Exchange 2016 and deffer delivery
Hi! Is it possible to configure delay of outgoing sending messages for user mailbox, like outlook's deffered delivery? I couldn't find such an option in mailflow-rules, as deepseek says "New-TransportRule -Name "DelaySendForUser" -SenderAddressEquals "email address removed for privacy reasons" -DeferMessageMinutes 2 -Enabled $true" - it doesn't work:))
How to consistently differentiate Microsoft service notification emails from normal user emails?
I receive a large number of notification mails from Microsoft services (SharePoint, Teams, etc.) and they clutter my mailbox. I’ve tried: Inbox rules filtering by sender (e.g., email address removed for privacy reasons) → doesn’t work since Microsoft uses many changing domains. Filtering by Microsoft IP ranges → some internal org mails also get caught. Filtering by domains from Microsoft endpoint list → works, but the list updates monthly, so not reliable. Question: Is there a consistent way (e.g., via Internet message headers or any other property) to reliably identify Microsoft-generated notification emails vs normal user emails?
Microsoft some server IP not in SPF List?
We Have add DNS record v=spf1 include:spf.protection.outlook.com -all , but find to SPF is failed spf:demo.com:2603:1096:301:11b::15 how can we solve this problem , because we need increase the security Level , would like quarantine / set to junk mailbox for SPF Fail mail Thank
Exchange 2019 Mailbox Migration Error - Folder conflicts with Exchange Online folder
Hi Exchange Experts, I'm migrating a small Exchange 2019 environment to 365. Been pulling my hair out becuase of just one mailbox giving this error Error description --------------------------- Error: AggregateMailboxFolderConflictPermanentException: The folder 'Files' conflicts with Exchange Online folder 'Files', please move the messages to another folder and restart the job. Data migrated: 0 B (0 bytes) Migration rate: -------------------------------------- Migration user report: 5/14/2025 12:32:05 PM [MEUP300MB0105] Request processing continued, stage CreatingFolderHierarchy. 5/14/2025 12:32:05 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Fatal error AggregateMailboxFolderConflictPermanentException has occurred. ---------------------- It seems to be a system folder and I've tried to remove files from it (although there're no files in it) using MFCMAPI tool with no success. Renamed the folder and tried to re-run the migration with no luck. Has anyone experience this issue? any thoughts or tips are much appreciated ! Thank you.Applying On-Prem EAP with New-Remote Mailbox
BACKGROUND: my org is in a hybrid AD/Exchange environment, and will remain so for some time. All mailboxes, other than a very small number with on-prem dependencies, were migrated to M365 a few years ago; we will continue to have 1-2 Exchange Servers on-premises for both management and some legacy on-prem processes. All user accounts are created on-premises, and synchronized to M365 through Entra Connect Sync. Our on-prem EAP has the exact address syntaxes that we need [applies to "Users with Exchange mailboxes" + "Resource mailboxes" + "Mail-enabled groups"]. I haven't found a clear answer to the question: with an Exchange 2019 (and soon SE) server on-premises - with users initially created on-premises - is there a way to provision new EXO mailboxes [using the 'new-remotemailbox' cmdlet], such that the on-prem EAP applies during creation? I've been working with these two references, but so far haven't found a way to make the "new-remotemailbox..." cmdlet work to (a) create a new account on-premises and (b) ultimately have an EXO mailbox provisioned with the on-prem EAP addresses in place: On provisioning mailboxes in Exchange Online when in Hybrid | Microsoft Community Hub https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/new-remotemailbox?view=exchange-ps Any thoughts or suggestions would be welcomed! (OR - perhaps it just can't be done?)SMIME not working in OWA
Help needed for S/MIME setup on M365 with Exchange Online and Windows/macOS What was done: Installed the .pfx key on Windows and macOS locally with the password Deployed the root and intermediate certificate via Intune on the Windows and macOS devices Exported the root and intermediate certificate via certmgr.msc and uploaded the .sst via Connect-ExchangeOnline Set-SmimeConfig -SMIMECertificateIssuingCA ([IO.File]::ReadAllBytes('C:\Temp\certificate_CA.sst')) Published the public S/MIME signature via “Publish to GAL” in classic Outlook manually for each user (Windows users). Current Status: Working Sending Encrypted email from a signed Reply (Old/classic Outlook) Sending Encrypted email from new email (Old Outlook) (Works after publishing in GAL/saving the Signature to contact for External) Sending Encrypted email from new email (Outlook for Mac) to windows user who published their certificate via GAL NOT working Sending Encrypted email from new email (New Outlook [Windows]) – Error message: Certificate is not trusted by this organization Sending Encrypted email from new email (OWA on Edge [Windows]) – Error message: Certificate is not trusted by this organization Sending Encrypted email from new email (Old Outlook Windows) to mac users, since certificate was not published
RBAC role to allow you to see in Exchange admin portal messagetrace
I’m trying to build management role, that will allow Admin to access and run messagetrace https://admin.exchange.microsoft.com/#/messagetrace I already add Message Tracking role Assignment, but messagetrace is not available in GUI. I saw recommendation for View-Only Recipients , which has Default recipient scope None and Default configuration None. I believe the role is not correct one.
Creation of customrole that allows only creation of Mailenabled Security groups.
Hej Exchange community :) My first post here and i am also quick to admit that im not really super experienced with Exchange management (been a user of the Gui for many years on a servicedesk) I am trying to create a custom role in our 2019 onprem exchange installation to give our servicedesk the ability to create mailenabled security groups directly in the gui in Ecp. My custom role has access to the cmdlets bellow but im missing something Get-ManagementRoleEntry "mygroupname\*" Enable-DistributionGroup Remove-DistributionGroupMember Add-DistributionGroupMember Remove-DistributionGroup Set-DistributionGroup Get-OrganizationalUnit Get-Group Get-Recipient Get-DistributionGroup New-DistributionGroup The test user i have set up in order to test this gets access to create distributionsgroups sure enough but the security groups option is not there. as i have understand it is the "New-DistributionGroup" cmdlet with the parameter type-security that allows for the creation of the security groups, but when i try to add that with After a few hours spent googling and asking different gpt (and sorting thro the gpt hallusinations) i'm at a loss for what the issue might be. Anyone got any ideas what i'm missing? Thanks in advance :)
Local domain mailbox migration error
I ran into an issue while migrating from on-premise to O365. On-premise AD domain is “domain.local” so users have their mailboxes smtp address as follows: primary smtp mailto:email%20address%20removed%20for%20privacy%20reasons ( public domain ) aliases smtp proxy: mailto:user@domain.local We setup the hybrid environment and started the mailbox migration but they’re failing with the error that domain.local is not an accepted domain in O365. this is the first time it occurred to us since we made a lot of migration so far What can it be ? obviously is not possible to add domain.local as accepted domain in o365How do you handle off-hours patching in small environments with no HA?
In smaller IT environments without high availability (HA) setups, managing updates and patches, especially during off-hours, can be tricky. Without redundancy or failover systems, patching often involves planned downtime, making it critical to schedule and execute updates efficiently to avoid disrupting operations. If you don't have coverage, do you stick to late-night or weekend patching windows? How do you communicate expected downtime with users ? What is your rollback plan if a patch causes issues ? Do you take snapshots/backup before patching ? How do you factor in security urgency vs operational impact ?
