Forum Widgets
Latest Discussions
Incorrect processing of messages with multiple DKIM signatures?
Hello, I've been noticing strange behavior on our Exchange online where legitimately spoofed incoming messages that are double signed (Usually one unaligned DKIM signature for the sending infrastructure and one aligned for the RFC5322.From domain) are being falsely rejected by DMARC because exchange is using the unaligned signature for it's DMARC test. This is not limited to a specific From or MailFrom domain, I can find examples of this every day (large tenant, many subcompanies on one environment) and looks to me like a flaw in Exchange's implementation of the DMARC standard... According to the DMARC spec, this shouldn't be a problem: Note that a single email can contain multiple DKIM signatures, and it is considered to be a DMARC "pass" if any DKIM signature is aligned and verifies. (Source: RFC7489, Section 3.1.1) Kind regards, Jordy
How to clear the Discovery Holds folder
To find whether this discovery holds folder is completely full, use the below-mentioned command. Step 1: Connect-ExchangeOnline and then, Step 2: Get-MailboxFolderStatistics -Identity user | select name,foldersize Note: This DiscoveryHolds folder is having a limit of 100 GB. If it is full, we will get issues like "Unable to clear deleted items folder", "deleted items are getting auto-restored" etc., One of the reasons for this folder is full: If Organization Hold is turned on(All Exchange mailboxes are selected in Compliance Retention Policy) or the Individual ID is selected on Compliance Retention Policy. Solution: Please try the below-mentioned steps to overcome this issue. Step 1: Exclude the DiscoveryHolds full ID in the Compliance Retention policy or run the below-mentioned commands in PowerShell. Connect-IPPSSession and then, Set-RetentionCompliancePolicy -Identity "Compliance Retention Policy Name" -AddExchangeLocationException user for multiple users, Set-RetentionCompliancePolicy -Identity "Compliance Retention Policy Name" -AddExchangeLocationException user1, user2, user3 Now on PowerShell, Connect-ExchangeOnline and then, Set-Mailbox -Identity user -RetainDeletedItemsFor 0 and then run the below-mentioned command two times. Start-Managedfolderassistant -Identity user Start-Managedfolderassistant -Identity user After 2-3 minutes, run the below-mentioned commands. Get-Mailbox "user" | FL DelayHoldApplied,DelayReleaseHoldApplied If the output is received as true for any above-mentioned holds, then run the below-mentioned commands. Set-Mailbox user -RemoveDelayHoldApplied Set-Mailbox user -RemoveDelayReleaseHoldApplied and then run the below-mentioned command two times. Start-Managedfolderassistant -Identity user Start-Managedfolderassistant -Identity user After 2-3 minutes, this DiscoveryHolds folder will become zero as per the below-mentioned screenshot. This process helped me a lot. If you have any doubts/concerns/suggestions about this post, please comment below. Best Regards, Venkat Kiran Kona.Few questions about Exchange Online PowerShell module
Hey all, Got few questions regarding Exchange Online PowerShell module. It all started with me trying to run Get-mailbox <mailbox> -MessageCopyForSendOnBehalfEnabled $True The problem is I've configured FIDO2 key for my admin account yesterday and was very astonished I was not able to connect with error: "You are required to sign-in with your passkey to access this resource, but this app doesn't support it..." The app name in the error is "Microsoft Exchange REST API Based Powershell". My question is as I've dag a little bit in the Internet - is it even possible to log in to Exchange PowerShell using FIDO key? Second is question is, is there a way to set up this setting using graph API module? I was searching but was not able to find. And final question, my colleague told me that Exchange Online PS module is going to be decom this year - does anyone has any news on this? Might be too much questions in one post however all are connected and I felt it would be ok to put all this in one place. Appreciate your help on this, Pawel Jarosz
How do you make a Shared Mailbox the default Send From account? (New Outlook)
I'm using Outlook for Windows version 1.2025.109.100 (on behalf of another user). I'm reading some suggestions online that say you need to add the account to Outlook first before making it the default Send From. I'm also looking at the Help section in Outlook that directs you to change this in the Compose and Reply settings. However, it's not possible to sign into a mailbox that isn't a user. I thought you used to be able to 'sign into' a shared mailbox using your own account but that is not the case now (perhaps it never was?). What it seems like is that we instead need to convert "Accounting" to a User account, give it a license, then sign into it in Outlook. That's not a Shared Mailbox - that's a user mailbox. I don't want to create a point of weakness for a potential cyber-attack (which we've had several). I can't really set up MFA for this account that no one can maintain. And I really don't want to have to spend money on a license to do something just because one piece of software is incompatible. Having to repeatedly instruct people and then repeatedly remind them to change their FROM account is just bonkers. On Outlook for Mac, as long as you're in the Shared Mailbox, the default FROM is that mailbox. (but, don't get me started on how much better the Mac version of Outlook is than the Windows version - see: All Accounts)
User is unable to login to Mailbox
Hello experts, We are in Hybrid environment and one of the user which was recently re-enabled an AD account as the user is returned back to us, is unable to login to mailbox Steps we done Re-enabled the AD account and moved it to syncing OU and added license to enable mailbox I checked the recipient details in both on-prem and online On-prem results RecipientType : MailUser RecipientTypeDetails : RemoteUserMailbox Online results RecipientType : UserMailbox RecipientTypeDetails : UserMailbox What is the part that is missing here.
Windows Handle error when using Connect-Exchange Onlinew Module version 3.7.
The following error is received when trying to connect to exchange online. Windows 11 Exchange Online Management 3.7.1 PowerShell 5.1 Error attached. On another Windows 11 Laptop, the 3.6 version of the module works without error. I am having the user downgrade to 3.6 and see if it fixes the error. I have upgraded this to 3.7.1 and now get the same error. Any help woudl be much appreciated. I can't past the error. Won't let me post.Search-UnifiedAuditlogs For Mailbox - Problems
Introduction Like many, I have been faced with an audit search problem on mailboxes. I finally found a solution by searching deeply into the web. In this post I will provide you with Microsoft's documentation, I have tested everything, and it finally works. I also have comments to Microsoft, directly to the product group (with a case Microsoft) but also by the technet article feedback feature. Technical Content We assume that you have all necessary permissions and role to run audit logs search. For Regular mailboxes: if you have no results via GUI, It is possible that in the time interval there is no result. It may happen that the audit is blocked on the mailbox despite the fact that the feature is active. You may use the command Search-UnifiedAuditLog with the following parameters: UsersIds : email address Operations : event to be search (Exchange Mailbox Activites) Search-UnifiedAuditLog -UserIds <MailboxIdentity> -Operations MoveToDeletedItems, SoftDelete, HardDelete -StartDate "01/01/2025" -EndDate "15/01/2025" Unfortunately, no results appear with powershell. Here, you can find the documentation that describe the symptom and how to resolve it. Even when [mailbox auditing on by default](https://learn.microsoft.com/en-us/purview/audit-mailboxes) is turned on for your organization, you might notice that mailbox audit events for some users aren't found in audit log searches by using the Microsoft Purview portal or the compliance portal, the **Search-UnifiedAuditLog** cmdlet, or the Office 365 Management Activity API. The reason for this is that mailbox audit events is returned only for users with E5 licenses when you use one of the previous methods to search the unified audit log. You must run the following command within Exchange Online : Set-Mailbox -Identity <MailboxIdentity> -AuditEnabled $false And then : Set-Mailbox -Identity <MailboxIdentity> -AuditEnabled $true Now you can search within the GUI or with powershell and you will have some results. For Shared Mailboxes: To search audit logs for a SharedMailbox, you must use the following command, with the parameter *FreeText.* Search-UnifiedAuditLog -StartDate "08/01/2025" -EndDate "11/01/2025" -FreeText (Get-Mailbox -identity <MailboxIdentity>).ExchangeGuid -Operations MoveToDeletedItems` Here you can find the article that describes the FreeText parameters, and also decscribes that GUI is not working for SharedMailboxes. Also, using the **User** dropdown list in the audit log search tool or the **Search-UnifiedAuditLog -UserIds** won't return results for activities performed in a shared mailbox. If there are no results and you are sure that there should be, then the same manipulation as described above will have to be done. Disable and then reactivate the audit on the mailbox: Set-Mailbox -Identity <SharedMailboxIdentity> -AuditEnabled:$false Set-Mailbox -Identity <SharedMailboxIdentity> -AuditEnabled:$true Run again the Search-UnifiedAuditLog command. Now you will find results. Conclusion I assume that the "Users" text box in the interface corresponds to the parameter "UserIds" in the cmdlet. And there is no match for the "FreeText" parameter. You can find other articles in my GitHub about Purview https://github.com/trisdev75/MicrosoftPurview
