I came across two interesting oddities in journaling in Exchange Online in the last few weeks that I noticed where not really mentioned anyway (or anywhere I could find that is). The first involces routing of journal reports and the second the selection of the journal target. The journal report, that is the message that is sent to the journal target mailbox when an email is sent or received from the mailbox(es) under the control […]
In a long term hybrid scenario, where you have Exchange Online and Exchange Server configured and mailboxes on both, internet bound email from your on-premises servers can route in two general ways. The first is outbound via whatever you had in place before you moved to Office 365. You might have configured Exchange Online to also route via this as well. The second is to route Exchange Server outbound emails via Exchange Online Protection. Your […]
With a hybrid Exchange Online deployment, where you have Exchange Server on-premises and Exchange Online configured in the cloud, and utilising AADConnect to synchronize the directory, you should never find that a synced user object is configured as both a mailbox in the cloud and a mailbox on-premises. When Active Directory is synced to Azure Active Directory, the ExchangeGUID attribute for the on-premises user is synced to the cloud (assuming that you have not do […]
There is a new add-in available for Outlook and OWA in Office 365 that can simplify spam and phishing reporting to Microsoft for content in your mailbox. I recommend rolling this add-in out to everyone in your Office 365 tenant and for Office 365 consultants to add this as part of the default steps in deploying a new tenant. This can be done with the following steps: In the Exchange Control Panel at https://outlook.office365.com/ecp/ go […]
If you set up an SSTP VPN on Windows RRAS server and are using a wildcard certificate, there are client settings to fix before the client can connect. If you run the Windows 10 client through the default setup for a VPN you get the following error. This reads “The remove access connection completed, but authentication failed because the certificate on the server computer does not have a server name specified” Note that this blog […]
It is now possible to preview attachments that Advanced Threat Protection (ATP) is currently in the process of checking. This was enabled on my tenant recently and so will come to all tenants soon. It was mentioned at Microsoft Ignite 2017. It looks like this. You get the email with the standard ATP attachment saying your email is being scanned. For this email you need to have Dynamic Delivery enabled for ATP, which means you […]
The instructions from Microsoft at https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup are missing some of the steps on setting up hybrid device join to Azure AD. This is a complete list of steps when Pass-Thru auth with SSO is enabled on the domain. Enable SSO – this is covered elsewhere. You can also do hybrid device join on a federated domain, though this is not covered here. On your AADConnect server ensure that the MSOnline PowerShell add in is installed […]
I have had this issue for ages, but could not find any answer for it on the internet that did not involve resetting Skype for Business or other complex stuff when in fact the answer is so easy it hurts! Finding it was one of those Duh! moments. You have this: Skype for Business shows a red flag in one of the sections that will not go away. In my case it was the Conversation […]
The best connectivity to Office 365 is achieved with local internet breakout and local DNS egress. This means things like each branch office should connect directly to the internet and not via the Head Office and then to the internet and that DNS lookups are done local as well. The reason for DNS lookups is to do with AnyCast and DNS resolution. Microsoft see where you make your DNS requests from and return responses to […]
I came across an issue recently where the Outlook security dialog box popup was broken. Rather than looking as below, the username and password fields where missing: The dialog box appeared as: Notice that the username and password fields are missing! Also missing, and the key to this issue, is the picture is missing too. This is usually an empty box, but for some companies they use Group Policy to push out a different graphic. […]
In the last few days the layout of the Security and Compliance Center with regard to the Threat Management section appears to have changed. In the middle of the week just gone, and for a long while previously, you could access Mail Filtering, Anti-malware, and DKIM from Security and Compliance > Threat Management and see these items as entries on a menu: For example, Advanced Threats For example, Mail Filtering But in the last two […]
When you set up Azure AD SSO, the Azure AD Connect application creates a computer account called AZUREADSSOACC. Do not disable this account, or SSO stops working. I’ve had a few clients in the past week disable this when generally disabling all the computer accounts that have not logged in for X days. Therefore if you have Azure AD SSO enabled, I suggest updating your documentation on disabling computer accounts – ‘cause not all computer […]
I saw the following error with a client the other day when sending emails from the client to any of the Virgin Media owned consumer ISP email addresses (virginmedia.com, ntlworld.com, blueyonder.com etc.) mx3.mnd.ukmail.iss.as9143.net gave this error:vLkg1v00o2hp5bc01Lkg9w DMARC validation failed with result 3.00:quarantine In the above, the server name (…as9143.net) might change as will the value before the error, but either DMARC validation failed with result 3.00:quarantine or 4.00:reject is the end of the error message. […]
I put the following post together as I was asked this question from Microsoft themselves! This post covers what you need to put in place, and how you can test some of it (as testing the blocking of malware involves sending malware first!) First, lets take a look at the Advanced Threat Protection steps for a proof of concept (PoC), and then later we will look at the new Office Smart Links feature. You need […]
Here is a scenario I have come across in a few clients in just the last few weeks. This is not something that I recommend implementing lightly, as there are implications. But it does allow some very specific problems with public folder integration to be solved in the short term. Update: March 2018 – this process below has changed considerably due to changes in the Exchange Online and AutoDiscover that have stopped this process working […]
In Exchange Online there are a few different options for forcing email to require an encrypted connection. These depend upon the level of licence you have, and some of them are user based (Office 365 Message Encryption for example), but there are two ways to force TLS (transport layer security) for the email between when the message leaves Office 365 and arrives with the recipient email system. The first of these is a Mail Flow […]