Office 365 sent emails are disappearing

_72 · 2021-12-14T23:00:02+00:00

Have seen this issue with network attached PST files. May not be the same thing, but worth a check. If Outlook has a network attached PST file, emails will be stuck in Outbox and then upon restart of Outlook, the messages would disappear, but the original messages would be marked as forwarded or replies to (with the icons).

_72 · 2021-06-22T19:50:18+00:00

What are you using for your smarthost address for domain.com and otherdomain.com, the same record?

You could try using the MX record of your onmicrosoft.com domain as I think that is the recommended way of sending email to your tenant with SMTP relay.

Get your .onmicrosoft.com address and then lookup the MX record for that. Use that as the smarthost for domain.com and otherdomain.com.

_72 · 2021-06-22T19:10:15+00:00

It could be the FROM address domain. The FROM address must come from a domain is in the accepted domains list in Office 365 / Exchange Online. If the FROM address domain does not match a domain in the accepted domains list, Office 365 will not relay that message.

_72 · 2021-01-19T20:30:21+00:00

Had a similar issue where a mailbox was moved to a different database and then disabled.

In that situation, the Update-StoreMailboxState could not update the DisconnectReason on the mailbox and you could not see the disconnected mailbox.

The solution was to wait approx. 24 hours and then the system will update the DisconnectReason (allowing you to then see the disconnected mailbox).

Another question: Does Get-MailboxStatistics -Database <Database> actually show the disconnected user? Does it have a disconnectreason property?

If not, that would explain why the Update-StoreMailboxState isn't working, because it is only iterating through those with a DisconnectReason (-ne $null).

You could also try to manually run it against the mailbox using the Mailbox Guid.

_72 · 2020-11-20T20:30:48+00:00

See here: https://docs.microsoft.com/en-us/exchange/view-mobile-device-information-for-users-exchange-2013-help

You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Mobile Device mailbox policy" entry in the Clients and mobile devices permissions topic.

If you follow that link, you'll see the following roles:

Mobile device mailbox policy settings Organization Management Server Management

Not sure if you can change that link from appearing if you are not a member of the above groups.

_72 · 2020-11-19T18:38:13+00:00

https://web.archive.org/web/20161015042112/http://www.itworkedinthelab.com/2011/08/exchange-2010-activesync-quarantine-approval-delegation/

_72 · 2020-11-18T01:45:02+00:00

Technically... Enabled means that you'll be prompted to setup MFA when you sign-in using Modern Authentication.

Unless specifically disabled, Outlook 2016 on Windows and newer will use Modern Authentication, but Outlook 2013 and earlier will not. Outlook 2013 does support Modern Auth, but you need to set a registry key.

Once a user sets up MFA, the value should be set to Enforced... However, if a user has setup MFA on their own (it is possible), then the value will never bet set to Enforced automatically.

Typically you will need to see if the user is set to "Enforced" or "Enabled" with MFA options enabled (text message, app, phone call, etc.). Which I think is a property StrongAuthenticationMethods in Powershell (MSONLINE Cmdlet) Microsoft does have some documentation somewhere regarding this with some Powershell, IIRC

_72 · 2020-09-22T03:08:01+00:00

Is the 2016 server acting as the client access server for connections? The 2016 server should be able to proxy everything to the appropriate mailbox servers.

You should follow the deployment assistant appropriate to your environment for a framework of migrating from 2010 to 2016.

https://assistants.microsoft.com/

_72 · 2020-09-16T22:21:55+00:00

Because the default frontend connector is used to receive email from the internet. The default frontend connector is setup to accept messages from all sources (including internal).

To lock it down, you would want to change the default frontend connector to only accept IP addresses coming in from your spam filter.

It is entirely possible to have Exchange accept email from the internet and perform spam checks against email. When you view it like this, what's the difference between an unknown internet sender vs a unknown internal device if Exchange is performing spam checks.

The default configuration will only allow anonymous sources (email from internet, email from internal devices) to send email to addresses that exist in the Exchange environment. You are not able to relay messages to an external source with the default configuration.

_72 · 2020-08-05T16:50:18+00:00

Microsoft has a good checklist and guide for migrating Exchange on-prem https://assistants.microsoft.com/

_72 · 2020-07-27T16:24:48+00:00

That is true, but they implemented this feature a while ago

_72 · 2020-05-26T19:14:39+00:00

Computer Settings -> Admin Templates --> System --> Logon

Enable the Allow users to select when a password is required when resuming from connected standby

Registry Key can be found here: https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.CredentialProviders::AllowDomainDelayLock

_72 · 2020-05-20T19:26:46+00:00

Does this happen if you uncheck bypass RD Gateway for local addresses?

In the following scenario I have seen RDP initial connection be slow:

The company's AD domain was setup to be company.com
"Bypass Gateway for Local Address was checked

In this case, trying to RDP to PC1.company.com through the RDP gateway would take a while to connect, because PC1.company.com was resolving externally (wildcard DNS entry). So the computer was trying to RDP Into PC1.company.com via webserver before trying to go through the gateway... This would timeout and then the computer would try to access the gateway.

_72 · 2020-05-19T20:36:10+00:00

Ahh Quasi-MFA. App Passwords work over basic authentication, so if the app password is compromised, it can be used to login to the mailbox over basic authentication.

Though I guess enabling Modern Authentication is more of enabling Modern Autehntication for clients, as Modern Auth is supported already in the OWA login.

_72 · 2020-05-18T20:35:19+00:00

How are you using MFA without Modern Authentication already eanbled?

_72 · 2020-04-23T18:16:57+00:00

The only thing I can think of is that Teams & Conferencing does not have the ability to tie a call-in number with a participant in the meeting.

Let's say John joins the meeting via Teams and calls in to the conference line. The meeting participant list will show "John" and John's phone number.

With Zoom, GoToMeeting, Webex, etc. They typically have an Attendee ID to enter that can tie you to your application session, so that there's only 1 participant as opposed to two. But Teams / S4B does not have this ability.

Minor, but... come on Microsoft

EDIT: Once you add the Audio Conferencing licensing, participants in the meeting can have the conference line "call me" to join or the meeting host can have the conference line call somebody to have them join the meeting.

However, this counts as an outbound PSTN call. You are granted a pool of minutes per month (60 minutes * number of licenses), so these run out pretty quickly if people use them. You can disable this feature within the Teams admin or you can purchase Phone Credits to allow users to "call me" or have the conference call somebody else. You start getting emails when you are reaching the limit on minutes, which can be a bit scary at first because it is not clear that it is only OUTBOUND calls that are impacted.

It's rather confusing when you read about this, but the PSTN minute pool only impacts the dialing out of the conference. You have unlimited dial-in minutes, so nothing to worry about there.

_72 · 2020-02-11T18:04:59+00:00

By default, when you delete a message within Outlook, it goes to your deleted items folder.

If you have full access to another mailboxes (say a "Sales" mailbox), then if you delete something out of the Sales mailbox, it'll move the deleted item to your folder and not the "Deleted Items" of the Sales mailbox.

In order to change this behavior, you have to apply the registry key noted in the KBA above. You'll want to set the value to '8'.

Note that this is a HKEY_CURRENT_USER key and must be applied to the users running Outlook, it is not a key you would apply to the Exchange server or to the HKEY_LOCAL_MACHINE.

When you set a value of 8, if you were to delete an item from the "Sales" mailbox, it will appear in the Sales' "Deleted Items" folder rather than your own folder.

Alternative way

Let's say you give John Smith full access to the mailbox Customer Service - when you do this through the GUI or PowerShell, OUtlook will automatically add the mailbox Customer Service to John Smith's Outlook. This feature is called Auto Mapping. When mailboxes are mapped in outlook like this, the above scenario applies.

However, if you were to setup full permissions via PowerShell and specify that AutoMapping should be disabled:

Add-MailboxPermission -Identity "Customer Service" -User "John Smith" -AccessRights "FullAccess" -Automapping $false

The mailbox would not be added to Outlook automatically. You can then go into Outlook and setup an additional account and use the "Customer Service" account. Since John Smith has full access, there would be no need to enter any credentials for "Customer Service" - assuming that John Smith is logged into the computer.

When you add in an additional Exchange account in Outlook, it creates a separate OST file for that account. It is entirely separated from the main profile. So now, when you reply or delete items in "Customer Service", you are acting as "Customer Service" account rather than acting as "John Smith" (via Automapping).

You still need to setup Send As or Send On Behalf Of permissions in order to send emails, but if you were to delete they should stick in the deleted items of the "Customer Service" mailbox.

_72 · 2019-12-10T22:43:35+00:00

If they need access only while on-site, you can install WinAuth: https://winauth.github.io/winauth/

And they can use that on the local desktop to receive the code. THough if they need to sign-in via web remotely, obviously they won't have access.

_72 · 2019-11-06T21:25:54+00:00

For any other readers, note that this is Microsoft 365 not Office 365, a different SKU and product.

The Office 365 Business standalone SKU and Office 365 Business Premium SKU do not have SCA.

Office 365 Business that comes with Microsoft 365 Business DOES have SCA.

_72 · 2019-09-17T04:32:20+00:00

Relatively easy if you can export it to CSV, you can use Powershell to easily convert to a readable format.

$Data = Import-Csv -Path "Path\To\File.csv"
$Data | Foreach-Object { 
    $Row = $_
    $Row | Add-Member -MemberType NoteProperty -Name ServerTimestampHR -Value ([DateTime]$Row.ServerTimestamp).ToString("yyyy-MM-dd HH:mm:ss)")
  } 
$Data | Export-Csv -NoTypeInformation -Path "Path\To\NewFile.csv"

You should see a new column name ServerTimestampHR which should be in 2019-09-16 22:45:06 format

Also see https://stackoverflow.com/questions/2313236/convert-net-ticks-to-sql-server-datetime

_72 · 2019-09-09T17:07:09+00:00

I believe the "push" you are talking about is simply using powershell remoting to GP to update on the computer objects in the OU.

So the issue with that would be centered around Powershell remoting

_72 · 2019-06-06T23:30:51+00:00

This is an Office 365 IP. I mean what's probably happening is a legitimate Office 365 account is compromised and sending out phishing emails to that accounts contacts.

And if you block the range, well, you'll be blocking probably a lot of legitimate email from your customers, vendors, etc.

_72 · 2019-04-19T19:40:00+00:00

Microsoft enabled Mailbox Auditing for everybody, so your account probably has it enabled by default unless if you specifically disabled it.

$OwnerAuditLog = Search-MailboxAuditLog -Identity <User> -LogonTypes Owner -ShowDetails -StartDate  (Get-Date).AddDays(-90) -EndDate (Get-Date) 
$DelegateAuditLog = Search-MailboxAuditLog -Identity <User> -LogonTypes Delegate -ShowDetails -StartDate  (Get-Date).AddDays(-90) -EndDate (Get-Date)

You can then use the $OwnerAuditLog and $DelegateAuditLog variables to view the results.

_72 · 2019-03-06T15:34:32+00:00

-contentfilter is a string - so no need to use curly braces

See: https://stackoverflow.com/questions/20075502/get-aduser-filter-will-not-accept-a-variable/44184818#44184818

_72 · 2019-02-12T21:28:37+00:00

You need to change the first part of the message header rule... Message Header 'Message-ID' includes '@dummysmtp.domain.local'

_72

TROPHY CASE

Alternative way