Category Archives: Exchange Server

Modify Recoverable Items Folder – RetainDeletedItemsFor

Once you delete items from Outlook or have retention policies delete the data, it will end up in the Recoverable Items Folder. This post will detail how to check for and modify the time in which that data sits in the Recoverable Items Folder, before it’s purged from Exchange Online.

Chances are if you are reading this you know what the Recoverable Items Folder is and you know why you want to change the default time for the folder. Please be careful and be knowledgeable about how and what you are modifying here.  If you are unsure about the Recoverable Items Folder, please view the Microsoft TechNet article below. Consider this as your warning.

https://technet.microsoft.com/en-us/library/ee364755(v=exchg.150).aspx

 

Per Microsoft:

To protect from accidental or malicious deletion and to facilitate discovery efforts commonly undertaken before or during litigation or investigations, Microsoft Exchange Server 2013 and Exchange Online use the Recoverable Items folder. The Recoverable Items folder replaces the feature that was known as the dumpster in earlier versions of Exchange. The Recoverable Items folder is used by the following Exchange features:

  • Deleted item retention
  • Single item recovery
  • In-Place Hold
  • Litigation Hold
  • Mailbox audit logging
  • Calendar logging

 

This BLOG post will walk through the steps of setting the RetainDeletedItemsFor value for both the Mailbox and the Mailbox Plan in Office 365 (Exchange Online). The Microsoft default value for this setting is 14 days. The value is modified with PowerShell connection to Exchange Online. One thing to note is that if you have changed the default value on premise, you will also have to set the same value in Exchange Online as the mailbox you are moving to Exchange Online will get the value from Exchange Online.

 

View the current MailboxPlan settings in Exchange Online

Get-MailboxPlan |ft Name,RetainDeletedItemsFor

 

View the current setting per mailbox in Exchange Online

Get-Mailbox -Identity User.Name | fl Identity,RetainDeletedItemsFor

 

View the current setting all Mailboxes in Exchange Online

Get-Mailbox | fl Identity,RetainDeletedItemsFor

Note that some of the names have been blacked out for security purposes. Yes, people try to hack the users in my blog posts, even though I only use them once and they are deleted after.


 

Changing the Default Values

The value can be changed per mailbox or for the whole mailbox plan. Per mailbox is just as it sounds, it’s only for that one mailbox. Per mailbox plan will catch all the newly created mailboxes (including those migrated). It’s important to note that if you modify the setting after mailboxes have been created or migrated to Exchange Online, you will have to modify the value on those mailboxes as well as the mailbox plan. Basically after modifying the mailbox plan, all new mailboxes will get the new setting, while existing mailboxes will have to be updated.

 

The default value is set to 14 days. The max value that you can set is 30 days.

 

Change the current setting for the MailboxPlan in Exchange Online

Get-MailboxPlan | Set-MailboxPlan -RetainDeletedItemsFor XX

The screen shot below shows the command to change the setting, followed by the command to verify.

 

Change the current setting per mailbox

Set-Mailbox –Identity username@domain.com -RetainDeletedItemsFor XX

The screen shot below shows the command to change the setting, followed by the command to verify.

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Setup and Enable Office 365 Message Encryption

thThe process to setup and enable Office 365 Message Encryption is really easy. There are three main steps that need to be followed

  1. Activate Azure Rights Management
  2. Setup Azure Rights Management for Exchange Online
  3. Setup transport rules to enforce message encryption in Exchange Online

 

The following Microsoft TechNet article details the process, I have a step-by-step below.

https://technet.microsoft.com/en-us/library/dn569291.aspx

 

Office 365 Message Encryption Mail Flow

 

 

Activate Azure Rights Management for Office 365 Message Encryption

 

Login to Microsoft Online Portal with a Global Admin Account

Open the App Launcher (waffle)

Select Admin

 

Select SERVICE SETTINGS from the left pane

Click Rights Management

 

From within RIGHTS MANAGEMENT click Manage

 

 

You’ll be redirected to the management page

Click Activate

Click Activate again on the popup asking if you are sure you want to activate Rights Management

 

 

Set up Azure Rights Management for Office 365 Message Encryption

 

Connect to Exchange Online with PowerShell

Open PowerShell as Administrator

Enter the following commands to connect and import the session

  • Set-ExecutionPolicy RemoteSigned

     

  • $cred = Get-Credential

     

  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection

 

  • Import-PSSession $Session

 


 

Verify your IRM isn’t configured already

  • Get-IRMConfiguration

 

Configure RMS with the online key-sharing location for Exchange Online with PowerShell (locations below). For my example I am using North America, but the table below shows all the locations

 

Location

RMS key sharing location

North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1

 

Import the Trusted Publishing Domain (TPD) from RMS Online

  • Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

 

Verify successful setup of IRM in Exchange Online

  • Test-IRMConfiguration –sender admin@domain.com

 

Disable IRM templates in OWA and Outlook

  • Set-IRMConfiguration -ClientAccessServerEnabled $false

 

Enable IRM for Office 365 Message Encryption

  • Set-IRMConfiguration -InternalLicensingEnabled $true


*Note – You shouldn’t see that warning, but if you do it’s safe to ignore. I got it because I ran the command and forgot to grab the screen shot before clearing the screen, thus I had to run the command again.

 

View the IRM Configuration

  • Get-IRMConfiguration


 

Create Transport Rules to Encrypt Messages

Open the Office 365 Admin Portal (https://portal.microsoftonline.com)

Open Exchange Admin Center


 

Click Mail Flow


 

 

Click the + and create your transport rule. I have created two simple rules.

This rule will encrypt anything that is sent external with an attachment larger than 1MB


This rule will encrypt the email if the word ‘Encrypt’ is in the subject line of the email. This will give the users (once trained) the flexibility to encrypt emails they deem sensitive.


 

Make sure the rules are active and test


 

 

Testing that the transport rule apply Office 365 Message Encryption

Testing Transport Rule 1


 

Testing Transport Rule 2


 

 

When the user gets the email, this is how its presented to them


 One thing to note is that after you go through the setup process, it may take some time to replicate across the Microsoft back end servers. So if you test and it doesn’t work, give it some more time. I have see this process take up to 2 hours to replicate.

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Exchange 2007 Cutover Migration to the NEW Office 365

I covered this topic in a BLOG post for MS Press. Please click the link below and you will be re-directed there.

From the MVPs: Exchange 2007 Cutover Migration to the NEW Office 365

 

Complete Series:

Getting to know the NEW Office 365

  1. Does Microsoft have FREE training for the NEW Office 365?
  2. Signing up for the NEW Office 365
  3. Adding and Verifying a Domain for the NEW Office 365
  4. Creating Cloud Users for the NEW Office 365
  5. Configuring Desktops for the NEW Office 365
  6. Exchange 2003 Cutover Migration to the NEW Office 365
  7. Exchange 2007 Cutover Migration to the NEW Office 365
  8. Setting up AD FS and Enabling Single Sign-On to the NEW Office 365
  9. Setting up AD FS Proxy Servers for Single Sign-On to the NEW Office 365
  10. Setting up Directory Synchronization with the NEW Office 365
  11. Activating and Licensing a Synchronized User in the NEW Office 365
  12. Testing Single Sign-on to the NEW Office 365
  13. Making the Single Sign-On Solution Highly Available
  14. Exchange Hybrid Deployment with the NEW Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

SMTP Relay with Office 365

Microsoft has a few options depending on how you want to use Office 365 to relay your email.

https://technet.microsoft.com/en-us/library/dn554323(v=exchg.150).aspx

  1. Authenticate a device/application and send email using an Office 365 mailbox
  2. Send mail directly from an application/printer
  3. Office 365 SMTP relay service

Use this KB from Microsoft to configure an SMTP relay in Office 365.

https://technet.microsoft.com/en-us/library/dn554323(v=exchg.150).aspx#configconnector

 

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN

Adding External Contacts to a Distribution Group – Office 365

First, use this post to add the External Contacts. Adding Exteral Contacts to Exchange Online

If you need to create the Distribution List, use this post Creating a Distribution Group in Office 365 – Exchange Online

Follow the steps below to add the external contact to a Distribution Group.

Login to the Office 365 Admin Center

Click the App Launcher (top left corner)

Click Admin


Open Exchange Admin Center


Click Recipients

Click Groups

Select the Distribution Group

Click the Edit Pencil (A new window will open)

Select Membership

Click (A new window will open)

Double click the contact or select the external contact and click add ->

Click OK

The contact will now be in the list of members

Click Save

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Creating a Distribution Group in Office 365 – Exchange Online

A Distribution Group (DG) is a group that contains two or more people, has an email address and appears in the Global Address List (GAL) for your company. Internal and External users can send emails to the DG and it will go to all members of the DG. Distribution Groups are easy to create and manage, follow the steps below to create a new Distribution Group.

Login to the Office 365 Admin Center

Click the App Launcher (top left corner)

Click Admin


Open Exchange Admin Center


Click Recipients (1)

Click Groups (2)

Click + (3)

Click Distribution Group (4) (a new window will pop open)

Enter a Display Name (5)

Enter an Alias (6)

Enter the name for the Email Address (7)

Select the SMTP domain (if you have more than one registered in your tenant) (8)

Add Notes (9)

Select the DG owner (this person will be able to manage member of a DG) (9)

Select the DG members (these are the people that email will be sent to) (10)

Select whether owner approval is required to join the group (11)

Select whether owner approval is required to leave the group (12)

Click Save (13)

Modify the Distribution Group so that External Senders can use it (if required)

Select the Distribution Group

Click the Edit Pencil (A new window will open)

Select Delivery Management

Choose the option required for the Distribution Group. If you want to restrict external senders to specific people, then add them to the list.

Click Save

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Create a Shared Mailbox from an Existing Synced User Account

The benefits of using the process is that it will allow you to have Shared mailboxes (info@, support@, ect..) and not be charged with a license from Office 365.

Connect to Exchange Online with Remote PowerShell

  1. Click Start

     

  2. Click Administrative Tools

     

  3. Right Click Windows PowerShell Modules and Run as administrator

     

  4. Set the Execution Policy on the local computer
    1. Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
    2. Press “Y” for yes when/if prompted

       

  5. Specify remote credentials through a variable
    1. $cred=Get-Credential
    2. Enter Global Admin Account
    3. Enter password

       

  6. Set a session variable and connect to Exchange Online, enter command
    1. $s =New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection

       

  7. Import the session with the variable set in previous step.
    1. $importresults =Import-PSSession $s

 

Setup Shared Mailbox

  1. Convert the existing Synced user to a Shared Mailbox
    1. Get-Mailbox -identity account@domainname.com
      | set-mailbox -type “Shared”

       

  2. Set the quota for Shared Mailboxes
    1. Set-Mailbox account@domainname.com -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB

       

  3. Setup the Security Group

     

  4. Create a security group for the users who need access to the shared mailbox
    1. Open Exchange Control Panel
    2. Select My Organization > Users & Groups > Distribution Groups > New.
    3. Specify a display name (Example: GDP_dg) (Descriptive Name and DG for Distribution Group)
    4. Specify an Alias (GDP_dg)
    5. Specify an e-mail address. (GDP_dg@contoso.com)
    6. Select the Make this group a security group check box.

       

Note After you create a security group, the membership is closed. When membership is closed, only group owners can add members to the security group, or owners have to approve requests to join the group. Additionally, only group owners can remove members from the security group.

  1. In the Ownership section, click Add to add an owner, if necessary.

     

  2. In the Membership section, click Add.

     

  3. In the Select Members page, select the users you want to add.

     

  4. Click OK.

     

  5. On the New Group page, click Save.

     

Assign Permissions (PowerShell connected to Office 365)

  1. Assign the security group the FullAccess permission to access the shared mailbox
    1. Add-MailboxPermission account@domainname.com -User SecurityDistributionGroup -AccessRights FullAccess

     

  2. Assign the security group the SendAs permission to the shared mailbox
    1. Add-RecipientPermission account@domainname.com -Trustee SecurityDistributionGroup -AccessRights SendAs

       

  3. Hide the Distribution Security Group from the Global Address List
    1. Open Exchange Control Panel
    2. Select My Organization > Users & Groups > Distribution Groups
    3. Select the group that you created in the above step
    4. Select Hide this group from the shared address book
    5. Click Save

 

Once the above steps are completed, you can open the Microsoft Online Portal, click Users, Select the User account for the Shared Mailbox and remove the license.

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me