Our mail domain isn't safe by default for Exchange Online users
Hello all, Our PR Team requested to force automatic download of pictures for internal letters that are sent by the team. We decide to use GP setting "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" from Office an administrative template. It works fine for users with on-prem mailboxes because our mail domain is in the Safe Senders by default, but it doesn't work for users with mailboxes in Exchange Online. For EO mailboxes, pictures of internal letters are not downloaded automatically in classic Outlook. They have to add "@<our mail domain" to Safe Senders list to download pictures automatically. Any attempts to add the same domain by using Set-MailboxJunkEmailConfiguration fail because "the domain is the default mail domain"! (And should be treated as safe). Headers show that letters are not "Anonymous" but internal. It looks like a bug, or we missed something in our Hybrid configuration. Any ideas? King regards, Dmitry Horushin
SQL Server enabled by Azure Arc is now generally available in the US Government Virginia region
We’re thrilled to announce that SQL Server enabled by Azure Arc on Windows is now generally available in the US Government Virginia region. With this, U.S. government agencies and organizations can manage SQL Server instances outside of Azure from the Azure Government portal, in a secure and compliant manner. SQL Server enabled by Azure Arc resources in US government Virginia can be onboarded and viewed in the Azure Government portal just like any Azure resource, giving you a single pane of glass to monitor and organize your SQL Server estate in the Gov cloud. Available Features Currently, in the US Government Virginia region, SQL Server enabled by Azure Arc provides the following features: Connect your SQL Server to Azure Arc (onboard) a SQL Server instance to Azure Arc. SQL Server inventory which includes the following capabilities in the Azure portal: View SQL Server instances as Azure resources. View databases Azure resources. View the properties for each server. For example, you can view the version, edition, and database for each instance. Subscribe to Extended Security Updates in a production environment. Manage licensing and billing of SQL Server enabled by Azure Arc. License virtual cores. Review licensing limitations. All other features aren't currently available. How to Onboard Your SQL Server Onboarding SQL Server enabled by Azure Arc in the Government cloud is a two-step process that you can initiate from the Azure (US Gov) portal. Step 1: Connect hybrid machines with Azure Arc-enabled servers Step 2: Connect your SQL Server to Azure Arc on a server already enabled by Azure Arc Limitations The following SQL Server features aren't currently available in any US Government region: Failover cluster instance (FCI) Availability group (AG) License physical cores (p-cores) with unlimited virtualization. License physical cores (p-cores) without virtual machines. SQL Server associated services: SQL Server Analysis Services SQL Server Integration Services SQL Server Reporting Services Power BI Report Server Future Plans and Roadmap This is a major first step in bringing Azure Arc’s hybrid data management to Azure Government, and we will continue to do additional enhancements to achieve service parity. Conclusion The availability of SQL Server enabled by Azure Arc in the US Gov Virginia region marks an important milestone for hybrid data management in Government. If you’re an Azure Government user managing SQL Server instances, we invite you to try out SQL Server enabled by Azure Arc in US Government in Viginia region. And please, share your feedback with us through the community forum or your Microsoft representatives. Learn More: SQL Server enabled by Azure Arc in US Government SQL Server enabled by Azure Arc Update: September 12, 2025 As part of our ongoing improvements, we’ve lifted certain limitations in US Government Virginia. You can now onboard SQL Server enabled by Azure Arc environments with: Always On availability groups Associated SQL Server services: SQL Server Analysis Services SQL Server Integration Services SQL Server Reporting Services Power BI Report Server
Configure Dedicated Exchange Server Application
Currently our product ranning exchange 2019 CU15 with Exchange hybrid, so what else need configure other task for configuration of the dedicated application for Exchange Server. HCW8126 - Admin consent was not granted during the configuration of the dedicated application for Exchange Server. The application will be created but will not function until consent is provided. Please re-run the Hybrid Configuration Wizard (HCW) or grant consent via the Entra ID portal before using the application.Exchange 2019 Mailbox Migration Error - Folder conflicts with Exchange Online folder
Hi Exchange Experts, I'm migrating a small Exchange 2019 environment to 365. Been pulling my hair out becuase of just one mailbox giving this error Error description --------------------------- Error: AggregateMailboxFolderConflictPermanentException: The folder 'Files' conflicts with Exchange Online folder 'Files', please move the messages to another folder and restart the job. Data migrated: 0 B (0 bytes) Migration rate: -------------------------------------- Migration user report: 5/14/2025 12:32:05 PM [MEUP300MB0105] Request processing continued, stage CreatingFolderHierarchy. 5/14/2025 12:32:05 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Stage: CreatingFolderHierarchy. Percent complete: 10. 5/14/2025 12:32:12 PM [MEUP300MB0105] Fatal error AggregateMailboxFolderConflictPermanentException has occurred. ---------------------- It seems to be a system folder and I've tried to remove files from it (although there're no files in it) using MFCMAPI tool with no success. Renamed the folder and tried to re-run the migration with no luck. Has anyone experience this issue? any thoughts or tips are much appreciated ! Thank you.
Update Federation Trust Certificate
Almost five years ago, I had set this up. I realized the cert is about to expire. I only have on test account on prem, everything else is in the cloud. Oauth is set up and we do have token based auth. I followed the steps to generate a new self signed cert, everything looks good even the text file in DNS. The issue is, when I run set-federationtrust - identity "Microsoft Federation Gateway -publishfederationcertificate, I get the following error. [FailureCategory=Cmdlet-Live DomainServicesException] 2B0D1031,Microsoft.Exchange.Management.SystemConfigurationTasks.SetFederationTrust + PSComputerName I have search and and tried several things for TLS 1.2 Enforcing TLS 1.2 on Windows 2019 via the reg Windows Registry Editor Version 5.00 enforce SchUseStrongCrypto Force Powershell to run tls1.2 I had to remove some of the verbage - i think the forum does not like it. Does anyone have any ideas Thanks PaulConvert resource mailbox to cloud only
Hi During migration to 365 we migrated our resource mailboxes (room/equipment) by using AAD Connect and New-MailboxMove command. Now we would like to clean up in on premise AD and convert these mailboxes to be cloud only, it is also a requirement since we want to use MTRs in the rooms. Is there any support way to convert them to cloud only and remove the link to on prem? Thanks PeterApplying On-Prem EAP with New-Remote Mailbox
BACKGROUND: my org is in a hybrid AD/Exchange environment, and will remain so for some time. All mailboxes, other than a very small number with on-prem dependencies, were migrated to M365 a few years ago; we will continue to have 1-2 Exchange Servers on-premises for both management and some legacy on-prem processes. All user accounts are created on-premises, and synchronized to M365 through Entra Connect Sync. Our on-prem EAP has the exact address syntaxes that we need [applies to "Users with Exchange mailboxes" + "Resource mailboxes" + "Mail-enabled groups"]. I haven't found a clear answer to the question: with an Exchange 2019 (and soon SE) server on-premises - with users initially created on-premises - is there a way to provision new EXO mailboxes [using the 'new-remotemailbox' cmdlet], such that the on-prem EAP applies during creation? I've been working with these two references, but so far haven't found a way to make the "new-remotemailbox..." cmdlet work to (a) create a new account on-premises and (b) ultimately have an EXO mailbox provisioned with the on-prem EAP addresses in place: On provisioning mailboxes in Exchange Online when in Hybrid | Microsoft Community Hub https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/new-remotemailbox?view=exchange-ps Any thoughts or suggestions would be welcomed! (OR - perhaps it just can't be done?)
