Exchange Online

EXO – Exchange Online

0

Azure Communication Service Email – MX Record Required

Posted on by Rhoderick Milne [MSFT]
Azure Communication Service Email - MX Required

Azure Communication Services (ACS) can be used to send high volume outbound email to Internet recipients, represents an important shift in Microsoft’s messaging architecture. As organizations modernised their cloud communications to Exchange Online (EXO) many of them just kept doing what they were doing with Exchange on-premises, i.e. using that as a bulk mailer to send out high volume email inter… Read the rest “Azure Communication Service Email – MX Record Required”

0

SPF Record Fun

Posted on by Rhoderick Milne [MSFT]
SPF Record Structure

Sender Policy Framework (SPF) is a fundamental component of modern e-mail authentication, designed to reduce the risk of spoofing and phishing attacks. By publishing a DNS record that specifies which mail servers are authorised to send messages on behalf of a domain, SPF allows receiving systems to validate whether an incoming message genuinely originates from the claimed sender. SPF alone does no… Read the rest “SPF Record Fun”

0

Lab–Move Exchange Server To New Tenant

Posted on by Rhoderick Milne [MSFT]

Moving a deployed Exchange hybrid environment to a brand new tenant is not something that is typically done.  In all of the years that I've worked with customers on hybrid, a second hand is not needed to count those instances.  The biggest reason for customers doing it was they did not like the tenant name, and wanted to change it.

In this case it was becase the tenant was being forcibly removed du… Read the rest “Lab–Move Exchange Server To New Tenant”

0

Tenant Hydration – Still A Thing

Posted on by Rhoderick Milne [MSFT]
Exchange HCW - Tenant Hydration Issue

Almost 10 years ago I ran into a customer deployment where they were unable to run some of the Exchange PowerShell commands.  Funnily enough, this bubbled up the other week.

As a recap, tenants are created in a dehydrated state to minimise resouce consumption.  That means they can not be customised things like Role Based Access Control (RBAC) assignments are read-only and can not be customised.  Th… Read the rest “Tenant Hydration – Still A Thing”

4

Unable To Install or Launch Exchange HCW

Posted on by Rhoderick Milne [MSFT]
Unable To Launch Exchange Hybrid Configuration Wizard

You want to run the Exchange Hybrid Configuration Wizard (HCW) and after clicking the link to the HCW in the admin portal or manually browsing to the shortcut URL you are unable to either launch or install the HCW.  Despite using Edge, the HCW application just does not install and/or launch.  All you get is the initial prompt to open the file and nothing else.

For example, if we go to the shortcut … Read the rest “Unable To Install or Launch Exchange HCW”

1

Enable DMARC For OnMicrosoft.com Domains

Posted on by Rhoderick Milne [MSFT]
DMARC Record For onmicrosoft.com Domain

It is possible to add a Domain Based Message Authentication Reporting and Conformance (DMARC) record for your onmicrosoft.com domain in M365.

Is that a good thing?

Well, your viewpoint may depend on your experiences with this domain.  If you actually use the onmicrosoft.com domain to send email, then yes!  Adding the DMARC record enables the DMARC alignment check to pass and the mail to be successfu… Read the rest “Enable DMARC For OnMicrosoft.com Domains”

0

Configure On-Premises Exchange For EOP Spam Thresholds

Posted on by Rhoderick Milne [MSFT]
Exchange Online Anti Spam Threshold

A common issue when deploying Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) with on-premises Exchange is making Exchange aware of the EOP spam filtering.  This is because EOP uses slightly different logic to stamp the spam results etc. into the message.  Exchange Server needs to be aware of this so that it can take action upon those settings.

On-Premises Spam Confiden

Read the rest “Configure On-Premises Exchange For EOP Spam Thresholds”
0

How to Use NsLookup To Check DKIM Record

Posted on by Rhoderick Milne [MSFT]
Check DMARC DNS Record Using NSLookUP

There are a multitude of online tools that help diagnose issues with various mail services, but understanding what these tools actually check is valuable.  One example is around manually checking published DomainKeys Identified Mail (DKIM) records.  DKIM is described in RFC 4871.  As an interesting piece of history DKIM went through a previous iteration "Domain-Based Email Authentication Using Pub… Read the rest “How to Use NsLookup To Check DKIM Record”

0

Migrate Safe Links Block Settings to TABL

Posted on by Rhoderick Milne [MSFT]
Migration of MDO Global Block List to TABL

Note that there have been changes to Safe Links policy for Microsoft Defender for Office 365 (MDO).

Previously you could add URLs to the Safe Links policy to control how MDO would process the URLs.  As part of this change the URL blocking is moving to the Tenant Allow Block List (TABL).

Below is a screenshot showing that a previously entered URL needs to be migrated to TABL.

 

Migration of MDO Global Block List to TABL

Learn more

 

&nb… Read the rest “Migrate Safe Links Block Settings to TABL”

0

Microsoft Teams Voicemail Headers–April 2022

Posted on by Rhoderick Milne [MSFT]
Voice Mail

Working with a customer’s security team, it was noted that some messages were set to SCL –1 and this was not initially expected.  We were paying particular attention to the SCL value as work was being done to clean up old EOP configuration that was bypassing protection.

  • Two examples are shown below
    EXO mailbox to demonstrate simple delivery, this is the Kim Akers mailbox
  • Exchange 2016 on-premises mai
Read the rest “Microsoft Teams Voicemail Headers–April 2022”