blog.icewolf.ch

Let's talk about IT!
posts - 2080, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Exchange

Messaging, Exchange, SMTP
Microsoft 365 Defender "Restricted Users" now called "Restricted Entities"

Hi All, In Microsoft 365 Defender "Restricted Users" now called "Restricted Entities", because it can also detect and create an alarm for a compromised Connector https://security.microsoft.com/restrictedentities Respond to a compromised connector https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/respond-compromised-connector?view=o365-worldwide Regards Andres Bohren

posted @ Sunday, June 26, 2022 11:42 PM | Filed Under [ Exchange ]

Exchange Cumulative Update Error Expired Certificate

Good Morning, I've had a customer that encountered the Error below during Exchange 2016 CU23 installation. Error: The following error was generated when "$error.Clear(); Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true) { Install-AuthCertificate -DomainController $RoleDomainController } " was run: "System.Security.Cryptography.CryptographicException: The certificate is expired. at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl) at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord() at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1() at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)". It was obvious that a Certificate had expired. We've recreated a new CSR with FQDN and Hostname and installed the Certificate on the Server. Still the Setup failed at the exact same point. The Solution was to delete the expired Certificate from the Local Machine...

posted @ Thursday, June 23, 2022 7:40 AM | Filed Under [ Exchange ]

Calendar Availability (Free/Busy) Requests with Microsoft Graph

Hi All, I recently had a customer that wanted to write an Application to read the Availability (Free/Busy) from the Calendars of theyr users.Here is how you can do that with Microsoft Graph. First you need an Application in Azure Active Directory with an AppID / ClientID Then you need to be able to Authenticate. I usually use a Certificate for that purpose. As for the Permissions, the Application needs the following: App needs Application Permissions: - Calendars.Read (Only for the Mailbox where you make the Requests from - Limit with ApplicationAccessPolicy) - Schedule.Read.All Now we need to Limit the Calendars.Read to the Mailbox where the Availability Requests...

posted @ Monday, June 6, 2022 8:47 AM | Filed Under [ Exchange PowerShell ]

Exchange Online: How to fix the "Get-Place" Error

Hi All, Since a few weeks i had a strange behavior with the "Get-Place" command. I knew it has worked before. I did get an Error only on a newly created CloudOnly Mailbox it worked. Get-Mailbox -RecipientTypeDetails RoomMailbox Get-Mailbox -RecipientTypeDetails RoomMailbox | Get-Place With the ExchangeOnlineManagement 2.0.6 Preview6 Module it worked perfectly fine I did open a Microsoft Case and the support guided me to Microsoft Graph GET https://graph.microsoft.com/v1.0/places/microsoft.graph.room Normal 0 21 false false false DE-CH X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Normale Tabelle"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman",serif;} To get a specific Mailbox use this URL GET https://graph.microsoft.com/v1.0/places/SitzungszimmerJungfrau@icewolf.ch That is a sycronized Account with Azure Active Directory connect. And the "country/region" is selected from the Dropdown. So i did the...

posted @ Saturday, June 4, 2022 11:01 AM | Filed Under [ Exchange ]

Recipient Management without Exchange Server behind the Scenes

Hi All, I was digging a little bit deeper into the Recipient Management without Exchange Server. I've already blogged about it how to install the Managment Tools only fo install the Recipient Management PowerShell Install and use Exchange 2019 CU12 Recipient Management PowerShell https://blog.icewolf.ch/archive/2022/04/27/install-and-use-exchange-2019-cu12-recipient-management-powershell.aspx Add-PSSnapin *RecipientManagement Get-PSSnapin As you can see on the Server the Exchange Server 2019 CU12 is installed (Management Tools only) I found the References of the PowerShell Snapins in the Registry here: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapins I had a look at the DLL "Microsoft.Exchange.PowerShell.Configuration.dll" with ILSpy. As you can see there are many dependencys to other DLL's in the C:\Program Files\Microsoft\Exchange Server\V15\Bin Directory Then i have installed the Security Update...

posted @ Tuesday, May 31, 2022 10:41 AM | Filed Under [ Exchange PowerShell ]

Exchange Online Reply-all storm Protection

Hi All, A Month ago, Microsoft annouced in the Exchange Team Blog, the New Reply-all Storm Protection Report, Settings UI and new Mail flow Alert Policies. New Reply-all Storm Protection Report, Settings UI, and Alert Policy https://techcommunity.microsoft.com/t5/exchange-team-blog/new-reply-all-storm-protection-report-settings-ui-and-alert/ba-p/3292465 In the new Exchange Admin Center https://admin.exchange.microsoft.com you can find the Reply-all Storm Settings unter Settings > Mail flow These Settings can also be configured by PowerShell. Keep in Mind, that the Minimum Recipients must be between 1000 and 5000. A good Number for large Enterprises but not very suitable if you're a smaller Company with 100 up to 1000 Employees. Get-TransportConfig | fl *storm* Now there is also a Report...

posted @ Thursday, May 26, 2022 6:55 AM | Filed Under [ Exchange ]

Tested ExchangeOnlineManagement Preview 6 PowerShell Module

Hi All, I've tried out the ExchangeOnlineManagement Preview6 PowerShell Module ExchangeOnlineManagement 2.0.6-Preview6 https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.6-Preview6 Get-InstalledModule ExchangeOnlineManagement Find-Module ExchangeOnlineManagement Installing the Module Side by Side Install-Module ExchangeOnlineManagement -AllowPrerelease -Force Connect-ExchangeOnline As you can see, there is no PS Session Get-PSSession Get-Mailbox -Identity a.bohren@icewolf.ch | fl Name Get-EXOMailbox -Identity a.bohren@icewolf.ch | fl Name If you check the Commands it seems pretty complete Get-Module Get-Command -Module ExchangeOnlineManagement | measure Get-Command -Module tmpEXO* | measure Or you still can connect with the Remote PowerShell Session Connect-ExchangeOnline -UseRPSSession:$true Get-PSSession Get-PSSession | fl Get-Module Get-Command -Module tmp* | measure I have also testet, if the Issue with the Tenant Allow / Block List also exists in the Preview 6 - and yes it does https://blog.icewolf.ch/archive/2022/05/24/exchange-online-tenant-allowblock-list-does-not-work-when-connected.aspx Connect-IPPSSession Get-TenantAllowBlockListItems -ListType Url -Block Get-TenantAllowBlockListItems -ListType Url -ListSubType...

posted @ Wednesday, May 25, 2022 7:31 AM | Filed Under [ Exchange ]

Exchange Online Tenant Allow/Block List does not work when connected to Security & Compliance

Hi All, Recently i stumbled over a funny Error. When query the Get-TenantAllowBlockListItems all looks fine until you connect to Security and Compliance (Connect-IPPSession). You will then see even Watson Error Messages 😂 I am using ExchangeOnlineManagement PowerShell Module Version 2.0.5. Had a Case open: 30305990 - The Engineering Team is now aware. And will hopefully fix it in a future Version of the PowerShell Module. Manage the Tenant Allow/Block List https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide Connect-ExchangeOnline Get-TenantAllowBlockListItems -ListType Url -Block Get-TenantAllowBlockListItems -ListType Url -ListSubType AdvancedDelivery Connect-IPPSSession Get-TenantAllowBlockListItems -ListType Url -Block Get-TenantAllowBlockListItems -ListType Url -ListSubType AdvancedDelivery To fix it simply run: Disconnect-ExchangeOnline Connect-ExchangeOnline Regards Andres Bohren

posted @ Tuesday, May 24, 2022 9:51 PM | Filed Under [ Exchange ]

Exchange Online Mail flow Alert policies

Hi All, Maybe you have noticed the new Mail flow Alert policies in Exchange Admin Center. You can define new Alert policies, define the Severity, the Insight, the recipient, the Notification Limit and sometimes also the Threshold for the Alert. For me it's a little bit odd to send an Email in case something does not work well with the Mailflow. It could be that you get the Email very late or even when the issue is already resolved. As far as i know there is still no dedicated API to get to Informations like these... Let me know if i am wrong. Alert policies...

posted @ Tuesday, May 24, 2022 4:53 PM | Filed Under [ Exchange PowerShell System Management ]

One Outlook has been leaked

Hi All, Microsoft works since a while at "One Outlook", a simplified Outlook Client based on OWA. There has been a leak from an early Version and i've downloaded and installed it. The Setup is very short and after a few seconds you are promted with a Login Dialog. There is an Option for Import (but i skipped it) That's how it looks like If you want to block the Login with the new Client you can do that with the following Exchange Online cmdlet Get-CASMailbox -Identity a.bohren@icewolf.ch | fl *enabled*, *disabled* Set-CASMailbox -Identity a.bohren@icewolf.ch -OneWinNativeOutlookEnabled $False After that OneOutlook can't be used. One Outlook is based on OPX (OWA...

posted @ Tuesday, May 17, 2022 1:08 PM | Filed Under [ Exchange ]

Full Exchange Archive

Powered by:
Powered By Subtext Powered By ASP.NET