Exchange
Messaging, Exchange, SMTP
Hi All,
In Microsoft 365 Defender "Restricted Users" now called "Restricted Entities", because it can also detect and create an alarm for a compromised Connector
https://security.microsoft.com/restrictedentities
Respond to a compromised connector
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/respond-compromised-connector?view=o365-worldwide
Regards
Andres Bohren
Good Morning,
I've had a customer that encountered the Error below during Exchange 2016 CU23 installation.
Error:
The following error was generated when "$error.Clear();
Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
{
Install-AuthCertificate -DomainController $RoleDomainController
}
" was run: "System.Security.Cryptography.CryptographicException: The certificate is expired.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
It was obvious that a Certificate had expired.
We've recreated a new CSR with FQDN and Hostname and installed the Certificate on the Server. Still the Setup failed at the exact same point.
The Solution was to delete the expired Certificate from the Local Machine...
Hi All,
I recently had a customer that wanted to write an Application to read the Availability (Free/Busy) from the Calendars of theyr users.Here is how you can do that with Microsoft Graph.
First you need an Application in Azure Active Directory with an AppID / ClientID
Then you need to be able to Authenticate. I usually use a Certificate for that purpose.
As for the Permissions, the Application needs the following:
App needs Application Permissions:
- Calendars.Read (Only for the Mailbox where you make the Requests from - Limit with ApplicationAccessPolicy)
- Schedule.Read.All
Now we need to Limit the Calendars.Read to the Mailbox where the Availability Requests...
Hi All,
Since a few weeks i had a strange behavior with the "Get-Place" command. I knew it has worked before.
I did get an Error only on a newly created CloudOnly Mailbox it worked.
Get-Mailbox -RecipientTypeDetails RoomMailbox
Get-Mailbox -RecipientTypeDetails RoomMailbox | Get-Place
With the ExchangeOnlineManagement 2.0.6 Preview6 Module it worked perfectly fine
I did open a Microsoft Case and the support guided me to Microsoft Graph
GET https://graph.microsoft.com/v1.0/places/microsoft.graph.room
Normal
0
21
false
false
false
DE-CH
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
To get a specific Mailbox use this URL
GET https://graph.microsoft.com/v1.0/places/SitzungszimmerJungfrau@icewolf.ch
That is a sycronized Account with Azure Active Directory connect. And the "country/region" is selected from the Dropdown.
So i did the...
Hi All,
I was digging a little bit deeper into the Recipient Management without Exchange Server. I've already blogged about it how to install the Managment Tools only fo install the Recipient Management PowerShell
Install and use Exchange 2019 CU12 Recipient Management PowerShell
https://blog.icewolf.ch/archive/2022/04/27/install-and-use-exchange-2019-cu12-recipient-management-powershell.aspx
Add-PSSnapin *RecipientManagement
Get-PSSnapin
As you can see on the Server the Exchange Server 2019 CU12 is installed (Management Tools only)
I found the References of the PowerShell Snapins in the Registry here:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapins
I had a look at the DLL "Microsoft.Exchange.PowerShell.Configuration.dll" with ILSpy.
As you can see there are many dependencys to other DLL's in the C:\Program Files\Microsoft\Exchange Server\V15\Bin Directory
Then i have installed the Security Update...
Hi All,
A Month ago, Microsoft annouced in the Exchange Team Blog, the New Reply-all Storm Protection Report, Settings UI and new Mail flow Alert Policies.
New Reply-all Storm Protection Report, Settings UI, and Alert Policy
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-reply-all-storm-protection-report-settings-ui-and-alert/ba-p/3292465
In the new Exchange Admin Center https://admin.exchange.microsoft.com you can find the Reply-all Storm Settings unter Settings > Mail flow
These Settings can also be configured by PowerShell.
Keep in Mind, that the Minimum Recipients must be between 1000 and 5000. A good Number for large Enterprises but not very suitable if you're a smaller Company with 100 up to 1000 Employees.
Get-TransportConfig | fl *storm*
Now there is also a Report...
Hi All,
I've tried out the ExchangeOnlineManagement Preview6 PowerShell Module
ExchangeOnlineManagement 2.0.6-Preview6
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.6-Preview6
Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement
Installing the Module Side by Side
Install-Module ExchangeOnlineManagement -AllowPrerelease -Force
Connect-ExchangeOnline
As you can see, there is no PS Session
Get-PSSession
Get-Mailbox -Identity a.bohren@icewolf.ch | fl Name
Get-EXOMailbox -Identity a.bohren@icewolf.ch | fl Name
If you check the Commands it seems pretty complete
Get-Module
Get-Command -Module ExchangeOnlineManagement | measure
Get-Command -Module tmpEXO* | measure
Or you still can connect with the Remote PowerShell Session
Connect-ExchangeOnline -UseRPSSession:$true
Get-PSSession
Get-PSSession | fl
Get-Module
Get-Command -Module tmp* | measure
I have also testet, if the Issue with the Tenant Allow / Block List also exists in the Preview 6 - and yes it does
https://blog.icewolf.ch/archive/2022/05/24/exchange-online-tenant-allowblock-list-does-not-work-when-connected.aspx
Connect-IPPSSession
Get-TenantAllowBlockListItems -ListType Url -Block
Get-TenantAllowBlockListItems -ListType Url -ListSubType...
Hi All,
Recently i stumbled over a funny Error.
When query the Get-TenantAllowBlockListItems all looks fine until you connect to Security and Compliance (Connect-IPPSession). You will then see even Watson Error Messages 😂
I am using ExchangeOnlineManagement PowerShell Module Version 2.0.5.
Had a Case open: 30305990 - The Engineering Team is now aware. And will hopefully fix it in a future Version of the PowerShell Module.
Manage the Tenant Allow/Block List
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide
Connect-ExchangeOnline
Get-TenantAllowBlockListItems -ListType Url -Block
Get-TenantAllowBlockListItems -ListType Url -ListSubType AdvancedDelivery
Connect-IPPSSession
Get-TenantAllowBlockListItems -ListType Url -Block
Get-TenantAllowBlockListItems -ListType Url -ListSubType AdvancedDelivery
To fix it simply run:
Disconnect-ExchangeOnline
Connect-ExchangeOnline
Regards
Andres Bohren
Hi All,
Maybe you have noticed the new Mail flow Alert policies in Exchange Admin Center.
You can define new Alert policies, define the Severity, the Insight, the recipient, the Notification Limit and sometimes also the Threshold for the Alert.
For me it's a little bit odd to send an Email in case something does not work well with the Mailflow.
It could be that you get the Email very late or even when the issue is already resolved. As far as i know there is still no dedicated API to get to Informations like these... Let me know if i am wrong.
Alert policies...
Hi All,
Microsoft works since a while at "One Outlook", a simplified Outlook Client based on OWA.
There has been a leak from an early Version and i've downloaded and installed it.
The Setup is very short and after a few seconds you are promted with a Login Dialog.
There is an Option for Import (but i skipped it)
That's how it looks like
If you want to block the Login with the new Client you can do that with the following Exchange Online cmdlet
Get-CASMailbox -Identity a.bohren@icewolf.ch | fl *enabled*, *disabled*
Set-CASMailbox -Identity a.bohren@icewolf.ch -OneWinNativeOutlookEnabled $False
After that OneOutlook can't be used.
One Outlook is based on OPX (OWA...
Full Exchange Archive