Forum Widgets
Latest Discussions
Exchange SE Transport Rule Query
I'm trying to use a transport rule to send a notification to an audit mailbox with a note of the names of all attachments being sent externally with From, To, CC, BCC details. It sort of works. Rule If message has an attachment that's larger than or equal to 0 bytes Do the following Set audit severity level to 'Not specified' and send the incident report to <audit mailbox>, include these message properties in the report: sender, recipients, subject, cc'd recipients, bcc'd recipients, severity, sender override information, matching rules, false positive reports, detected data classifications, matching content. If I send a message to: 'email address removed for privacy reasons', cc: 'email address removed for privacy reasons', bcc:'email address removed for privacy reasons' with 2 attachments the report includes the following: Sender: <sender> Recipient: To & CC Attachments: Only 1 attachment name i.e. Missing an attachment name and the BCC entry Is this a bug or a feature? I presume it is just flagging the first attachment greater than 0 bytes which is annoying but that wouldn't explain the missing BCC entry.
Need to Purge DiscoveryHolds Data from Archive Mailbox in Exchange Online
Hello Team, I am working on an Exchange Online mailbox where the archive mailbox has accumulated a large amount of data (over 335 GB) under the Recoverable Items → DiscoveryHolds folder. The mailbox is not on Litigation Hold or Retention Hold, and the InPlaceHolds property shows exclusions (-mbx...), so there are no active holds preventing deletion. Environment Details Service: Exchange Online Mailbox: email address removed for privacy reasons Archive mailbox size: ~335 GB DiscoveryHolds subfolders contain the bulk of the data. Background : Initially, the user’s primary mailbox was full because more than 100 GB of data resided in the Recoverable Items folder of the primary mailbox. Since I was unable to delete the data, so as a workaround, I enabled the archive mailbox and moved the data there. I have raised multiple tickets with Microsoft, but after more than 45 days, I still do not have a proper resolution. Mailbox Hold Status PS H:\> Get-Mailbox -Identity email address removed for privacy reasons -Archive | fl *hold* LitigationHoldEnabled : False RetentionHoldEnabled : False EndDateForRetentionHold : StartDateForRetentionHold : LitigationHoldDate : LitigationHoldOwner : ComplianceTagHoldApplied : True DelayHoldApplied : False DelayReleaseHoldApplied : False LitigationHoldDuration : Unlimited SCLDeleteThreshold : SCLRejectThreshold : SCLQuarantineThreshold : SCLJunkThreshold : InPlaceHolds : {-mbx23233XXXXXX, -mbx212433XXXXXX} RecipientThrottlingThreshold : Standard PS H:\> Get-MailboxFolderStatistics -Identity email address removed for privacy reasons -Archive -FolderScope RecoverableItems | ft Name,ItemsInFolder,FolderAndSubfolderSize Recoverable Items : 0 335.2 GB DiscoveryHolds : 80495 335.2 GB DiscoveryHolds_2022 : 177 20.7 MB DiscoveryHolds_2023 : 350 88.12 MB DiscoveryHolds_2024 : 4117 1.34 GB DiscoveryHolds_2025 (multiple subfolders): 47 GB – 55 GB each Issue : I need to purge only the DiscoveryHolds data from the archive mailbox without affecting other folders. I tried using Search-Mailbox , but received: The term 'Search-Mailbox' is not recognized as the name of a cmdlet... I understand that Search-Mailbox is deprecated in Exchange Online. Also, the Content search is not very helpful.Microsoft Blocks EWS Access for Kiosk Users
A December 2 announcement says that Exchange Online will block access to Exchange Web Services for users with kiosk or frontline worker licenses from March 2026. In fact, the Exchange Online service description has always excluded EWS access for these licenses, but the necessary code to enforce the exclusion was never implemented. It will be in March. Time to check licenses… https://office365itpros.com/2025/12/05/exchange-web-services-kiosk/
Help please! Exchange report questions
Hello! I’m hoping someone can help clarify a few things about a deletion report I received. The report shows hard and soft deletes, but it seems to be missing information about moves and restores. I’m trying to understand the following: 1. **Hard Deletes:** * When something is hard deleted, does it go to the Purge folder, and is it still recoverable from there? * Is a “hard delete” simply what happens when someone empties their Deleted Items folder? * Can hard deletes happen accidentally? 2. **Limitations of the Report:** * Are there other reports that can show moves, restores, or whether an item is *currently* deleted? * My understanding is that this delete report only indicates that an item was deleted at some point, not its current status. Is that correct? 3. **Missing Message IDs:** * About half the entries in the report don’t include a message ID. Am I correct in assuming those items aren’t emails? If anyone is willing to chat or walk through this with me, I’d really appreciate it — I’m hoping to understand this report better. Any guidance or links to solid documentation would be truly appreciated. Thank you!
EWS Autodiscover Process in Hybrid with "internal" Exchange Servers
Hi everyone, i really need help about the EWS Autodiscover process in a specific hybrid Environment. Customer is starting to use Exchange Online. For Full Hybrid configuration there is a seperate new Exchange SE with a valid certificate, NAT for IP Ranges from M365 and public available URLs for Autodiscover,EWS,... There are internal Exchange Servers which are used only for internal access. Those are the servers with all mailboxes. All URLs are configured for internal use (mail.contoso.internal) Migration is working, access to own calender is working, mailfllow is working. But there are problems to access other users calender. If a user which is migrated to Exchange Online (or via Teams) try to access another calender which is onPrem, there is no access. So i tried to use connectivity analyzer for teams integration to find out whats the problem. Result: Autodiscover resolves, connects to Hybrid and gets EWS URL as answer. But it gets the internal EWS URL from the internal Exchange Servers, not from the public available URLs which are configured at the hybrid server. I visualised the two scenarios. Number1: Thats how i thought it would work Autodiscover to autodiscover.contoso.com Hybrid answers with EWS URL: hybrid.contoso.com Connect from EXO to hybrid EWS URL Proxy to Internal Exchange Number2 : Thats what really happens Autodiscover to autodiscover.contoso.com Hybrid relays request to internal Exchange (Mailbox Server) Server answers with internal EWS URL: mail.contoso.internal Connect from EXO to internal EWS URL (which is obviously not working) So as you can see, the autodiscover process asks the internal Exchange for its EWS URLs and not as i expected the hybrid server's URLs. I always thought, the hybrid server works as a sort of proxy for every external connection from EXO. But it seems that the hybrid just relays the autodiscover request to the server which holds the mailbox. And this servers in this scenario cannot change their EWS URLs to a public resolvable FQDN. So my question is: Is this correct? Does the process always works like this or did i do anything wrong in the configuration? I hope you understand my explanation. Thanks in advance!!!
Exchange 2016 Mail Flow is Not Working
We had issues with updating to a latest Cumulative Update and messed up our EMS and some Web Config. It seems our Exchange Server is totally bricked. So, we decided to boot our Exchange Server from backup. The backup was dated September 2025. Unfortunately, after booting up the September 2025 backup, we noticed that the internal and external mail flow is not working (our Exchange 2016 is Exchange hybrid configured). The outgoing emails are stuck in Draft folder. The following troubleshooting steps have been done to no avail: -Checked if the port 25 is open -> This port is opened -Check the network settings if the Preferred DNS Address points to the correct DNS Server --> It points to the correct DNS Server -Modified the DNS lookup under Exchange Admin Center > Servers > DNS Lookups > Internal DNS Lookups --> Added the IP Address of the DNS Server -Modified the hosts file under System32 > drivers > etc --> Pointed the IP Address of the Exchange Server to the FQDN of the Exchange Server Currently, are not sure of the next steps to do in order to fix the issue. Any advice?Exchange database dismounted due to NTFS file extent limit reached – unexpected outage
Hi everyone, We experienced a serious outage on our Exchange 2016 server recently, and I wanted to share what we found during the root cause analysis – in case it helps someone else avoid the same scenario. Summary: After digging deep, we discovered that the issue was caused by the NTFS file system hitting its internal file extent limit on the .edb file. Once this threshold was reached, the database could no longer grow, and the system dismounted the database unexpectedly. No prior warning, just service interruption. Details: The .edb was around 1.2 TB in size. This isn’t a limit on database size itself — it’s about how fragmented the file is on disk. Once NTFS couldn’t track any more extents, the database stopped working. Microsoft doesn’t publish a clear fix for this; only scattered references to similar behavior in past cases. What we did: Created a fresh, clean database. Manually moved user mailboxes into the new DB. The old database couldn't be mounted anymore, so we brought the system live without historical mail – just to maintain continuity. We're now working on extracting data from the unmounted .edb using third-party tools. Looking for thoughts: Has anyone else hit the NTFS extent wall with Exchange? How do you monitor extent growth proactively? Did switching to ReFS solve this for you long-term? Open to any input or similar experiences – appreciate it in advance. Thanks!Checking the Effectiveness of a Transport Rule to Block Spammy Email
Some weeks ago, I wrote about using a transport rule to suppress spammy email by sending the messages to the quarantine. But what’s the best way to check the rule’s effect? One method is to use the transport rule report PowerShell cmdlet to check for the actions you expect the rule to perform. Once information is found, it’s a matter of slicing and dicing the data. https://office365itpros.com/2025/11/26/transport-rule-effectiveness/Could any one explain Exchange Server SE Licensing Model?
I have the following M365 licenses in my education tenant: Microsoft 365 A5 without Audio Conferencing (Student Use Benefit) As per my understanding, each user requires an A3/A5 license to access their mailbox on an Exchange Server (Exchange SE). Since A3/A5 licenses already include Exchange Online, do we still need to assign these licenses to each on-premises user, or is this only for compliance purposes? For example, if we have 100 on-premises users, must all 100 users be assigned A3/A5 licenses in Microsoft 365? Reference articles are below. Microsoft Product Terms Please correct me if I am wrong.OL client in-app link for getting OL for iOS or Android not working
Hello! Redirected to this forum from here: https://learn.microsoft.com/en-us/answers/questions/5617563/ol-desktop-link-broken-file-get-ol-app-for-ios-and See error description and attempt to solve it by following the link. For some reason, Windows clients in our organization can not follow the Outlook desktop client in-app link for getting Outlook for iOS or Android. (hybrid, no mailboxes in MS-cloud, only on prem) The link for getting the Outlook app for iOS and Android under File when logged into Outlook app does not seem to work. Clicking on it seems to send user to the URL: go.microsoft.com/fwlink/?LinkId=2112779 but quickly redirects and ends up with https://w2.outlook.com/l/mobile?WT.mc_id=Backstage**Win32**All**Hyperlink** https://learn-attachment.microsoft.com/api/attachments/cb7d456f-ac6e-4566-a4ef-ffa912500423?platform=QnAhttps://learn-attachment.microsoft.com/api/attachments/cb7d456f-ac6e-4566-a4ef-ffa912500423?platform=QnA We haven't been able to figure out why, but since the same two different accounts mentioned in the thread above works on a private device on a private home network, is seems like something in our environment is the cause.
