December 2022 Blog Posts
Hi All,
If you are a frequent Reader of the Exchange Team Blog, then you probably saw, that they announced to depreciate Bad Item Limit (BIL) and Large Item Limit (LIL) until end of 2022.
Deprecating bad item limit and large item limit migration parameters
https://techcommunity.microsoft.com/t5/exchange-team-blog/deprecating-bad-item-limit-and-large-item-limit-migration/ba-p/3652478
Migrations with Data Consistency Score (DCS) – more than you ever wanted to know!
https://techcommunity.microsoft.com/t5/exchange-team-blog/migrations-with-data-consistency-score-dcs-more-than-you-ever/ba-p/2393406
Let's see that in Action
Connect-ExchangeOnline
$ONPREMCREDS = get-credential "CORP\Administrator"
Let's create a MoveRequest with the BadItemLimit Parameter. You see there is a warning.
$Mailbox = "demo02@icewolf.ch"
New-MoveRequest -Identity $Mailbox -Remote -RemoteHostName mail.icewolf.ch -TargetDeliveryDomain icewolfch.mail.onmicrosoft.com -RemoteCredential $ONPREMCREDS -BadItemLimit 100
With the MoveRequestStatistics you can see that the DataConsistencyScore is not used
Get-MoveRequest...
Hi All,
Today i helped a Collegue with an Exchange Online Folderpermission Problem. He could not remove the Permissions from a Mailbox Folder (MAPI Permission).
Get-MailboxFolderPermission -Identity email@domain.tld:\Kalender | fl
Let's remove the User (In fact a Mail Enabled Security Group)
Remove-MailboxFolderPermission -Identity email@domain.tld:\Kalender -User CH_DE_Room_Equipment_Reviewer
This resulted in the following Error:
Microsoft.Exchange.Management.StoreTasks.UserNotFoundInPermissionEntryException | There is no existing Permission entry found for user
I've grabbed MFCMAPI from Stephen Griffin.
https://github.com/stephenegriffin/mfcmapi/releases/latest
First set some Options Tools > Options
Enable the two Options:
- Use the MDB_Online flag when calling OpenMsgStore
- Use the MAPI_NO_CACHE flag when calling OpentEntry
I've created an Outlook Profile and had FullAccess to that Mailbox.
Session > Logon
Selected that Outlook Profle
Selected...
Hi All,
Do you know that there is a Feedback Policy in Microsoft Teams?
Manage feedback policies in Microsoft Teams
https://learn.microsoft.com/en-us/microsoftteams/manage-feedback-policies-in-teams
Connect-MicrosoftTeams
Get-CsTeamsFeedbackPolicy
Let's enable FeatureSuggestions on the Global Policy
Set-CsTeamsFeedbackPolicy -Identity Global -EnableFeatureSuggestions $True
Get-CsTeamsFeedbackPolicy
Let's see all the Policies for my User. Teams Feedback Policy is blank - that means that the Global Policy will be applied
Get-CsOnlineUser -Identity a.bohren@icewolf.ch | fl *pol*
You can't see that Policy in Teams Admin Center (TAC)
So far this woks only in the Teams Online (Browser Version) - didn't see any Change on my Teams Desktop. Not even in Preview Mode.
...
Hi All,
Did you come across "Authenticated Received Chain (ARC)"?
Authenticated Received Chain (ARC) is an email authentication system designed to allow an intermediate mail server like a mailing list or forwarding service to sign an email's original authentication results. This allows a receiving service to validate an email when the email's SPF and DKIM records are rendered invalid by an intermediate server's processing.
ARC is defined in RFC 8617, published in July 2019, as "Experimental"
If a Mail is sent via a 3rd Party Server, then SPF, DKIM and DMARC might fail on the Recipient Mailserver.
With ARC, the 3rd Party Server can add...
Hi All,
I've performed a lot of Exchange Online Migrations this Year.
After the Mailbox was migrated i did run a Post Migration Script to set some Setting on the Mailbox like:
Set-MailboxRegionalConfiguration -Identity $UPN -TimeZone "W. Europe Standard Time" -DateFormat "dd.MM.yyyy" -TimeFormat "HH:mm" -Language "de-CH" -ErrorAction Stop
Set-MailboxCalendarConfiguration -Identity $UPN -WeekStartDay Monday -WorkDays Weekdays -WorkingHoursStartTime 08:00:00 -WorkingHoursEndTime 17:00:00 -WorkingHoursTimeZone "W. Europe Standard Time" -ShowWeekNumbers $True -ErrorAction Stop
In some cases there where this Error: "WorkHoursVersion1 is null"
While googling i found the Fix for that in my own Blog :)
How to fix "WorkHoursVersion1 is NULL"
https://blog.icewolf.ch/archive/2016/01/20/how-to-fix-workhoursversion1-is-null.aspx
Sadly i don't have any Screenhot. This one is an old...
Hi All,
Yesterday my Jabra Evolve 65 Headset broke down.
It had served me for several years. The leather Polster of the earprotection already ripped - but was fixed with glue.
Now it was time to order a new one. As i was happy with the Headset i ordered the same again.
It was delivered this morning. All that was left do do is charge the Battery and update the Firmware of the Headset and the Bluethooth Dongle.
Now i am back in Business
Regards
Andres Bohren
Hi All,
I write this Blog Article in Addition to the Exchange Online POP and IMAP OAUTH 2.0 Client Credentials Flow
https://blog.icewolf.ch/archive/2022/12/17/exchange-online-pop-and-imap-oauth-2-0-client-credentials.aspx
I tried out other ways of testing
First we need to get the Access Token
###############################################################################
# Get Access Token with MSAL
###############################################################################
Import-Module MSAL.PS
$AppID = "3bf0cf36-87bf-47a9-927b-0ef9df7cf146"
$TenantID = "icewolfch.onmicrosoft.com"
$ClientSecret = ConvertTo-SecureString "YourClientSecret" -AsPlainText -Force
$Scope = "https://outlook.office.com/.default"
Clear-MsalTokenCache
$Token = Get-MSALToken -ClientId $AppID -ClientSecret $ClientSecret -TenantId $TenantID -Scope $Scope
$AccessToken = $Token.AccessToken
You can decode your Access Token with https://jwt.ms/
Make sure you se the Roles POP.AccessAsApp or IMAP.AccessAsApp
Or use the JWTDetails Module and the command
Get-JWTDetails -token $AccessToken
It is explained that you need to use Base64 Encoding with Username and...
Hi All,
Just a few Hours ago, Microsoft has released Microsoft.Graph 2.0.0-preview2 PowerShell Modules to the PowerShell Gallery.
Microsoft.Graph 2.0.0-preview2
https://www.powershellgallery.com/packages/Microsoft.Graph/2.0.0-preview2
With the 2.x Version of the Module there has been changed a lot
Breaking Changes
Drops profile support (Select-MgProfile) in favor of independent v1.0 and beta modules.
Drops support for -ForceRefresh on Connect-MgGraph.
Renames beta command names from <Verb>-Mg<Noun> to <Verb>-MgBeta<Noun>.
Changes beta namespace from Microsoft.Graph.PowerShell.Models.<Entity> to Microsoft.Graph.Beta.PowerShell.Models.<Entity>.
Changes -AccessToken type on Connect-MgGraph from String to SecureString.
New Features and Improvements
Adds managed identity support.
...
Hi All,
Yesterday the ExchangeOnlineManagement 3.1.0-Preview2 PowerShell Module has been released to the PowerShell Gallery.
ExchangeOnlineManagement 3.1.0-Preview2
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.1.0-Preview2
A few REST API cmdlets in Exchange Online PowerShell have been updated with the experimental UseCustomRouting switch. This switch routes the command directly to the required Mailbox server, and might improve overall performance.
When you use the UseCustomRouting switch, you can use only the following values for identity of the mailbox:
User principal name (UPN)
Email address
Mailbox GUID
The UseCustomRouting switch is available only on the following REST API cmdlets in Exchange Online PowerShell:
Get-Clutter
...
Hi All,
Azure AD Dynamic Groups allows you to create Security Groups or M365 Groups/Teams that add Members based on Attributes. Like already known in Exchange with Dynamic Distribution Groups for a long time.
Create or update a dynamic group in Azure Active Directory
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-create-rule
Go to Azure AD and create a new Group. Select your group Type: Security or Microsoft 365 Group / Teams
Then select the Membership Type: Assigned, Dynamic User, Dynamic Device
Then select the Attributes for your Filter
Dynamic membership rules for groups in Azure Active Directory
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
In the "Validate Rules" you can add...
Hi All,
OAuth 2 Authentication for POP and IMAP was announced already back in June 2022 at the Exchange Team Blog.
Announcing OAuth 2.0 Client Credentials Flow support for POP and IMAP protocols in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-client-credentials-flow-support-for-pop-and/ba-p/3562963
There is a pretty decent Step-by-step Guide here. But there are some steps missing - that's why i have created a more detailed Guide.
Authenticate an IMAP, POP or SMTP connection using OAuth
https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#use-client-credentials-grant-flow-to-authenticate-imap-and-pop-connections
As a personal Opinion: I don't like this POP/IMAP approach. If you as a developer are able to change your existing Code for the Authentication and Token handling - you have already done 50%...
Hi All,
Ever needed to Block a Telephone Number in Microsoft Teams Enterprise Voice. Here is how that can be done.
Block inbound calls
https://learn.microsoft.com/en-us/microsoftteams/block-inbound-calls
Get-CsInboundBlockedNumberPattern
New-CsInboundBlockedNumberPattern -Name "BlockMobile-01" -Enabled $True -Description "BlockMobile-01" -Pattern "^\+?41796937148$"
Be aware, that it could take up to 24 Hours until that Number is blocked.
Then the Caller will hear only a busy Signal
Get-CsInboundBlockedNumberPattern
You can Test your pattern Matching with the following Commandlet
Test-CsInboundBlockedNumberPattern -PhoneNumber +41796937148
Test-CsInboundBlockedNumberPattern -PhoneNumber 0796937148
Test-CsInboundBlockedNumberPattern -PhoneNumber 796937148
Remove-CsInboundBlockedNumberPattern -Identity BlockMobile-01
Get-CsInboundBlockedNumberPattern
Regards
Andres Bohren
Hi All,
Recently i noticed the "Quicksteps" in Outlook on the Web in Exchange Online.
Don't konw how long they are already there - found nothing about that in the Message Center nor the M365 Roadmap.
It seems that the Quicksteps in Outlook on the Web are completly independent from the Quicksteps in Outlook for Windows.
If you click on Quicksteps you come to the OWA Settings where you can configure a new Quckstep
I've created one to move Mails into a specific Folder
That's how it looks like afterwards
If you have Regular Tasks to do, it's easy to set up a Quickstep, that doees all...
Hi All,
A few hours ago, Microsoft has released a new Version of the Microsoft.Graph PowerShell Module.
Microsoft.Graph 1.19.0
https://www.powershellgallery.com/packages/Microsoft.Graph/1.19.0
Microsoft.Graph 1.19.0 Release Notes
https://github.com/microsoftgraph/msgraph-sdk-powershell/releases
Let's check the installed Version and what's available on the PowerShell Gallery
Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph
To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
To list the Modules you can use the following Command
Get-Module Microsoft.Graph* -ListAvailable
Regards
Andres Bohren
Hi All,
Yesterday PowerShell 7.3.1 has been released
v7.3.1 Release of PowerShell
https://github.com/PowerShell/PowerShell/releases/tag/v7.3.1
When you start PowerShell 7 you will see a notice
I have downloaded the x64 *.msi and these are the Screenshots from the Installation.
I always enable "Enable PowerShell remoting" wich is not enabled by default.
Get-Host
Regards
Andres Bohren
Hi All,
Last Night was Microsoft Patchday and i saw, that a new Version of Azure File Sync Agent was available on Windows Update.
I did not install it via Windows Update for the purpose of this Blog Post.
In Azure Portal under Storage Sync Service you can see that the current Version of the Agent is 15.0
I downloaded the new Version of the File Sync Agent - but that was a fail
https://www.microsoft.com/en-us/download/details.aspx?id=57159
You can not update the File Sync Agent with that *.msi
Instead, you have to download the according cab to your OS Version
https://www.catalog.update.microsoft.com/Search.aspx?q=5013875
Extract the *.msp File
According to the Article below, that's how...
Hi All,
Three days ago, Microsoft has released a new Version of the MSIdentityTools PowerShell Module.
Just two days after the 2.0.30 release - which is no longer available in the PowerShell Gallery.
It's hard to tell what the reasons are. No clear Indication on the Project Site nor the Issues.
MSIdentityTools 2.0.31
https://www.powershellgallery.com/packages/MSIdentityTools/2.0.31
Check what module is installed and what Module is available from the PowerShell Gallery
Get-InstalledModule MSIdentityTools
Find-Module MSIdentityTools
Uninstall the old version of the PowerShell Module and install the newest one
Uninstall-Module MSIdentityTools
Install-Module MSIdentityTools
Get-InstalledModule MSIdentityTools
To see what commands are available use the following command
Get-Command -Module MSIdentityTools
Regards
Andres Bohren
Hi All,
Just a few days ago Microsoft has released PowerToys v0.65.0. As always, there are a plenty of news. The most exiting is that it's now built wit .NET 7.
PowerToysRelease v0.65.0
https://github.com/microsoft/PowerToys/releases
As it's built with .NET 7 it installs the Desktop Runtime
Here you go - PowerToys v0.65.0 is installed
Regards
Andres Bohren
Hi All,
Just a few Hours ago, Microsoft has released a new Version of the MSIdentityTools PowerShell Module.
MSIdentityTools 2.0.30
https://www.powershellgallery.com/packages/MSidentityTools/2.0.30
Check what module is installed and what Module is available from the PowerShell Gallery
Get-InstalledModule MSIdentityTools
Find-Module MSIdentityTools
Uninstall the old version of the PowerShell Module and install the newest one
Uninstall-Module MSIdentityTools
Install-Module MSIdentityTools
Get-InstalledModule MSIdentityTools
To see what commands are available use the following command
Get-Command -Module MSIdentityTools
Regards
Andres Bohren
Hi All,
Just a few Hours ago, Microsoft has released the AZ PowerShell Module 9.2.0.
Az 9.2.0
https://www.powershellgallery.com/packages/az/9.2.0
Az 9.2.0 Release Notes
https://github.com/Azure/azure-powershell/releases/tag/v9.2.0-December2022
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ -AllVersions
Find-Module AZ
To uninstall all the old Modules and install the new Modules i have written a PowerShell Script that is published at my GitHub Repo.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
Just a few Hours ago, Microsoft has released the ExchangeOnlineManagement 3.1.0-Previe1 PowerShell Module.
ExchangeOnlineManagement 3.1.0-Preview1
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.1.0-Preview1
Whats new in this release:
v3.1.0-Preview1 :
1. Support for providing an Access Token with Connect-ExchangeOnline.
2. Bug fixes in Connect-ExchangeOnline and Get-ConnectionInformation.
Check what Version is installed and what's available from the PowerShell Gallery
Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement -AllowPrerelease
Uninstall the old Module and install the Preview Module
Uninstall-Module ExchangeOnlineManagement -Force
Install-Module ExchangeOnlineManagement -AllowPrerelease
Get-InstalledModule ExchangeOnlineManagement
Testing. Still see sometimes these errors
Connect-ExchangeOnline
Mostly thats fixed with restarting the PowerShell
Connect-ExchangeOnline
Get-ConnetionInformation
Regards
Andres Bohren
Hi All,
In this Blog Post i explain you how to create an Azure AD App Registration with the Microsoft.Graph PowerShell.
You need to have the Azure Active Directory Role "Application Administrator" or "Application Developer".
By the way. All the Code is used here is also on my GitHub Repo
https://github.com/BohrenAn/GitHub_PowerShellScripts/blob/main/AzureAD/CreateAADApp-MgGraph.ps1
#Import Module
Import-Module Microsoft.Graph.Authentication
Import-Module Microsoft.Graph.Applications
###############################################################################
#Connect-MgGraph
#Connect to your Azure Active Directory with "Application Adminstrator" or "Global Administrator" Role
###############################################################################
Connect-MgGraph -Scopes "Application.Read.All","Application.ReadWrite.All","User.Read.All"
Get-MgContext
That's the User Approval when you sign in to Microsoft Graph with these Scopes
###############################################################################
#Create AAD Application
###############################################################################
$AppName = "DemoApp"
$App = New-MgApplication -DisplayName $AppName
$APPObjectID = $App.Id
###############################################################################
#List Applications
###############################################################################
Get-MgApplication -ApplicationId $APPObjectID
List all the Details of an Application
Get-MgApplication | Where-Object {$_.DisplayName...
Hi All,
A few hours ago, Microsoft has released a new Version of the Microsoft.Graph PowerShell Module.
Apparently it covers the latest API version and Help as well as a minor fix.
Microsoft.Graph 1.18.0
https://www.powershellgallery.com/packages/Microsoft.Graph/1.18.0
1.18.0 Release Notes
https://github.com/microsoftgraph/msgraph-sdk-powershell/releases
Let's check the installed Version and what's available on the PowerShell Gallery
Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph
To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
To list the Modules you can use the following Command
Get-Module Microsoft.Graph* -ListAvailable
Regards
Andres Bohren