blog.icewolf.ch

Let's talk about IT!
posts - 2257, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Exchange

Messaging, Exchange, SMTP
Exchange Online PowerShell V1 Module depreciation

Hi All, If you still use "Exchange Online PowerShell with MFA" aka "ExchangeOnline_V1" PowerShell Module - it is time to Upgrade. Instead of using the ExchangeOnlineManagement V2 i recommend to use the V3 Module wich is GA since a few Months. ExchangeOnlineManagement 3.1.0 https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.1.0 The old PowerShell Module still can be downloaded in the "Classic Exchange Admin Center" That's the Link on the Desktop Here's the Info Message you receive when using this PowerShell Regards Andres Bohren

posted @ Monday, January 30, 2023 8:43 PM | Filed Under [ Exchange PowerShell ]

Exchange Online: Use Test-Message to verify your Transport- and DLP Rules

Hi All, In the Microsoft 365 Message Center https://admin.microsoft.com/#/MessageCenter there is an Announcement about Test-Message where you can test the Transport Rules and DLPRules. FIX: Exchange Transport rule (ETR) or Data Loss Prevention (DLP) rule is not working as expected https://techcommunity.microsoft.com/t5/security-compliance-and-identity/fix-exchange-transport-rule-etr-or-data-loss-prevention-dlp-rule/ba-p/3033869 Test-Message https://learn.microsoft.com/en-us/powershell/module/exchange/test-message?view=exchange-ps Test-Message -Sender m.muster@icewolf.ch -Recipients postmaster@icewolf.ch -SendReportTo a.bohren@icewolf.ch  -TransportRules -UnifiedDLPRules Let's have a look at my Transport Rules Get-TransportRule Now i get two Reports: "Transport Rule Tracing Report" and a "DLP Rules Tracing Report" Regards Andres

posted @ Thursday, January 26, 2023 11:39 AM | Filed Under [ Exchange ]

Exchange Online custom RBAC Role with App Authentication (OAuth2)

Hi All, I've already blogged about Exchange Online PowerShell V2 and Modern Auth with Application in AzureAD (Step-by-step) Azure AD Application Registration Permission: Office 365 Exchange Online > Exchange.ManageAsApp Add AAD App to Azure AD Role "Exchange Administrator" or "Exchange Recipient Administrator" In this Article it's about custom RBAC Roles and Application Authentication Azure AD Application Registration Permission: Office 365 Exchange Online > Exchange.ManageAsApp Create a Exchange Online Service Principal for the Azure AD App ...

posted @ Thursday, January 19, 2023 11:09 PM | Filed Under [ Exchange ]

Exchange Online legacy TLS Endpoints for POP3 IMAP and SMTP

Hi All, New opt-in endpoint for POP3/IMAP4 clients that need legacy TLS https://techcommunity.microsoft.com/t5/exchange-team-blog/new-opt-in-endpoint-for-pop3-imap4-clients-that-need-legacy-tls/ba-p/3710395 Exchange Online ended support for TLS1.0 and TLS1.1 in October 2020. This year, we plan to disable these older TLS versions for POP3/IMAP4 clients to secure our customers and meet compliance requirements. However, we know that there is still significant usage of POP3/IMAP4 clients that don’t support TLS 1.2, so we’ve created an opt-in endpoint for these clients so they can use TLS1.0 and TLS1.1. This way, an organization is secured with TLS1.2 unless...

posted @ Tuesday, January 10, 2023 10:56 PM | Filed Under [ Security Exchange ]

January 2023 Exchange Server Security Updates

Hi All, Just a few hours Ago the January 2023 Exchange Server Security Updates have been released. Released: January 2023 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-january-2023-exchange-server-security-updates/ba-p/3711808 In my case i have downloaded the Security Update 5 for Exchange 2016 CU23 Security Update For Exchange Server 2016 CU23 SU5 (KB5022143) https://www.microsoft.com/en-us/download/details.aspx?id=104914 Then run the Security Update When you run the HealthChecker and it has found an update close and reopen Exchange Management Shell after the update. Exchange HealthChecker https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/ .\HealthChecker.ps1 As you can see the "SerializedDataSigning" is not enabled Let's run the MonitorExchangeAuthCertificate - basically just checks if the Certificate is still valid or needs to be renewed. I've blogged how to do that. Renew Microsoft Exchange...

posted @ Tuesday, January 10, 2023 10:31 PM | Filed Under [ Exchange ]

ExchangeOnlineManagement 3.1.0 released as GA

Hi All, Just a few hours ago, Microsoft has released the ExchangeOnlineManagement PowerShell Module 3.1.0 as GA. ExchangeOnlineManagement 3.1.0 https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.1.0 What is new in this release: v3.1.0 :    1.  Support for providing an Access Token with Connect-ExchangeOnline.    2.  Bug fixes in Connect-ExchangeOnline and Get-ConnectionInformation.    3.  Bug fix in Connect-IPPSSession for connecting to Security and Compliance PowerShell using Certificate Thumbprint. Check what Version is installed and what's available from the PowerShell Gallery Get-InstalledModule ExchangeOnlineManagement Find-Module ExchangeOnlineManagement Uninstall the old Module and install the GA Module Uninstall-Module ExchangeOnlineManagement -Force Install-Module ExchangeOnlineManagement Get-InstalledModule ExchangeOnlineManagement Let's test it Connect-ExchangeOnline Get-ConnetionInformation Get-Mailbox -Identity <Mailbox> Works so far. I will use now this Version in my Daily work and we will see how...

posted @ Tuesday, January 10, 2023 8:05 AM | Filed Under [ Exchange PowerShell ]

Exchange Online Role Based Access Control (RBAC) for Applications

Hi All On December 01 Microsoft has announced in the Exchange Team Blog that they Support Role Based Access Control (RBAC) for Applications in Exchange Online. The most important Takeaways are: The Preview is now available to all customers in our worldwide multi-tenant environment, and we expect to reach general availability in H1 2023 This feature extends our current RBAC model and will replace the current Application Access Policy feature. Service Principals representing apps must be manually created in Exchange Online during the Preview, but this process will be...

posted @ Thursday, January 5, 2023 11:29 PM | Filed Under [ Exchange ]

Exchange Online Migration: Deprecation of BadItemLimit and use of Data Consistency Score

Hi All, If you are a frequent Reader of the Exchange Team Blog, then you probably saw, that they announced to depreciate Bad Item Limit (BIL) and Large Item Limit (LIL) until end of 2022. Deprecating bad item limit and large item limit migration parameters https://techcommunity.microsoft.com/t5/exchange-team-blog/deprecating-bad-item-limit-and-large-item-limit-migration/ba-p/3652478 Migrations with Data Consistency Score (DCS) – more than you ever wanted to know! https://techcommunity.microsoft.com/t5/exchange-team-blog/migrations-with-data-consistency-score-dcs-more-than-you-ever/ba-p/2393406 Let's see that in Action Connect-ExchangeOnline $ONPREMCREDS = get-credential "CORP\Administrator" Let's create a MoveRequest with the BadItemLimit Parameter. You see there is a warning. $Mailbox = "demo02@icewolf.ch" New-MoveRequest -Identity $Mailbox -Remote -RemoteHostName mail.icewolf.ch -TargetDeliveryDomain icewolfch.mail.onmicrosoft.com -RemoteCredential $ONPREMCREDS -BadItemLimit 100 With the MoveRequestStatistics you can see that the DataConsistencyScore is not used Get-MoveRequest...

posted @ Friday, December 30, 2022 3:58 PM | Filed Under [ Exchange ]

How to delete MAPI Permission if Remove-MailboxFolderPermission does not work

Hi All, Today i helped a Collegue with an Exchange Online Folderpermission Problem. He could not remove the Permissions from a Mailbox Folder (MAPI Permission). Get-MailboxFolderPermission -Identity email@domain.tld:\Kalender | fl Let's remove the User (In fact a Mail Enabled Security Group) Remove-MailboxFolderPermission -Identity email@domain.tld:\Kalender -User CH_DE_Room_Equipment_Reviewer This resulted in the following Error: Microsoft.Exchange.Management.StoreTasks.UserNotFoundInPermissionEntryException | There is no existing Permission entry found for user I've grabbed MFCMAPI from Stephen Griffin. https://github.com/stephenegriffin/mfcmapi/releases/latest First set some Options Tools > Options Enable the two Options: - Use the MDB_Online flag when calling OpenMsgStore - Use the MAPI_NO_CACHE flag when calling OpentEntry I've created an Outlook Profile and had FullAccess to that Mailbox. Session > Logon Selected that Outlook Profle Selected...

posted @ Friday, December 30, 2022 2:48 PM | Filed Under [ Exchange ]

Authenticated Received Chain (ARC)

Hi All, Did you come across "Authenticated Received Chain (ARC)"? Authenticated Received Chain (ARC) is an email authentication system designed to allow an intermediate mail server like a mailing list or forwarding service to sign an email's original authentication results. This allows a receiving service to validate an email when the email's SPF and DKIM records are rendered invalid by an intermediate server's processing. ARC is defined in RFC 8617, published in July 2019, as "Experimental" If a Mail is sent via a 3rd Party Server, then SPF, DKIM and DMARC might fail on the Recipient Mailserver. With ARC, the 3rd Party Server can add...

posted @ Friday, December 30, 2022 11:40 AM | Filed Under [ Exchange ]

Full Exchange Archive

Powered by:
Powered By Subtext Powered By ASP.NET