User Profile
EmekaNgene
MCT
Joined 6 years ago
User Widgets
Recent Discussions
Re: Exchange Hybrid Wizard Error
Hello Barry, Happy New Year well here are my go to articles whenever I run into HCW issues, once you go through them meticulously you should be able to resolve this, it just requires patience. https://techcommunity.microsoft.com/blog/exchange/understanding-hybrid-migration-endpoints-in-classic-and-modern-hybrid/916993 https://techcommunity.microsoft.com/blog/exchange/modern-hcw-hybrid-agent-troubleshooting-like-a-pro/1558725 https://techcommunity.microsoft.com/blog/exchange/understanding-hybrid-migration-endpoints-in-classic-and-modern-hybrid/916993 Goodluck Buddy 🙂Re: SMTP Issue - Exchange 2019
Hello Alex Happy New Year to you, What an interesting scenario I must say, According to you "This application can send all the emails with any subject, but if the subject is "Purchace Order to be approved" the relay fails. Checking logs, I could see that when the message has this mentioned subject then the field "sender-address" is always empty (return-path is ok). And, of course, SPF/DKIM fails and message is quarantined. All other message subjects contain the address in "sender-address". Well here are my thoughts on this You can use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft, This will help you understand why it was blocked. https://learn.microsoft.com/en-us/defender-office-365/submissions-admin https://learn.microsoft.com/en-us/defender-office-365/submissions-result-definitions?source=recommendations If the SPF/DKIM fails then check if the sending IP address is part of the SPF record that might be a pointer to why it fails. Since you mentioned that you have a hybrid exchange environment, I believe that emails from your on-prem is routed through a connector, use the message header anaylzer to check the mail flow or mail route of a working email and compare it with the one that fails to determine if they follow the same route or come from the same source. You can also use message trace and extended message trace to check and to understand the activities/actions that happened to the emails (both working and not working) as they get delivered. You can use another smtp application to simulate this, I mean try to send an email using the same subject with another smtp application, I usually use powershell to do this # Send the email Send-MailMessage -From <Email address> -To <Emaill address> -Subject <MessageSubject> -Body <MessageBody> -SmtpServer <SmtpServer> -Credential -Credential (Get-Credential) -UseSsl -Port 587 or 25 or you can try any SMTP Diag tool. This will help you confirm if it is from your application or not. Good luck buddyRe: MS Teams Block People
deepakjee From the Microsoft message center M365 Admin Microsoft Teams: Block a user for your organization This blog post was originally posted by Microsoft in the Microsoft 365 message center. Microsoft Teams is introducing a block user feature to prevent malicious users from contacting an organization again. This feature, associated with Microsoft 365 Roadmap ID 411138, will be available worldwide in early November 2024. Admins can block users, preventing 1:1 and group chats with them. It’s off by default and can be enabled in external access settings. Updated September 13, 2024: We have updated the rollout timeline below. Thank you for your patience. The availability of the delete API (removeallaccessforuser API) does not stop a malicious user from resending a Microsoft Teams message to the same victim. To help prevent that, a block user feature will allow the admin to block the malicious user from reaching out again. To make this possible, we will use a similar feature as the allow/block list in federation identity credentials to block the malicious user from the entire organization. This message is associated with Microsoft 365 Roadmap ID 411138. When this will happen: General Availability (Worldwide): We will begin rolling out early November 2024 (previously late October) and expect to complete by mid-November 2024 (previously early November). How this will affect your organization: Admins can now set up a list of users that are blocked from collaborating with their organization. If a user is added to the block list, your organization will not be able to have 1:1 and group chats with these users. If chats already exist before a user is added to the block list, the blocked user will be removed from the chat. This feature is turned off by default. What you need to do to prepare: If you wish to use this feature, navigate to external access organization settings to turn this feature on and add users to the block list. Message ID: MC888879Re: Conditional access - Disabling security defaults
Hello Seyo Please docs on security defaults below https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults#enabling-security-defaults https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=secdefaultsRe: Your message couldn't be delivered because the recipient's email server (outside Office 365) suspect
Hello Raginho Please confirm if you are experiencing this issue when you send email from OWA (Outlook.office.com) or outlook desktop client or both. Also confirm if you have SPF,DKIM and DMARC set up for your domain. Use the Microsoft header analyzer below to check the message header of the email, to see the spam confidence level (SCL), I suspect that your outbound emails might be leaving through the High risk delivery pool https://mha.azurewebsites.net/Re: How to safely switch from AAD Cloud Sync to AAD Connect
Hello petrlenz From experience and as I can see in my lab, you can go ahead and install the AD connect, it can actually run along side the cloud ad connect. https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/tutorial-pilot-aadc-aadccp https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/plan-cloud-sync-topologies?source=recommendations https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/reference-cloud-sync-faqRe: Is there any method to restore or check previous sent items as it was not found in user outlook mail
Hello Kuenzeey You can use an ediscovery tool called content search to search for emails sent by the user using parameters like date range. Please go though the links below https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365-worldwide You can also check the deleted items then recovery items folder of the user check if you can find the emails. You can as well check from the exchange admin center https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-user-mailboxes/recover-deleted-messagesRe: incoming emails going to the junk folder for all the users under our domain
Hello mushag I understand that incoming emails going to the junk folder for all the users under your domain Since it is happening to all users I suspect it has to be an organization wide level troubleshooting, you need to pick a user (Maybe you if you are affected) get a sample email from the Junk folder and extract the message header use the Microsoft header analyzer https://mha.azurewebsites.net/ to check the following headers use this link below to understand the scores https://docs.microsoft.com/en-us/Exchange/antispam-and-antimalware/antispam-protection/antispam-stamps?redirectedfrom=MSDN&view=exchserver-2019 Then you can also do a message trace to see and check the message events https://docs.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/run-a-message-trace-and-view-results from experience, I suspect anti-spam policy Goodluck Mate!Re: Certification of Tax Residence for Tax Year 2022 Microsoft
Hello Cecilia I suggest that you reach out the Microsoft global customer service by phone, ask for the commerce team Global Customer Service phone numbers https://support.microsoft.com/en-us/topic/global-customer-service-phone-numbers-c0389ade-5640-e588-8b0e-28de8afeb3f2 or you raise a support ticket from your admin portal to the commerce team.Re: Export Office 365 Sent Mails to CSV via PowerShell
Hello Paddy If I understand, you want to export the sent email activity report of one of your users Have you tried to do it from the admin center https://admin.microsoft.com/Adminportal/Home?#/reportsUsage/EmailActivity https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/admin/activity-reports/email-activity-ww?view=o365-worldwideRe: Exchange online New-MailboxRestoreRequest about transfer archive data
Hello Wahzo I see that you to transfer a soft-deleted mailbox content to a new shared mailbox for review purpose. Confirm if the mail box is under litigation hold or a retention policy? If yes, then it is in inactive state. https://docs.microsoft.com/en-us/microsoft-365/compliance/inactive-mailboxes-in-office-365?view=o365-worldwide Confirm if this archive is in the on-premises exchange or in exchange online? Please note that Shared mailboxes does not have archive unless it has a MS license that contains Exchange online plan 2, and have a default size of 50 GB which can be increase by adding a license that contains exchange online plan 2 If you are restoring from on-premises Restore to Exchange Online archive mailbox: TargetMailbox is the ArchiveGuid value of the target Exchange Online archive mailbox https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/delete-or-restore-mailboxes#restoring-disconnected-on-premises-mailboxes-to-exchange-online However I think you need to go through this documentation below. https://docs.microsoft.com/en-us/microsoft-365/compliance/recover-an-inactive-mailbox?view=o365-worldwide NOTE What's the main difference between recovering and restoring an inactive mailbox? When you recover an inactive mailbox, the mailbox is converted to a new mailbox, the contents and folder structure of the inactive mailbox are retained, and the mailbox is linked to a new user account. After it's recovered, the inactive mailbox no longer exists, and any changes made to the content in the new mailbox will affect the content that was originally on hold in the inactive mailbox. Conversely, when you restore an inactive mailbox, the contents are merely copied to another mailbox. The inactive mailbox is preserved and remains an inactive mailbox. Any changes made to the content in the target mailbox won't affect the original content held in the inactive mailbox. The inactive mailbox can still be searched by using In-Place eDiscovery, its contents can be restored to another mailbox, or it can be recovered or deleted at a later date.Re: Fastest workflow to block a phished user?
Hello Kiril 1) Is blocking the sign-in of a user restricting him from sending e-mail, in case he has an active session. It won't restrict him from sending email or stop active sessions, it will stop further sign in into the mailbox. To stop active sessions you will have to sign him out from all active session using the Sign out of all sessions tab under the accounts tab in the users' properties plane in the admin center Within an hour - or after he leaves the current Microsoft 365 page he was on - he prompted to sign in again. An access token is good for an hour, so the timeline depends on how much time is left on that token, and whether he navigates out of their current webpage. However If the he is in Outlook on the web, just clicking around in their mailbox, he may not be kicked out immediately. As soon as he select a different tile, such as OneDrive, or refresh their browser, the sign-out is initiated. 2) Follow-up question: is it possible to manually add a user to the restricted users list, if I suspect him to be phished? It is not possible to add a user manually to restricted users list.Re: Exchange Hybrid DNS and Certificate
Hello mridley 1) Does the external certificate required for the Transport certificate replace the existing internal certificate already on the Exchange servers. i.e. I would need to create a new external certificate with all the SANS I have already and use this certificate on the same Exchange Servers and for the same Exchange services as well as installing it on the new Edge server? Yes you would need an external certificate, Certificates: Assign Exchange services to a valid digital certificate that you purchased from a trusted public certificate authority (CA). Although you should use self-signed certificates for the on-premises federation trust with the Microsoft Federation Gateway, you can't use self-signed certificates for Exchange services in a hybrid deployment. The Internet Information Services (IIS) instance on the Exchange servers that are configured in the hybrid deployment require a valid digital certificate purchased from a trusted CA. The EWS external URL and the Autodiscover endpoint that you specified in your public DNS must be listed in the Subject Alternative Name (SAN) field of the certificate. The certificates that you install on the Exchange servers for mail flow in the hybrid deployment must all be issued by the same certificate authority and have the same subject. When configuring a hybrid deployment, you must use and configure certificates that you have purchased from a trusted third-party CA. The certificate used for hybrid secure mail transport must be installed on all on-premises Mailbox (Exchange 2016 and newer), and Mailbox and Client Access (Exchange 2013 and older) servers. https://docs.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites https://docs.microsoft.com/en-us/exchange/certificate-requirements 2) The HCW asks for the organization FQDN which I believe is used to configure the outbound connector from EOP to on-premises. I presume this would be configured on the Edge server. Would the FQDN be what I am already using internally i.e. mail.mydomain.com or would it be mydomain.com or does it relate to the transport certificate selected earlier and could be anything such as mailhybrid.mydomain.com. it would be mydomain.com which has been verified in your tenant. Go through this link below https://docs.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites HCW https://docs.microsoft.com/en-us/exchange/hybrid-configuration-wizard
