Changing the Default Password Policy in Office 365

By default user will be required to change their passwords every 90 days and will be prompted 14 days before that. This default value can be changed at the tenant level for all users.

Login to the Office 365 Admin Center

Click Settings on the left navigation menu

Click Security & Privacy

Click Edit on the Password Policy

Edit the Policy

Click Save

Recover an Inactive Mailbox in Office 365 (Exchange Online)

In order to recover an inactive mailbox in Office 365 (Exchange Online), you must search for the mailbox, get the Exchange GUID and then recover it to a new mailbox.

I will cover the basic process below, if you need more details, reference the Microsoft KB below.


Connect to Exchange Online with PowerShell

List inactive mailboxes with Exchange GUID

  1. Get-Mailbox -InactiveMailboxOnly | Format-List Name,DistinguishedName,ExchangeGuid,PrimarySmtpAddress

Create InactiveMailbox variable

  1. $InactiveMailbox = Get-Mailbox -InactiveMailboxOnly -Identity <identity of inactive mailbox>
  2. Use the ExchangeGUID from the previous step as the indentity

Recover inactive mailbox to a new mailbox

  1. New-Mailbox -InactiveMailbox $InactiveMailbox.DistinguishedName -Name johndoe -FirstName John -LastName Doe -DisplayName “John Doe” -MicrosoftOnlineServicesID -Password (ConvertTo-SecureString -String ‘P@ssw0rd’ -AsPlainText -Force) -ResetPasswordOnNextLogon $true
  2. The command above will create a new user and mailbox for John Doe and recover the inactive mailbox set in the variable above
  3. The MicrosoftOnlineServicesID must match the PrimarySMTPAddress returned from the first step

Configure the new user

  1. Make sure you assign a license to the newly created user
  2. If you are using AD Connect, make sure that the user on-premise shares the same anchor value as the synchronized user for soft matching to work correctly

Search for Inactive Mailboxes in Office 365 (Exchange Online)

Use this command to list all the inactive mailboxes in your tenant. You will also have to use this command in order to restore an inactive mailbox to a new user account. You will need to run the command below to gather information on the inactive mailbox and then use the Recover an Inactive Mailbox in Office 365 (Exchange Online) post.


Connect to Exchange Online with PowerShell

List Inactive Mailboxes

  1. Get-Mailbox -InactiveMailboxOnly | Format-List Name,DistinguishedName,ExchangeGuid,PrimarySmtpAddress

Preserve Mailbox Data without a License in Office 365 (Exchange Online)

Most companies now want to preserve all the data from an former employee, due to company standards or are required to hold the data for legal requirements. Office 365 provides a way to do this and not have to pay for the license. The simple process is that you want to place a hold on the mailbox (In-Place Hold or Litigation Hold) and then remove the license from the user. After that the mailbox data will be preserved.

I will cover the basic process below, if you need more details you can reference the Microsoft KB below.

IMPORTANT – Make sure the mailbox hold is applied before you remove the license.


Connect to Exchange Online with PowerShell

Set Litigation Hold on the mailbox

  1. Set-Mailbox <User or Email Address> -LitigationHoldEnabled $true

Verify litigation hold on the mailbox

  1. Get-Mailbox <User or Email Address> | Format-List Name,LitigationHold*

Remove the Office 365 User Account

Depending on how your users are setup in Office 365, will dictate on how the accounts will be deleted. If you have cloud based accounts then you can simply select the user in Office 365 and remove the account. If you are using synchronized accounts from your local AD, then you will need to remove the account from local AD and then let the changes synchronize to Azure AD.

Enabling an Office 365 Archive Mailbox with PowerShell (Exchange Online)

In the post below, I will cover two methods on how to enable an Archive Mailbox in Office 365 (Exchange Online) using PowerShell. The first method will be a straight forward non-hybrid deployment where the archive is enabled in Exchange Online and the second method will be a hybrid deployment of Exchange with Exchange Online, where the archive mailbox value must be set on premise and synchronized to Exchange Online, where the archive mailbox is enabled. The first thing to do is to make sure that the Office 365 license assigned to the user has the Archive option included.

Non-Hybrid Deployment

Use this Microsoft KB article for more detailed scenarios.

Connect to Exchange Online with PowerShell

Use the Enable-Mailbox command to activate the archive

  1. Enable-Mailbox <User Name or Email Address> -Archive

Verify the archive is enabled

  1. Get-Mailbox <User Name or Email Address> | Format-List Name,*Archive*

Hybrid Deployment of Exchange On-Premise and Exchange Online (Office 365)

Because of the hybrid setup of Exchange and the fact that local AD is being synchronized to Azure AD, we need to set the archive value in on-premise AD and let DirSync or AD Connect synchronize the value to Azure AD to enable the archive mailbox in Exchange Online.

Use these Microsoft KB articles for more details.

Open the local version of Exchange Management Shell

Use the Enable-RemoteMailbox command with the -Archive switch to activate the Archive mailbox in Exchange Online

  1. Enable-RemoteMailbox <User Name or Email Address> –Archive

Synchronize local AD with Azure AD (scheduled or manual) (DirSync or AD Connect)

Verify the archive is enabled

  1. Connect to Exchange Online with PowerShell
  2. Get-Mailbox <User Name or Email Address> | Format-List Name,*Archive*

Mail Routing – G Suite to Office 365 (Exchange Online EOP)

During my day job, I get a lot of requests on how to migrate from G Suite to Office 365. BitTitan MigrationWiz can take care of the mailbox and free/busy co-existence, but G Suite and Office 365 will handle the mail routing. The post below will cover how to setup mail routing assuming that mail is still being delivered to G Suite and the mail boxes are being migrated to Office 365.

Use this KB from Microsoft to learn about Criteria Based Routing in EOP

BitTitan has a great article on how to setup Criteria Based Routing for a migration scenario.

G Suite Setup
SMTP Domain Type Mail Routing (MX Points Here) Primary Domain YES

There are no domains to be setup for G Suite. We use the primary domain already added and verified in G Suite

Office 365 (Exchange Online)
SMTP Domain Type Mail Routing (MX Points Here) Primary Domain NO – G Suite Tenant Domain YES

External Email Delivery

Mail Routing – New/Reply from Office 365 (Internal and External)

Mail Routing – New/Reply from G Suite (Internal and External)

Office 365 – Exchange Online Organizational Sharing

Recently I worked with a partner that was doing a larger tenant to tenant migration. Fortunately they were moving from one domain to another and are doing a staged migration with MigrationWiz; because they will have users in one of two tenants, they will need to share free/busy information between the two tenants. This is easily done by setting up Exchange Organizational Sharing between the two Office 365 tenants.

Open Office 365 admin center

Click Admin Centers

Click Exchange

Click Organization

Click Sharing

Click New on Organization Sharing

In the Relationship name, enter a friendly name for the relationship

In the Domains to share with box, enter the external Office 365 or Exchange on-premise domain

Click to Enable calendar free/busy information sharing

Set the sharing level for calendar free/busy information

Set which users can share calendar free/busy information.

Click save