.
How to clear the Discovery Holds folder
To find whether this discovery holds folder is completely full, use the below-mentioned command. Step 1: Connect-ExchangeOnline and then, Step 2: Get-MailboxFolderStatistics -Identity user | select name,foldersize Note: This DiscoveryHolds folder is having a limit of 100 GB. If it is full, we will get issues like "Unable to clear deleted items folder", "deleted items are getting auto-restored" etc., One of the reasons for this folder is full: If Organization Hold is turned on(All Exchange mailboxes are selected in Compliance Retention Policy) or the Individual ID is selected on Compliance Retention Policy. Solution: Please try the below-mentioned steps to overcome this issue. Step 1: Exclude the DiscoveryHolds full ID in the Compliance Retention policy or run the below-mentioned commands in PowerShell. Connect-IPPSSession and then, Set-RetentionCompliancePolicy -Identity "Compliance Retention Policy Name" -AddExchangeLocationException user for multiple users, Set-RetentionCompliancePolicy -Identity "Compliance Retention Policy Name" -AddExchangeLocationException user1, user2, user3 Now on PowerShell, Connect-ExchangeOnline and then, Set-Mailbox -Identity user -RetainDeletedItemsFor 0 and then run the below-mentioned command two times. Start-Managedfolderassistant -Identity user Start-Managedfolderassistant -Identity user After 2-3 minutes, run the below-mentioned commands. Get-Mailbox "user" | FL DelayHoldApplied,DelayReleaseHoldApplied If the output is received as true for any above-mentioned holds, then run the below-mentioned commands. Set-Mailbox user -RemoveDelayHoldApplied Set-Mailbox user -RemoveDelayReleaseHoldApplied and then run the below-mentioned command two times. Start-Managedfolderassistant -Identity user Start-Managedfolderassistant -Identity user After 2-3 minutes, this DiscoveryHolds folder will become zero as per the below-mentioned screenshot. This process helped me a lot. If you have any doubts/concerns/suggestions about this post, please comment below. Best Regards, Venkat Kiran Kona.Migrate a distribution group to an Office 365 group with one click!
Building on the scripts we released in June 2016 for DL migration, you can now migrate a distribution group to an Office 365 group directly from the Exchange Admin Center with one click. This feature is rolling out over the next few weeks. More information in this article.
Incorrect processing of messages with multiple DKIM signatures?
Hello, I've been noticing strange behavior on our Exchange online where legitimately spoofed incoming messages that are double signed (Usually one unaligned DKIM signature for the sending infrastructure and one aligned for the RFC5322.From domain) are being falsely rejected by DMARC because exchange is using the unaligned signature for it's DMARC test. This is not limited to a specific From or MailFrom domain, I can find examples of this every day (large tenant, many subcompanies on one environment) and looks to me like a flaw in Exchange's implementation of the DMARC standard... According to the DMARC spec, this shouldn't be a problem: Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies. (Source: RFC7489, Section 3.1.1) Kind regards, JordyExchange Professsional Career Profile: Adnan Rafique
I had the pleasure of interviewing Adnan Rafique, one of our newest Office Servers and Services MVPs specializing in Exchange and Windows Server. Adnan is a self-made IT Pro who has invested in his own career and won many accolades for his community work. To read more about his journey, take a look at the interview here: https://techcommunity.microsoft.com/t5/IT-Resources-Training/Cloud-Careers-Friday-Feature-Adnan-Rafique/m-p/58659#M133
Legacy/Modern Distribution Lists Enhancement
This question is mainly to Microsoft. I was wondering if MS could introduce a feature where in Distribution List/Security Groups or any other modern groups would have option to renew yearly. DL's some time grow rapidly that become very cumbersome job to cleanup. As soon as DL nears expiry an automated mail should be sent to Owner asking if DL needs to be renewed? if not then DL will be expired. Just my 2 cents.Outlook 2007 connectivity to Office 365 ending in Oct 2017
Hey all. I wanted to give you a heads up on an upcoming deprecation in Office 365. On Oct 31, 2017, RPC/HTTP will be deprecated in Exchange Online in favor of MAPI/HTTP, a modern protocol launched in May 2014. Outlook 2007 does not work with MAPI/HTTP. This means that in order to continue email connectivity, Outlook 2007 customers will need to update to a newer version of Outlook or use Outlook on the web. Additionally, Outlook 2010-2016 customers will need to ensure their version of Outlook for Windows is setup to support MAPI/HTTP. Minimum required versions are: Office 2016 plus PU.2015.12 Office 2013 SP1 plus PU.2015.12 Office 2010 SP2 plus PU.2015.12 These updates can be accessed via the KB article located here Additionally, customers may need to ensure their Outlook clients are not using a registry key to block MAPI/HTTP. Details about this registry key can be found in this KB article on our support site The links here should have all the answers you need, but let me know if you have any other questions.Microsoft Hybrid Agent for Exchange Server is now available for preview!
The much-anticipated Microsoft Hybrid Agent for Exchange Server is now available for preview! We spoke about the Hybrid Agent back at Microsoft Ignite 2018, so feel free to catch up on what was discussed in Orlando here. The Hybrid Agent was designed to remove some of the existing challenges customers face today when establishing a Hybrid Exchange environment. This includes, adding external DNS entries, updating certificates, and allowing inbound network connections through the firewall, and much, much more. See the announcement on the Exchange blog for more information.Schooling A Sea of Phish Part 2: Enhanced Anti-spoofing technology in Office 365
A few weeks ago, we released new enhanced Anti-impersonation capabilities for Office 365 Advanced Threat Protection (ATP). Today we’re excited to announce Office ATP’s enhanced anti-spoofing capability for protecting against spoofed emails from external domains. We believe this new capability will help lead the industry in further securing email. The new feature raises the required level of authentication checks for emails sent into Office 365, helping ensure greater protection for customers. Learn more on the Security blog.Welcome to the Microsoft Exchange: Post Ignite AMA!
Welcome to the Microsoft Exchange: Post Ignite Ask Microsoft Anything (AMA)! This live hour gives you the opportunity to ask questions and provide feedback directly to the team regarding some of the recent news and updates from Microsoft Ignite. Please introduce yourself by replying to this thread. Post your questions in a new thread within the Exchange AMA space, by clicking on, "Start a New Conversation" at the top of the page.Demystifying Certificate Based Authentication with ActiveSync in Exchange 2013 and 2016 (On-Premises
Some of the more complicated support calls we see are related to Certificate Based Authentication (CBA) with ActiveSync. This post is intended to provide some clarifications of this topic and give you troubleshooting tips. What is Certificate Based Authentication (CBA)? Instead of using Basic or WIA (Windows Integrated Authentication), the device will have a client (user) certificate installed, which will be used for authentication. The user will no longer have to save a password to authenticate with Exchange. This is not related to using SSL to connect to the server as we assume that you already have SSL setup. Also, just to be clear (as some people have those things confused) CBA is not two-factor authentication (2FA). How does the client certificate get installed on the device? There’s several MDM (Mobile Device Management) solutions to install the client certificate on the device. The most important part of working with CBA is to know where the client certificate will be accepted (or ‘terminated’). How you implement CBA will depend on the response to following questions: Will Exchange server be accepting the client certificate? Will an MDM or other device using Kerberos Constrained Delegation (KCD) be accepting the client certificate? Learn more on the Exchange blog.Migrate traditional Distribution Groups to Office 365 Groups
Over the past few months, customers are increasing both the number of Office 365 Groups created and average monthly usage. It’s great to see customers getting value out of the service. If you are using Office 365 and haven’t yet moved traditional Distribution Groups (also known as Distribution Lists or DLs) over to Office 365 Groups, here are a few of the advantages of making the move. Read more on the Exchange TechNet Blog.User Profile Analysis for Exchange Servers (Who needs the Exchange Profile Analyzer?)
Hey All, some years ago Neil Johnson had written an article about Exchange Sizing without the usage of the Exchange Profile Analyzer. Within the article was a script that is used to collect the data needed for a proper sizing: - messages sent per mailbox per day - messages received per mailbox per day - average message size Note: This information is vital for performing good quality Exchange Server scaling. After Neil has changed the position in MS I will try to maintain the script and the article for the future. And now to the technical stuff: One of the nice things since Exchange 2007 is that we can interrogate the message tracking logs via PowerShell. This provides us with a nice way to query what the Exchange Server is doing. Usefully the message tracking logs include sufficient information for us to approximate our user profile data. The author of this script is Rob Campbell, more about the scripts development can be found here… http://blogs.technet.com/b/heyscriptingguy/archive/2011/03/02/use-powershell-to-track-email-messages-in-exchange-server.aspx The script is maintained now at https://github.com/msftmroth/MessageStats The script basically works by parsing the messaging tracking logs of your Exchange Servers and then tabulates the information into a CSV file for analysis in Excel. To provide some data to parse I configured a loadgen test against 10 mailboxes with a heavy profile, this should approximate to around 80 messages received and 20 sent per user. The MessageStats script has a single command line parameter which controls how many days back it will look in the tracking logs. The script only parses a single days worth of data, the value you provide define in the script which day to process, so 1 will process yesterdays logs. Now we have our CSV file that we can open in Microsoft Excel, however the data required some work before we can get our EPA values. The following screenshot shows the raw data open in Excel. 1. Highlight cell A1 2. Press CTRL+SHIFT+END 3. Click on the INSERT Menu 4. Click on the TABLE button 5. Click on OK 6. Open the DESIGN Menu 7. Check the "Total Row" checkbox 8. Hide columns C,D,E,H,I,J,K,L,M,N,O,R,S,T,U You should now have a table with the following columns… - Date - User - Received Total - Received MB Total - Sent Unique Total - Sent Unique MB Total Note: Due to my test lab being very small I have added a filter to remove any non-loadgen accounts from the data analysis. In the Total row at the bottom of your table add "AVERAGE" subtotals for "Received Total" and "Sent Unique Total". In the "Received MB Total" column total cell, add in an "AVERAGE" subtotal, then edit the formula in the cell and divide that value by the Total Row average for "Received Total", then multiply the result by 1024 – this will report the average message size in KB. In the "Sent Unique MB Total" column total cell, add in an "AVERAGE" subtotal, then edit the formula in the cell and divide that value by the Total Row average for "Sent Unique Total", then multiply the result by 1024 – this will report the average message size in KB. We now have all of the information that we require… - Messages Received per Mailbox Per Day = Received Total = 68 - Messages Sent per Mailbox Per Day = Sent Unique Total = 17 - Average Message Size = Average of Received MB Total & Sent Unique MB Total (27.37+28.5)/2 = 27.94KB So, using this technique we have managed to approximate our user profile to a fair degree of accuracy without needing to logon to any mailboxes! I suspect that this method is accurate to around +/- 10% which is totally acceptable in this context. Obviously there is a caveat here that I have only performed some rudimentary testing in a fairly small lab environment, so if you do run this in production and find that it generates weird results, or that it validates your already proven EPA data, then feel free to drop me a note to let me know. Thanks to FrankPlawetzki for checking Shortcut for this post: http://aka.ms/NoEPA
Recent Blogs
- A reminder that on September 16 2025, we will enforce the first temporary block of shared security principal use for our hybrid customers.Sep 12, 2025
