Azure AD
5 TopicsCA using nested DDL
-I started off by creating a new DDL using the below command: PS C:\WINDOWS\system32> New-DynamicDistributionGroup -Name "NewDG" -RecipientFilter "(RecipientTypeDetails -eq 'UserMailbox') -and (CustomAttribute1 -like 'DGTEST*')" Name ManagedBy ---- --------- NewDG -Checking the recipient filter the below is returned: PS C:\WINDOWS\system32> Get-DynamicDistributionGroup -Identity "NewDG"|FL RecipientFilter RecipientFilter : ((((RecipientTypeDetails -eq 'UserMailbox') -and (CustomAttribute1 -like 'DGTEST*'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox'))) -Members for the DDL show empty: PS C:\WINDOWS\system32> Get-DynamicDistributionGroupMember -Identity NewDG -Custom attribute for the user showing populated as below: PS C:\WINDOWS\system32> Get-Mailbox User1 |FL CustomAttribute1 CustomAttribute1 : DGTEST -Forced Refresh using PS as below PS C:\WINDOWS\system32> Set-DynamicDistributionGroup -Identity NewDG-ForceMembershipRefresh -Now showing members: PS C:\WINDOWS\system32> Get-DynamicDistributionGroupMember -Identity "NewDG" Name RecipientType ---- ------------- User1 UserMailbox -When trying to check recipient filter/membership using the comman PS C:\WINDOWS\system32> $FTE = Get-DynamicDistributionGroup -Identity "NewDG" PS C:\WINDOWS\system32> Get-Recipient -RecipientPreviewFilter ($FTE.RecipientFilter) -DDG was added as a member of DL, DL is added in a Conditional Access policy to enforce MFA, However, only direct members of the Group are enforced to use MFA, not nested DDL group members despite MS documentation stated that both DDL and nested memberships are supported. -In Azure Sign in portal, MFA CA policy says not applied. -Details show user assignment not matched i.e. not included in scope.180Views0likes0Commentsmanage Exchange Online Mail Contacts with Graph API
Has anyone a solution to manage Exchange Online Mail Contacts over Graph API? This would be the preferred way. On Microsoft Learn I've found thisorgContact resource typebut it's still in beta and can't be used to create Contacts rn. Otherwise, I would try to achieve this with the Exchange Online PowerShell cmdlets and Azure Automation. I've never got in touch with Azure Automation but what I've seen, it should be possible, I think.Solved2.7KViews0likes2CommentsUtilise Azure AD properties in Dynamic Distribution List
Hi all, Ask I'm trying to set up dynamic distribution lists for my organisation which filters out Disabled accounts from the membership list. Problem The groups are populated based on their Office location, which when tested on an Azure account, pulls the correct users into the list. It does not seem however that there is either a UI option or Powershell property to filter out accounts which have been disabled. Environment We currently work on a hybrid On-Prem/Azure AD configuration and will be creating the DDL's in Exchange Online. The On-Prem element will be removed in time as we bring more Azure only users into the business from other areas, so do not want to build the DDL's to depend on AD records, only Azure. Other solutions tried M365 groups will not be appropriate as these introduce Teams/Inboxes/SharePoint functionality which is not something we want the entire offices to be interacting with. Many thanks for your support.2.2KViews0likes2CommentsUsing Azure AD User Information in Exchange as Custom Attributes for Dynamic Distribution List
German: Wie kann man die Informationen(Stadt, Straße) von den Usern als Variablen in der Dynamic Distribution List verwenden. How to use the information (city, street) from the users as variables in the Dynamic Distribution List. Thank you for any help😀Solved1.7KViews0likes1CommentProtecting Exchange 2016 with Azure Active Directory
I've recently had multiple customers who can't move some/all of their mailboxes to Exchange Online and are instead moving to Exchange 2016/2019 on-premises, but would still like to make use of the identity/security features provided by the Microsoft cloud, so I wrote a series of blogs showing how Hybrid Modern Authentication, along with Azure AD Conditional Access and Azure Application Proxy could be used to secure an on-premises Exchange 2016 organisation. https://mikeparker365.co.uk/2018/09/17/how-to-secure-exchange-2016-with-azure-ad-part-1-authenticating-owa-with-kerberos/ https://mikeparker365.wordpress.com/2018/09/19/how-to-secure-exchange-2016-with-azure-ad-part-2-hybrid-modern-authentication/ https://mikeparker365.wordpress.com/2018/09/25/how-to-secure-exchange-2016-with-azure-ad-part-3-azure-application-proxy/ Hope this is an interesting read, let me know if you have any questions, comments or corrections! Mike8KViews2likes2Comments