How to prevent internal email spoofing in an Exchange organization

Disclaimer: This article is not an “Email Spoofing 101”. Spoofing examples are presented only for testing and prevention purposes.

Ensuring email security might be one of the most important and most difficult tasks an administrator must face. Every day, servers process thousands of emails and controlling such a big mail flow is not easy. No wonder hackers focus on this channel when they plan attacks. They use various tricks to make users think that opening a suspicious attachment is a good idea.

One of the tricks they use is email spoofing.

Prevent Internal Spoofing in Exchange organization

Continue reading ‘How to prevent internal email spoofing in an Exchange organization’

Using PST files to back up Office 365 – why it is a bad idea

Personal Storage Table files (PST) were introduced to the Microsoft world back in times of Exchange 4.0, as Outlook exclusive, storage files. They were meant to store individuals’ non-enterprise data coming from IMAP and POP3 mailboxes. Soon enough that became a quick fix to stacked up corporate Exchange Servers allowing users to store excess mailbox data to their local drives. What seemed like a brilliant solution, soon proved itself to be quite the opposite. In this article, I’ll show you why it is a bad idea to use PST files as a backup for your Office 365 data.

PST files were never meant for across network management

Any type of an over network management of PST files is an unsupported, highly not recommended, and time-consuming process, often resulting in corrupted files. Its administration over LAN or WAN is very heavy on servers causing network overheads and even server crashes. Learn more about it from the Microsoft Knowledge Base. Having multiple operations like this proceed simultaneously also significantly slows you’re your computer operations down. There is no possibility to automatically synchronize these files between devices in Microsoft Outlook. And saving them to the Cloud results in nothing more but an overfilled cache.

Continue reading ‘Using PST files to back up Office 365 – why it is a bad idea’

How to merge an Office 365 account with an on-premises AD account after hybrid configuration?

Once you have completed a hybrid configuration in your company, it turns out that the job is not done yet. After a quick verification whether the hybrid is set up correctly, you notice that some of the users are not synchronized properly. And if that is the case, you need to do some additional adjustments. If you hit the roadblock during the synchronization it is most probable that the problem will be related to user synchronization between local Active Directory and Azure AD. Common causes for this are:

  • Lack of rights to Organizational Units (OU) or AD objects (users, groups or computers) for a service account used by Azure AD Connect (AAD Connect)
  • The improper scope of objects synchronized with Office 365. In other words, perhaps an OU that contains a certain user object, group or computer was not selected in the AAD Connect configuration wizard.

You can encounter these problems when you run the synchronization from on-premises AD to Office 365. But this can also happen the other way round when you run the synchronization from Office 365 to on-premises AD or in both directions. Look at the most common scenarios here:

In this article, I will show you how to manage these situations in an environment with hybrid configuration and Centralized Mail Transport enabled.

A user has an account in Office 365 but not in local Active Directory

Merging AD account with Office 365

Continue reading ‘How to merge an Office 365 account with an on-premises AD account after hybrid configuration?’

Back up Office 365/Exchange emails before it is too late!

For some of you this may sound a bit disturbing, for some may be exaggerated, but preserving emails is one of the essential tasks any business should be aware of. In most organizations, emails hold very important or even critical data, which guarantee business continuity. That is why having a backup copy of emails seems to be something obvious, but it also seems to be underestimated at some point.

Backup Office 365 data

Continue reading ‘Back up Office 365/Exchange emails before it is too late!’

Managing users’ Outlook rules from Exchange Management Shell (with PowerShell)

Outlook rules help users organize their mailboxes. Thanks to them, sieving spam from important messages can be more automatic and users mailboxes can look less chaotic. That is the bright side of Outlook rules. The less bright side is that users highly depend on them and every time there is an issue concerning the rules, admins find themselves to be in the eye of the storm. You can remain calm, though, as I will show you how to manage users’ Outlook rules using PowerShell. But first, you have to know the difference between the two types of those rules, to learn what you can do with PowerShell and what requires a direct intervention in the users’ email clients.

Server-side rules vs. client-side rules

Outlook rules can be either server-side or client-side. Understanding the differences between them is crucial for an admin, as the type determines when they are executed and which cmdlets can be used to manage them.

Continue reading ‘Managing users’ Outlook rules from Exchange Management Shell (with PowerShell)’

How to send test email from multiple Exchange users with PowerShell

When you set up a company-wide email signature on Exchange or Office 365 using, e.g. the built-in transport rules feature, you will probably want to verify whether it is correctly added to messages.

The most straightforward and foolproof method is for users to send a test email to you so you can check it.

Or, if you feel like taking a crowdsourcing approach, just have each user send the email to themselves and check the details, etc. personally.

The problem with both those methods is that they rely upon users correctly understanding your request, complying with it and carrying it out properly, all without assistance. Realistically, you have a higher chance of randomly meeting Bill Gates walking down your street with a pet iguana on a leash, than for all 3 of these circumstances to come together magically.

As in many cases, here also PowerShell scripts can save you a lot of time and effort.

Continue reading ‘How to send test email from multiple Exchange users with PowerShell’

Setting an auto reply for a distribution group

First, let’s get one thing out of the way – distribution groups cannot send automatic responses by themselves.

Using Reject the message with the explanation / enhanced status code transport rule actions to send auto-replies for a distribution group is not a good idea either. Firstly, because it defeats the whole purpose of maintaining a distribution group (the original message is blocked, thus not reaching the members of the group). Secondly, because the automatic messages sent by the actions are very very bare-bones (as you can see here).

Autoreply for distribution group

The most common solution to these grievances is a shared mailbox with a have server reply using a specific message rule underneath it.

Continue reading ‘Setting an auto reply for a distribution group’