How do you identify the "You've joined the xxx group" emails?
When you join a microsoft 365 group via Outlook you get an email (apparently from yourself) to say you have joined it. How do you actually identify these emails on Exchange? I've looked at the headers but nothing really stands out. I need to exclude these types emails from rules.
Exchange 2019 Mailbox Migration Error - Folder conflicts with Exchange Online folder
Hi Exchange Experts, I'm migrating a small Exchange 2019 environment to 365. Been pulling my hair out becuase of just one mailbox giving this error Error description --------------------------- Error: AggregateMailboxFolderConflictPermanentException: The folder 'Files' conflicts with Exchange Online folder 'Files', please move the messages to another folder and restart the job. Data migrated: 0 B (0 bytes) Migration rate: -------------------------------------- Migration user report: 5/14/2025 12:32:05 PM [MEUP300MB0105] Request processing continued, stage CreatingFolderHierarchy. 5/14/2025 12:32:05 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Fatal error AggregateMailboxFolderConflictPermanentException has occurred. ---------------------- It seems to be a system folder and I've tried to remove files from it (although there're no files in it) using MFCMAPI tool with no success. Renamed the folder and tried to re-run the migration with no luck. Has anyone experience this issue? any thoughts or tips are much appreciated ! Thank you.
Send admin notifications on x number of messages from an email address
Hi, We're having a problem with a repeat spam/phishing offender that recycles email addresses from a particular domain. Because the email address is new it hasn't had a chance to be picked up by blacklists, so it doesn't get picked up as spam. We can't block on content, subject or sender because it all changes so for these campaigns we're relying on user reports to give us the heads up. We also can't block the domain because we receive legitimate email from the domain also. I'd like to change this so we can hit them before users notice and possibly whilst the spam campaign is in flight but I'm unsure as to how to go about it. Is there a rule or other setting I can configure which sends notifications to specific e-mail addresses if, say 100 emails were received from any email address (or from a specific domain?) within an hour, or 5 hours? I don't see how I can configure such a rule in mailflow rules so I'm guessing this might be somewhere else. There's an element of us likely being falsely alerted to marketing campaigns, but hopefully it's configurable enough that we can limit it down to only applying this against a specific sender domain, or adding a new custom mailflow rule which will lower the likelihood of false positives. Many thanks, - Lsward
Exchange 2016 and deffer delivery
Hi! Is it possible to configure delay of outgoing sending messages for user mailbox, like outlook's deffered delivery? I couldn't find such an option in mailflow-rules, as deepseek says "New-TransportRule -Name "DelaySendForUser" -SenderAddressEquals "email address removed for privacy reasons" -DeferMessageMinutes 2 -Enabled $true" - it doesn't work:))
How to consistently differentiate Microsoft service notification emails from normal user emails?
I receive a large number of notification mails from Microsoft services (SharePoint, Teams, etc.) and they clutter my mailbox. I’ve tried: Inbox rules filtering by sender (e.g., email address removed for privacy reasons) → doesn’t work since Microsoft uses many changing domains. Filtering by Microsoft IP ranges → some internal org mails also get caught. Filtering by domains from Microsoft endpoint list → works, but the list updates monthly, so not reliable. Question: Is there a consistent way (e.g., via Internet message headers or any other property) to reliably identify Microsoft-generated notification emails vs normal user emails?Microsoft some server IP not in SPF List?
We Have add DNS record v=spf1 include:spf.protection.outlook.com -all , but find to SPF is failed spf:demo.com:2603:1096:301:11b::15 how can we solve this problem , because we need increase the security Level , would like quarantine / set to junk mailbox for SPF Fail mail ThankApplying On-Prem EAP with New-Remote Mailbox
BACKGROUND: my org is in a hybrid AD/Exchange environment, and will remain so for some time. All mailboxes, other than a very small number with on-prem dependencies, were migrated to M365 a few years ago; we will continue to have 1-2 Exchange Servers on-premises for both management and some legacy on-prem processes. All user accounts are created on-premises, and synchronized to M365 through Entra Connect Sync. Our on-prem EAP has the exact address syntaxes that we need [applies to "Users with Exchange mailboxes" + "Resource mailboxes" + "Mail-enabled groups"]. I haven't found a clear answer to the question: with an Exchange 2019 (and soon SE) server on-premises - with users initially created on-premises - is there a way to provision new EXO mailboxes [using the 'new-remotemailbox' cmdlet], such that the on-prem EAP applies during creation? I've been working with these two references, but so far haven't found a way to make the "new-remotemailbox..." cmdlet work to (a) create a new account on-premises and (b) ultimately have an EXO mailbox provisioned with the on-prem EAP addresses in place: On provisioning mailboxes in Exchange Online when in Hybrid | Microsoft Community Hub https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/new-remotemailbox?view=exchange-ps Any thoughts or suggestions would be welcomed! (OR - perhaps it just can't be done?)SMIME not working in OWA
Help needed for S/MIME setup on M365 with Exchange Online and Windows/macOS What was done: Installed the .pfx key on Windows and macOS locally with the password Deployed the root and intermediate certificate via Intune on the Windows and macOS devices Exported the root and intermediate certificate via certmgr.msc and uploaded the .sst via Connect-ExchangeOnline Set-SmimeConfig -SMIMECertificateIssuingCA ([IO.File]::ReadAllBytes('C:\Temp\certificate_CA.sst')) Published the public S/MIME signature via “Publish to GAL” in classic Outlook manually for each user (Windows users). Current Status: Working Sending Encrypted email from a signed Reply (Old/classic Outlook) Sending Encrypted email from new email (Old Outlook) (Works after publishing in GAL/saving the Signature to contact for External) Sending Encrypted email from new email (Outlook for Mac) to windows user who published their certificate via GAL NOT working Sending Encrypted email from new email (New Outlook [Windows]) – Error message: Certificate is not trusted by this organization Sending Encrypted email from new email (OWA on Edge [Windows]) – Error message: Certificate is not trusted by this organization Sending Encrypted email from new email (Old Outlook Windows) to mac users, since certificate was not published
RBAC role to allow you to see in Exchange admin portal messagetrace
I’m trying to build management role, that will allow Admin to access and run messagetrace https://admin.exchange.microsoft.com/#/messagetrace I already add Message Tracking role Assignment, but messagetrace is not available in GUI. I saw recommendation for View-Only Recipients , which has Default recipient scope None and Default configuration None. I believe the role is not correct one.
Creation of customrole that allows only creation of Mailenabled Security groups.
Hej Exchange community :) My first post here and i am also quick to admit that im not really super experienced with Exchange management (been a user of the Gui for many years on a servicedesk) I am trying to create a custom role in our 2019 onprem exchange installation to give our servicedesk the ability to create mailenabled security groups directly in the gui in Ecp. My custom role has access to the cmdlets bellow but im missing something Get-ManagementRoleEntry "mygroupname\*" Enable-DistributionGroup Remove-DistributionGroupMember Add-DistributionGroupMember Remove-DistributionGroup Set-DistributionGroup Get-OrganizationalUnit Get-Group Get-Recipient Get-DistributionGroup New-DistributionGroup The test user i have set up in order to test this gets access to create distributionsgroups sure enough but the security groups option is not there. as i have understand it is the "New-DistributionGroup" cmdlet with the parameter type-security that allows for the creation of the security groups, but when i try to add that with After a few hours spent googling and asking different gpt (and sorting thro the gpt hallusinations) i'm at a loss for what the issue might be. Anyone got any ideas what i'm missing? Thanks in advance :)
