Forum Widgets
Latest Discussions
Exchange SE Transport Rule Query
I'm trying to use a transport rule to send a notification to an audit mailbox with a note of the names of all attachments being sent externally with From, To, CC, BCC details. It sort of works. Rule If message has an attachment that's larger than or equal to 0 bytes Do the following Set audit severity level to 'Not specified' and send the incident report to <audit mailbox>, include these message properties in the report: sender, recipients, subject, cc'd recipients, bcc'd recipients, severity, sender override information, matching rules, false positive reports, detected data classifications, matching content. If I send a message to: 'email address removed for privacy reasons', cc: 'email address removed for privacy reasons', bcc:'email address removed for privacy reasons' with 2 attachments the report includes the following: Sender: <sender> Recipient: To & CC Attachments: Only 1 attachment name i.e. Missing an attachment name and the BCC entry Is this a bug or a feature? I presume it is just flagging the first attachment greater than 0 bytes which is annoying but that wouldn't explain the missing BCC entry.
Need to Purge DiscoveryHolds Data from Archive Mailbox in Exchange Online
Hello Team, I am working on an Exchange Online mailbox where the archive mailbox has accumulated a large amount of data (over 335 GB) under the Recoverable Items → DiscoveryHolds folder. The mailbox is not on Litigation Hold or Retention Hold, and the InPlaceHolds property shows exclusions (-mbx...), so there are no active holds preventing deletion. Environment Details Service: Exchange Online Mailbox: email address removed for privacy reasons Archive mailbox size: ~335 GB DiscoveryHolds subfolders contain the bulk of the data. Background : Initially, the user’s primary mailbox was full because more than 100 GB of data resided in the Recoverable Items folder of the primary mailbox. Since I was unable to delete the data, so as a workaround, I enabled the archive mailbox and moved the data there. I have raised multiple tickets with Microsoft, but after more than 45 days, I still do not have a proper resolution. Mailbox Hold Status PS H:\> Get-Mailbox -Identity email address removed for privacy reasons -Archive | fl *hold* LitigationHoldEnabled : False RetentionHoldEnabled : False EndDateForRetentionHold : StartDateForRetentionHold : LitigationHoldDate : LitigationHoldOwner : ComplianceTagHoldApplied : True DelayHoldApplied : False DelayReleaseHoldApplied : False LitigationHoldDuration : Unlimited SCLDeleteThreshold : SCLRejectThreshold : SCLQuarantineThreshold : SCLJunkThreshold : InPlaceHolds : {-mbx23233XXXXXX, -mbx212433XXXXXX} RecipientThrottlingThreshold : Standard PS H:\> Get-MailboxFolderStatistics -Identity email address removed for privacy reasons -Archive -FolderScope RecoverableItems | ft Name,ItemsInFolder,FolderAndSubfolderSize Recoverable Items : 0 335.2 GB DiscoveryHolds : 80495 335.2 GB DiscoveryHolds_2022 : 177 20.7 MB DiscoveryHolds_2023 : 350 88.12 MB DiscoveryHolds_2024 : 4117 1.34 GB DiscoveryHolds_2025 (multiple subfolders): 47 GB – 55 GB each Issue : I need to purge only the DiscoveryHolds data from the archive mailbox without affecting other folders. I tried using Search-Mailbox , but received: The term 'Search-Mailbox' is not recognized as the name of a cmdlet... I understand that Search-Mailbox is deprecated in Exchange Online. Also, the Content search is not very helpful.Microsoft Blocks EWS Access for Kiosk Users
A December 2 announcement says that Exchange Online will block access to Exchange Web Services for users with kiosk or frontline worker licenses from March 2026. In fact, the Exchange Online service description has always excluded EWS access for these licenses, but the necessary code to enforce the exclusion was never implemented. It will be in March. Time to check licenses… https://office365itpros.com/2025/12/05/exchange-web-services-kiosk/Checking the Effectiveness of a Transport Rule to Block Spammy Email
Some weeks ago, I wrote about using a transport rule to suppress spammy email by sending the messages to the quarantine. But what’s the best way to check the rule’s effect? One method is to use the transport rule report PowerShell cmdlet to check for the actions you expect the rule to perform. Once information is found, it’s a matter of slicing and dicing the data. https://office365itpros.com/2025/11/26/transport-rule-effectiveness/
OL client in-app link for getting OL for iOS or Android not working
Hello! Redirected to this forum from here: https://learn.microsoft.com/en-us/answers/questions/5617563/ol-desktop-link-broken-file-get-ol-app-for-ios-and See error description and attempt to solve it by following the link. For some reason, Windows clients in our organization can not follow the Outlook desktop client in-app link for getting Outlook for iOS or Android. (hybrid, no mailboxes in MS-cloud, only on prem) The link for getting the Outlook app for iOS and Android under File when logged into Outlook app does not seem to work. Clicking on it seems to send user to the URL: go.microsoft.com/fwlink/?LinkId=2112779 but quickly redirects and ends up with https://w2.outlook.com/l/mobile?WT.mc_id=Backstage**Win32**All**Hyperlink** https://learn-attachment.microsoft.com/api/attachments/cb7d456f-ac6e-4566-a4ef-ffa912500423?platform=QnAhttps://learn-attachment.microsoft.com/api/attachments/cb7d456f-ac6e-4566-a4ef-ffa912500423?platform=QnA We haven't been able to figure out why, but since the same two different accounts mentioned in the thread above works on a private device on a private home network, is seems like something in our environment is the cause.Federation Trust Gateway broken - OrgCertificate cannot be uploaded
Hey guys, last week we have done Windows Server updates and this broke some stuff. Some certificates have been unbound and so on. Until then the full classic hybrid worked quite good in our Exchange Server 2016 CU23 environment. We are just in the process of upgrading/migrating. But after this point of time the On-Premises users stopped being able to see the calendars of the cloud users, other way around still worked. So we started trying to fix the hybrid deployment with several runs of the HCW (which is always fine) and rebuilding the organizational relationship and the trust federation gateway. This was quite exhausting, as we updated a bunch of domains in global DNS several times. Currently, neither direction is functioning. Now it looks like the Federation Trust Gateway is in an inconsistent state. When I try... Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate then I get the message, that the rollover certificate (OrgNextPrivCertificate) is not set and that I only can publish, when this is done. When I try to define a rollover certificate, then I get the message, that the rollover certificate cannot be set until the OrgCertificate has been published. So, we have a chicken-and-egg situation here. Thanks for any help.
Stop ASP.NET SMTP Emails from Appearing in Office 365 Sent Items Without Affecting Manual Sends
We are sending Emails to our clients through an ASP.NET application using the SMTP protocol and using an O365 Account (email address removed for privacy reasons). The problem is that every time a mail (reset password, otp, campaigns, etc) is sent from asp.net application, a copy of that mail is created in the "Sent Items" of the Support mailbox. This is not needed and it is quickly filling our Support mailbox. How to stop this? Is there any setting in the Exchange Server? Please note that the Support mailbox is also used by our company support representative to send resolutions to customers using O365 Outlook Web Access. The mails send by the representative are very much needed in the sent items. It's only the ASP.NET-sent mails that we want to prevent in the "Sent Items".Use PowerShell to Analyze Junk Email and Intercept Traffic from Spammy Domains
Despite the best efforts of anti-spam solutions, some unwanted messages usually get through to user inboxes. This article explains how to analyze messages that end up in Junk Email and use the results to create a transport rule to block future traffic from the spammy domains. https://practical365.com/analyze-junk-email-block-spammy-domains/Resolved: Hybrid Exchange Duplicate (Ghost) Mailbox Created After Assigning Exchange Online License
Summary During a hybrid Exchange migration, a user’s mailbox failed to migrate and mail flow broke due to a duplicate (ghost) mailbox automatically created in Exchange Online. Root Cause An Exchange Online Plan 2 license was mistakenly assigned to the user before migration. Azure AD sync then provisioned a cloud mailbox, even though the user already had an on-prem mailbox. This caused a hybrid mismatch — the user appeared in both environments, and migration failed with mailbox lookup errors. Resolution Steps Removed the Exchange Online Plan 2 license from the user account. Forced a DirSync (AAD Connect) synchronization. Verified that the mailbox existed only on-prem via PowerShell Get-Mailbox -Identity email address removed for privacy reasons | fl Name,RecipientTypeDetails,ExchangeGuid Confirmed the ghost mailbox was removed from Exchange Online. Re-ran migration batch successfully to Exchange Online. Verification Get-MailboxStatistics -Identity email address removed for privacy reasons | fl TotalItemSize,ItemCount,LastLogonTime Ensure only one mailbox object exists and mail flow routes correctly. Prevention Tips Don’t assign Exchange Online licenses to hybrid mailboxes before migration. Always verify mailbox location prior to assigning any license. Use PowerShell or EAC to check where the mailbox resides (on-prem vs. cloud). Environment Hybrid Exchange Deployment Exchange 2016 On-Premises Exchange Online (M365) Azure AD Connect This issue is not caused by connectors or mail flow settings, but by improper licensing before migration. Removing the license and resyncing resolves the ghost mailbox problem.
