Exchange News: June 2015

Tuesday, June 30, 2015

msexchange.org: Azure AD Conditional Access preview update: More apps and blocking access for users not at work

from Exchange News Full Article

msexchange.org: New features coming to Intune over the next week

from Exchange News Full Article

msexchange.org: Last chance to win a Pluralsight Annual Plus subscription!

Until the end of June 2015 we will be conducting a site survey to help us learn more about our visitors and what you'd like to see on the site in the future.

from Exchange News Full Article

MSExchange.org: Exchange Archiving - On-Premises vs Cloud-Based (Part 3)

Configuring Exchange Hybrid to support online archiving.

from Exchange News Full Article

msexchange.org: Office 365 / Exchange Online – Disable One Drive for Business Integration

from Exchange News Full Article

msexchange.org: Now Available: Intune Mobile Application Management and Conditional Access for Outlook

from Exchange News Full Article

msexchange.org: Booking Delegation Vs. Classic Delegation

from Exchange News Full Article

Monday, June 29, 2015

Exchange Team Blog: Booking Delegation Vs. Classic Delegation

Calendar delegation can be assigned in two different ways, each for a specific scenario. However, any mailbox, usually rooms, can be assigned both and this causes confusion when managing delegation of rooms or resources. What’s the difference and why?

Classic Delegation

Classic delegation has been around forever and used when a manager wants one or more people to manage their calendar. For example, a CEO wants their assistant(s) to manage the CEO’s calendar. In this case, the CEO using Outlook or OWA would assign the delegates to the calendar. The Tenant/Org admin has no interaction; this is all controlled by the end users.

Classic Delegation assignment works by:

Adding Editor permission on the calendar to the delegates
Granting Send As permissions to the delegates
Creating a hidden transport rule which redirects the meetings to the delegates, red box below.

All this is done by the client. The Tenant/Org admin has no involvement.

Outlook example:

OWA Calendar delegation assignment example:

In both cases, classic delegation is completely controlled by end users assigned from the clients.

Booking or Resource Delegation

This feature is designed to allow the Tenant/Org admin to manage all room and/or resource delegation to specific people to manage, no end user configuration involved. The Tenant/Org admin has total control of who the delegates are for all the rooms and resources.

The same calendar permissions and Send As is created but there is no hidden rule for booking delegation, the Resource Booking Agent takes care of redirecting the meetings to the assigned booking delegates.

The problem?

The problem happens when a room has been configured for classic delegation, then the Tenant/Org admin reassigned/modified delegation from the booking delegation portal. The booking delegation assignment is successful but the classic delegation hidden rule still exists, which will fire first and continue to be redirected to the classic delegates overriding the booking delegates.

Solution

The easiest solution is to simply logon to the room with the classic delegation and deselect the checkbox that redirects calendaring items to the delegate.

Both Booking delegation and Classic Delegation use the same folder permissions and Send As rights.

Eric Hartmann

from Exchange News Full Article

EighTwOne: Configuring message size limits

Exchange 2013 enforces certain message size limits when it comes to client messages. These limits are in-place so clients can’t generate excessive load on your Exchange environment. These limits are determined for various access methods in multiple web.config files on Exchange Client Access Servers as well as Mailbox Servers.

Sometimes you may have good reasons to increase those limits. For example, when migrating to Office 365 using a product like MigrationWiz, you may want to increase the limit for Exchange Web Service (EWS) requests to allow for migration of larger items. Another example is when you want to allow for bigger attachments in Outlook WebApp (OWA).

On TechNet, there’s an article on how to reconfigure these limits. However, the process consists of editing multiple web.config files, replacing multiple values in the same file, and following this process on each Exchange 2013 server in your environment. This is not only labor intensive and prone to error, but becomes tedious when you consider that each Cumulative Update will overwrite your web.config files.

But do not despair. To execute these changes for OWA and EWS, I have created a PowerShell script which will perform these tasks for you.

Requirements
Using the script requires Exchange 2013. You need to provide the server name (default is local server) or AllServers to apply to all Exchange 2013 servers in your environment. The script will modify the web.config remotely using the system share (e.g. C$), using the location of the Exchange installation, and uses IISRESET tool to restart IIS. It will create a backup of the web.config before modifying it.

Notes:

The script checks for running in elevated mode when running against the local machine.
Current version of the script requires Exchange Management Shell, to run Exchange cmdlets for checking installed roles a.o., as the web.config files which require editing depend on the installed roles.
For OWA, add ~33% to the value you want to specify to compensate for encoding overhead.
When connected to an Exchange server, the script processes the server hosting the EMS session last to prevent abortion caused by IIS reset.
Script currently runs against Exchange 2013.

Usage
The script Configure-ClientSizeLimits.ps1 uses the following syntax:

.\Configure-ClientSizeLimits.ps1 [-Server |-AllServers] [-OWA ] [-EWS ] [-Reset]

A quick walk-through on the parameters and switches:

Server specifies the server to configure. When omitted, it will configure the local server. This parameter is mutually exclusive with AllServers.
AllServers switch specifies to configure all Exchange 2013 servers. This switch is mutually exclusive with Server.
OWA configures the message size limit for OWA. Value is in 1KB units.
EWS configures the message size limit for EWS. Value is in 1KB units.
Reset switch specifies to perform an IISRESET against servers after reconfiguration of client-specific message size limits.

So, suppose you want to configure an OWA message size limit for you can use:

.\Configure-ClientSizeLimits.ps1 -Server EX01 -OWA 100 -EWS 10240 -Reset

If you want to configure EWS limits for all servers without resetting IIS, you could use:

.\Configure-ClientSizeLimits.ps1 -AllServers -EWS 10240

Download
You can download the script from the TechNet Gallery here.

Feedback
Feedback is welcomed through the comments. If you got scripting suggestions or questions, do not hesitate using the contact form.

Revision History
See TechNet Gallery page.

To Do
Compatibility with Exchange 2010 and removal of dependency on Exchange Management Shell.

Filed under: Exchange 2013, PowerShell Tagged: Configuring, Exchange2013, Migration, Script

from Exchange News Full Article

msexchange.org: Exchange Server 2013 – Planning for Public Folders mailboxes according to user logon limits

from Exchange News Full Article

msexchange.org: Office 365 / Azure AD - Identifying Disabled Users

from Exchange News Full Article

Saturday, June 27, 2015

msexchange.org: Office for Android phone is here!

from Exchange News Full Article

msexchange.org: Office 365 users gain one-click access to third-party apps

from Exchange News Full Article

msexchange.org: A guide to Build Your Own Enterprise Mobility Lab

from Exchange News Full Article

msexchange.org: Azure AD Conditional Access preview update: More apps and blocking access for users not at work

from Exchange News Full Article

msexchange.org: New features coming to Intune over the next week

from Exchange News Full Article

Friday, June 26, 2015

Subject Exchange: Weekend reading

from Exchange News Full Article

Thursday, June 25, 2015

MSExchange.org: Managing SPF and reverse DNS in Exchange Server (Part 1)

In this article series, we are going over a very basic, but still fundamental piece of configuration that must be in place to allow mail flow from an Exchange Server to external SMTP servers, which are the reverse DNS and the SPF Record.

from Exchange News Full Article

msexchange.org: IDFix v1.09 (beta) available on Microsoft Connect

IDFix v1.09 (beta) available on Microsoft Connect. Bear in mind this is a beta release though.

from Exchange News Full Article

msexchange.org: Azure AD Connect & Connect Health is now GA!

We’re thrilled to announce that as of today Azure AD Connect is now generally available for all Azure AD customers including Office365 customers. Azure AD Connect is the single tool and experience for connecting your on premises directories to Azure AD, whether you are evaluating, piloting, or in production.

from Exchange News Full Article

Wednesday, June 24, 2015

The EXPTA {blog}: Lync or Skype for Business Missed Conversation Emails are Delayed

Working with our Skype for Business team today, I discovered some useful information about Missed Conversation emails.

Missed Conversation emails can be delayed if you are signed into Lync or Skype for Business from different clients at the same time. For example, if you're signed in from your desktop and another computer or the Lync Mobile client. This is known, but not expected, behavior. It might be due to IM toast popping up in one client when you are working from another client. Lync activity from the remote machine then "nudges" the email out.

Lync/S4B uses EWS to place the Missed Conversation or Missed Call emails directly in the Missed Conversation folder in your mailbox. Since it does not traverse Exchange transport, these messages will not show in message tracking and they will not include any header information.

from Exchange News Full Article

Tuesday, June 23, 2015

MSExchange.org: Migrating a small organization from Exchange 2010 to Exchange 2013 (Part 4)

In this, the final part of the series we will complete preparation, migrate mailboxes and decommission Exchange 2010.

from Exchange News Full Article

EighTwOne: Exchange 2013 Server Role Requirements Calculator 7.6

The Exchange team published an update for the Exchange 2013 Server Role Requirements Calculator as well. The new version number is 7.6.

Changes since version 6.6:

Added support for ReplayLagManager
Added support for PreferredMaximumActiveDatabases
Added new table that exposes theoretical CPU utilization for each mode (normal runtime, first server failure, second server failure, site failure, site failure + 1 failure)
Added Restore-DatabaseAvailabilityGroup scenario support in Distribution algorithm
Added warning about designs that include more than24 processor cores / server and 96GB of memory
Added support for DAGs without Administrative Access Point (default behavior is no administrative access point) in the CreateDAG script
Changed default for Deleted Item Retention in export file to be the highest profile value for Deleted Item Retention
Changed default for Circular Logging in export file to be true when using Exchange Native Protection
Added ability to save scripts and CSV files to OneDrive for Business
Fixed CreateDAG.ps1 script error for DAG creation without administrative IP address
Modified CreateMBDatabases.ps1 to ignore CircularLogging choice and modified CreateMBDatabaseCopies.ps1 to enforce CircularLogging choice
Fixed Export DAG list function to use the correct value for MaximumActiveDatabases
Added support for MaximumPreferredActiveDatabases and AutoDatabaseMountDial in Export DAG List function and createdag.ps1
Modified CreateMBDatabaseCopies.ps1 to remove sleep timer, improving copy creation significantly
Fixed createdag.ps1 to not generate an error when there is no alternate witness server provided

Fixes since version 6.6:

Fixed an issue that prevented the calculator from displaying results when site resilience was disabled while Active/Active (Single DAG) was selected
Changed Processor Cores/Server to not use a list drop down, thereby enabling customers to enter in configurations they are deploying.
Fixed bugs in Diskpart script with PrepareAutoReseedVolume switch and WhatIf processing
Fixed bug in Diskpart with escaping quotes in some languages
Fixed bug with display of lag copies in single site design
Fixed multiple databases / volume calculation to take into account symmetric designs that utilize an odd number of servers in a single site
Fixed scenario to count number of servers in A/P scenario where the only copy deployed in DR is a lagged copy
Fixed #NAME error in Database Copy Configuration table for standalone configurations
Updated DC1 memory sizing to take into account site failure mode for A/A (Single DAG) designs involving a 2 copy architectures
Updated Distribution Tab error reporting and Lastrow calculation
Fixed copy count validation formula for site resilient scenarios to not allow more copies in the primary datacenter than the number of servers
Added support for 10TB and 12TB capacity disks
Fixed run-time error on distribution tab when disabling site resilience
Fixed distribution error when disabling cross-site failover
Fixed bug in Distribution tab ActiveServer formula when modeling Cross Site Failover behavior
Fixed an issue with the distribution tab throwing an error when two files were opened at the same time
Fixed distribution algorithm where lagged copies were not always represented correctly
Blocked unsupported A/A (Single DAG) scenario where copy count is not the same in both datacenters

You can download the calculator here. For more information, please consult the list of changes here or Read Me here.

Filed under: Misc

from Exchange News Full Article

EighTwOne: Exchange 2013 Cumulative Update 9

The Exchange Team released Cumulative Update 9 for Exchange Server 2013 (KB3049849). This update raises Exchange 2013 version number to 15.0.1104.5.

Cumulative Update reintroduces configuration of sent items for shared mailboxes, as was possible in Exchange 2010 but wasn’t available in Exchange 2013 yet. More information here.

Next to a security fix for MS15-064, this Cumulative Update contains the following fixes:

KB2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment
KB2988660 Role assignment with custom write scope fails in an Exchange Server 2013 environment
KB3003978 Email messages are displayed with incorrect format in Outlook in an Exchange Server 2013 environment
KB3006849 GSSAPI-based Kerberos authentication protocol is not offered to IMAP clients in Exchange Server 2013
KB3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013
KB3032153 Recurring events in Calendar over DST are not adjusted on all ActiveSync devices in all Exchange Server environments
KB3040681 MapiExceptionTimeout error during a hierarchy synchronization process of multiple public folders in Exchange Server 2013
KB3040683 System WLM overrides do not work when you do on-premises installations in Exchange Server 2013
KB3049081 OwaDeepTestProbe probe fails intermittently on a server that installs the Mailbox server role in Exchange Server 2013
KB3049771 Outlook Web App logon page takes longer time than expected to time out in an Exchange Server 2013 environment
KB3050825 EdgeTransport.exe starts to crash when PriorityQueuingEnabled is set to “True” in Exchange Server 2013
KB3050877 Emails that are sent as a secondary mailbox are not saved in the delegate’s Sent Items folder in Exchange Server 2013
KB3055940 “Object reference not set to an instance” error when you install cumulative update in Exchange Server 2013
KB3056045 “Cannot find Template User object” error when you find contacts that use a consumer domain in Exchange Server 2013
KB3056133 Exchange Server 2013 Activation time of transport rule is not displayed in UTC time
KB3056413 SMTP connection fails when you log on with a child domain account and use NTLM authentication in Exchange Server 2013
KB3056817 Update adds the Let me select the message option in Outlook Web App in an Exchange Server 2013 environment
KB3056822 Dynamics CRM 2013 stops synchronizing items from mailbox in an Exchange Server 2013 environment
KB3060825 The MSExchangeDelivery service crashes when you receive an email message from a specific sender in Exchange Server 2013
KB3064393 “Bad Command. 12″ error and IMAP CAPABILITY commands are not offered in an Exchange Server 2013 co-existence environment
KB3068681 RPC encryption requirement is re-enabled for RPC Client Access Service after you upgrade server in Exchange Server 2013
KB3069060 Recurring meetings are accepted when their time conflicts on the same room mailbox in Exchange Server 2013
KB3069501 Duplicate folders are created after a mailbox move in Exchange Server 2013 Enterprise
KB3071427 Outlook Web App still downloads web beacon contents when you forward email messages in Exchange Server 2013

Notes:

If the new Set-Mailbox parameters for Sent Items configuration, i.e. MessageCopyForSentAsEnabled and MessageCopyForSendOnBehalfEnabled, are not available after installing this CU, run Setup /PrepareAD /IAcceptExchangeServerLicenseTerms explicitly.
When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay current.
Previously released CU7 introduced changes to prevent restoration of pre-CU7 databases. Pre-CU7 users are advised to perform a full backup post-upgrade to CU7 or later.
Previously released CU7 added support for hierarchies containing 250,000 modern public folders. Consult this article for co-existence scenarios.

This Cumulative Update does not include schema or Active Directory changes when compared to Cumulative Update 7. If you have deployed a version earlier than CU7, make sure you run PrepareSchema /PrepareAD. If you want to speed up the Cumulative Update installation process, you can temporarily disable certificate revocation checking as described here.

Note that Cumulative Updates can be installed directly, i.e. no need to install RTM prior to installing Cumulative Updates. Note that once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles. The order of upgrading servers is irrelevant, unlike with previous generations of Exchange.

Finally, and I can’t emphasize this enough: For any Hotfix, Rollup, Service Pack or Cumulative Update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production. When you lack such facilities, hold out a week or two and monitor the comments on the release article or TechNet forum for any issues.

You can download Exchange 2013 Cumulative Update 8 here; UM Language Packs can be found here.

Filed under: Exchange 2013 Tagged: CU, CU9, Exchange2013

from Exchange News Full Article

EighTwOne: Exchange 2010 SP3 RU10 & Exchange 2007 SP3 RU17

The Exchange Team released Rollup 10 for Exchange Server 2010 Service Pack 3 (KB3049853) as well as Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710). These update raises the version numbers to 14.3.248.2 and 8.3.417.1 respectively.

Rollup 10 contains the following fixes for Exchange Server 2010 SP3:

KB 3069055 Various DAG maintenance scripts do not work in an Exchange Server 2010 environment
KB 3057422 “MapiExceptionNoAccess: Unable to query table rows” error and some mailboxes cannot be moved
KB 3056750 Exchange ActiveSync application pool crashes in an Exchange Server 2010 environment
KB 3054644 “The item no longer exists” error when you access an archive mailbox in Outlook Web App in Exchange Server 2010
KB 3051284 Event ID 4999 is logged and MSExchangeServicesAppPool crashes in an Exchange Server 2010 environment
KB 3049596 Event ID 4999 is logged and remote procedure call Client Access service crashes in an Exchange Server 2010 environment
KB 2964344 MSExchangeRPC service stops working intermittently in Exchange Server 2010
KB 3055764 Exchange Server 2010 Address Book Service crashes with event ID 4999

For Exchange Server 2007 SP3, the Rollup 17 contains the following fix:

KB 3057222 “InvaIidOperationException” error and cannot open digitally signed or NDR messages in FIPS-enabled Exchange Server 2007

Notes:

If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
If you got an Exchange 2010 DAG, and want to properly update the DAG members, check the instructions here.
Rollups are cumulative per service pack level, i.e. they contain fixes released in earlier update Rollups for the same product level (RTM, SP). This means you don’t need to install previous Rollups during a fresh installation but can start with the latest Rollup package.

You can download Exchange 2010 SP3 Rollup 10 here and Exchange 2007 SP3 Rollup 14 here.

Filed under: Exchange 2007, Exchange 2010 Tagged: Exchange2007, Exchange2010, Rollup, SP3

from Exchange News Full Article

Monday, June 22, 2015

msexchange.org: Rollup 2 for Forefront Unified Access Gateway 2010 Service Pack 4

UAG 2010 Service Pack 4 Rollup 2 is available as a hotfix download from Microsoft Support as an update to UAG 2010 Service Pack 4.

from Exchange News Full Article

msexchange.org: Microsoft Virtual Academy - Exchange courses

Learn Microsoft Exchange through our variety of free courses, which provide IT Professionals with the information they need to install, deploy, manage, and support on-premises versions of Microsoft Exchange Server. In addition, learn how to best leverage the cloud with Exchange Online.

from Exchange News Full Article

Saturday, June 20, 2015

msexchange.org: How to avoid messaging performance issues and data loss in hybrid Cloud?

from Exchange News Full Article

msexchange.org: Office 365 for Partners: scenarios and telesales script

If you're an Office 365 Partner, these 2 documents might interest you.

from Exchange News Full Article

Friday, June 19, 2015

Subject Exchange: Weekend reading

from Exchange News Full Article

Exchange Team Blog: Ask the Perf Guy: How big is too BIG?

We’ve seen an increasing amount of interest lately in deployment of Exchange 2013 on “large” servers. By large, I mean servers that contain significantly more CPU or memory resources than what the product was designed to utilize. I thought it might be time for a reminder of our scalability recommendations and some of the details behind those recommendations. Note that this guidance is specific to Exchange 2013 – there are many architectural differences in prior releases of the product that will impact scalability guidance.

In a nutshell, we recommend not exceeding the following sizing characteristics for Exchange 2013 servers, whether single-role or multi-role (and you are running multi-role, right?).

Recommended Maximum CPU Core Count	24
Recommended Maximum Memory	96 GB

Note: Version 7.5 and later of the Exchange Server 2013 Role Requirements Calculator aligns with this guidance and will flag server configurations that exceed these guidelines.

As we have mentioned in various places like TechNet and our Preferred Architecture, commodity-class 2U servers with 2 processor sockets are our recommended server type for deployment of Exchange 2013. The reason for this is quite simple: we utilize massive quantities of these servers for deployment in Exchange Online, and as a result this is the platform that we architect for and have the best visibility into when evaluating performance and scalability.

You might now be asking the fairly obvious follow up question: what happens if I ignore this recommendation and scale up?

It’s hard, if not impossible, to provide a great answer to this question, because there are so many things that could go wrong. We have certainly seen a number of issues raised through support related to scale-up deployments of Exchange in recent months. An example of this class of issue appears in the “Oversizing” section of Marc Nivens’ recent blog article on troubleshooting high CPU issues in Exchange 2013. Many of the issues we see are in some way related to concurrency and reduced throughput due to excessive contention amongst threads. This essentially means that the server is trying to do so much work (believing that it has the capability to do so given the massive amount of hardware available to it) that it is running into architectural bottlenecks and actually spending a great deal of time dealing with locks and thread scheduling instead of handling transactions associated with Exchange workloads. Because we architect and tune the product for mid-range server hardware as described above, no tuning has been done to get the most out of this larger hardware and avoid this class of issues.

We have also seen some cases in which the patterns of requests being serviced by Exchange, the number of CPU cores, and the amount of physical memory deployed on the server resulted in far more time being spent in the .NET Garbage Collection process than we would expect, given our production observations and tuning of memory allocation patterns within Exchange code. In some of these cases, Microsoft support engineers may determine that the best short-term workaround is to switch one or more Exchange services from the Workstation Garbage Collection mode to Server Garbage Collection mode. This allows the .NET Garbage Collector to manage memory more efficiently but with some significant tradeoffs, like a dramatic increase in physical memory consumption. In general, each individual service that makes up the Exchange server product has been tuned as carefully as possible to be a good consumer of memory resources, and wherever possible, we utilize the Workstation Garbage Collector to avoid a dramatic and typically unnecessary increase in memory consumption. While it’s possible that adjusting a service to use Server GC rather than Workstation GC might temporarily mitigate an issue, it’s not a long-term fix that the product group recommends. When it comes to .NET Garbage Collector settings, our advice is to ensure that you are running with default settings and the only time these settings should be adjusted is with the advice and consent of Microsoft Support. As we make changes to Exchange through our normal servicing rhythm, we may change these defaults to ensure that Exchange continues to perform as efficiently as possible, and as a result, manual overrides could result in a less optimal configuration.

As server and processor technology changes, you can expect that we will make adjustments to our production deployments in Exchange Online to ensure that we are getting the highest performance possible at the lowest cost for the users of our service. As a result, we anticipate updating our scalability guidance based on our experience running Exchange on these updated hardware configurations. We don’t expect these updates to be very frequent, but change to hardware configurations is absolutely a given when running a rapidly growing service.

It’s a fact that many of you have various constraints on the hardware that you can deploy in your datacenters, and often those constraints are driven by a desire to reduce server count, increase server density, etc. Within those constraints, it can be very challenging to design an Exchange implementation that follows our scalability guidance and the Preferred Architecture. Keep in mind that in this case, virtualization may be a feasible option rather than a risky attempt to circumvent scalability guidance and operate extremely large Exchange servers. Virtualization of Exchange is a well understood, fairly common solution to this problem, and while it does add complexity (and therefore some additional cost and risk) to your deployment, it can also allow you to take advantage of large hardware while ensuring that Exchange gets the resources it needs to operate as effectively as possible. If you do decide to virtualize Exchange, remember to follow our sizing guidance within the Exchange virtual machines. Scale out rather than scale up (the virtual core count and memory size should not exceed the guidelines mentioned above) and try to align as closely as possible to the Preferred Architecture.

When evaluating these scalability limits, it’s really most important to remember that Exchange high availability comes from staying as close to the product group’s guidance and Preferred Architecture as possible. We want you to have the very best possible experience with Exchange, and we know that the best way to achieve that is to deploy like we do.

Jeff Mealiffe
Principal PM Manager
Office 365 Customer Experience

from Exchange News Full Article

Exchange Team Blog: Exchange 2013 Calculator Updates

Today, we released an updated version of the Exchange 2013 Server Role Requirements Calculator.

In addition to numerous bug fixes, this version includes new functionality: CPU utilization table, ReplayLagManager support, MaximumPreferredActiveDatabases support, Restore-DatabaseAvailabilityGroup scenario support, and guidance on sizing recommendations. You can view what changes have been made, or download the update directly. For a details on the new features, read on.

CPU Utilization Table

The Role Requirements tab includes a table that outlines the expected theoretical CPU utilization for various modes:

Normal Run Time (where the active copies are distributed according to ActivationPreference=1)
Single Server Failure (redistribution of active copies based on a single server failure event)
Double Server Failure (redistribution of active copies based on a double server failure event)
Site Failure (datacenter activation)
Worst Failure Mode (in some cases, this value will equal one of the previous scenarios, it could also be a scenario like Site Failure + 1 server failure; the worst failure mode is what is used to calculate memory and CPU requirements)

Here’s an example:

In the above scenario, the worst failure mode is a site failure + 1 additional server failure (since this is a 4 database copy architecture).

ReplayLagManager Support

ReplayLagManager is a new feature in Exchange Server 2013 that automatically plays down the lagged database copy when availability is compromised. While it is disabled by default, we recommend it be enabled as part of the Preferred Architecture.

Prior to version 7.5, the calculator only supported ReplayLagManager in the scripts created via the Distribution tab (the Role Requirements and Activation Scenarios tabs did not support it). As a result, the calculator did not factor the lagged database copy as a viable activation target for the worst failure mode. Naturally, this is an issue because sizing is based on the number of active copies and the more copies activated on a server, the greater the impact to CPU and memory requirements.

In a 4-copy 2+2 site resilient design, with the fourth copy being lagged, what this meant in terms of failure modes, is that the calculator sized the environment based on what it considered the worst case failure mode – Site Failure (2 HA copies lost, only a single HA copy remaining). Using the CPU table above as an example, calculator versions prior to 7.5 would base the design requirements on 18 active database copies (site failure) instead of 22 active database copies (3 copies lost, lagged copy played down and being utilized as the remaining active).

ReplayLagManager is only supported (from the calculator perspective) when the design leverages:

Multiple Databases / Volume
3+ HA copies

MaximumPreferredActiveDatabases Support

Exchange 2010 introduced the MaximumActiveDatabases parameter which defines the maximum number of databases that are allowed to be activated on a server by BCS. It is this value that is used in sizing a Mailbox server (and is defined the worst failure mode in the calculator).

Exchange 2013 introduced an additional parameter, MaximumPreferredActiveDatabases. This parameter specifies a preferred maximum number of databases that the Mailbox server should have. The value of MaximumPreferredActiveDatabases is only honored during best copy and server selection (phases 1 through 4), database and server switchovers, and when rebalancing the DAG.

With version 7.5 or later, the calculator recommends setting MaximumPreferredActiveDatabases when there are four or more total database copies. Also, the Export DAG List form exposes the MaximumPreferredActiveDatabases setting and createdag.ps1 sets the value for the parameter.

Restore-DatabaseAvailabilityGroup Scenario Support

In prior releases, the Distribution tab only supported the concept of Fail WAN, which allowed you to simulate the effects of a WAN failure and model the surviving datacenter’s reaction depending on the location of the Witness server. However, Fail WAN did not attempt to shrink the quorum, so if you attempted to fail an additional server you would end up in this condition:

With this version 7.5 and later, the calculator adds a new mode: Fail Site. When Fail Site is used, the datacenter switchover steps are performed (and thus the quorum is shrunk, alternate witness is utilized, if required, etc.) thereby allowing you to fail additional servers. This allows you to simulate the worst failure mode that is identified in the Role Requirements and Activation Scenarios tabs.

Note: In order to recover from the Fail Site mode, you must click the Refresh Database Layout button.

Sizing Guidance Recommendations

As Jeff recently discussed in Ask The Perf Guy: How Big Is Too Big? we are now providing explicit recommendations on the maximum number of processor cores and memory that should be deployed in each Exchange 2013 server. The calculator will now warn you if you attempt a design that exceeds these recommendations.

As always, we welcome your feedback.

Ross Smith IV
Principal Program Manager
Office 365 Customer Experience

from Exchange News Full Article

msexchange.org: New Intune capabilities for Outlook on iOS and Android

Last month at Ignite we showcased new mobile device management (MDM) and mobile application management (MAM) capabilities in Outlook for iOS and Android. Today, we are happy to announce that customers using Outlook for iOS and Android can now use built-in MDM for Office 365 or Microsoft Intune to secure email data on mobile devices within their organization. Combined with our recent update to enable OAuth and add support for Multi-Factor Authentication, Outlook now offers the leading set of controls for protecting corporate email and calendaring data on mobile devices while preserving a rich and empowering experience for users.

from Exchange News Full Article

msexchange.org: 5 Key Components to Grade the Quality of Service of your business apps!

from Exchange News Full Article

msexchange.org: Microsoft Security Intelligence Report Volume 18 Regional Threat Assessment

Following the Microsoft Security Intelligence Report, Volume 18 published last month, Microsoft recently made available several regional documents with the same kind of information.

from Exchange News Full Article

msexchange.org: Rights Management Services Analyzer Tool

The RMS Analyzer can be used to check the settings, configuration, and behavior of your Rights Management services (RMS) infrastructure and the client applications that use RMS.

from Exchange News Full Article

msexchange.org: Microsoft Exchange 2013 Public Folders Migration Scripts v15.01.0184.006

These scripts are required while migrating Public Folders from Exchange 2010/2007 to O365 Exchange 2013 Public Folders.

from Exchange News Full Article

Thursday, June 18, 2015

msexchange.org: Active Directory from on-premises to the cloud – Azure AD whitepapers

Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. Unsurprisingly, identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud.

from Exchange News Full Article

Subject Exchange: New Cumulative Update and Update Rollups for Exchange 2013/2010/2007

Microsoft recently released the latest Cumulative Update and Update Rollups for Exchange Server 2013, 2010 and 2007.

According to the Microsoft Exchange Team: “Update Rollup 10 is the last scheduled release for Exchange Server 2010. Both Exchange Server 2010 and Exchange Server 2007 are in extended support and will receive security and time zone fixes on-demand on a go-forward basis”.

Cumulative Update 9 for Exchange Server 2013 (KB3049849)
Cumulative Update 9 for Exchange Server 2013 resolves issues that were found in Exchange Server 2013 SP1 since the software was released. This update rollup is highly recommended for all Exchange Server 2013 customers.
Don’t forget to download also the Exchange Server 2013 CU9 UM Language Packs.
Update Rollup 10 For Exchange 2010 SP3 (KB3049853)
Update Rollup 10 for Exchange Server 2010 Service Pack 3 (SP3) resolves issues that were found in Exchange Server 2010 SP3 RU9 since the software was released. This update rollup is highly recommended for all Exchange Server 2010 SP3 customers.
For a list of changes that are included in this update rollup, see KB3049853.
This update rollup does not apply to Exchange Server 2010 Release To Manufacturing (RTM), Exchange Server 2010 Service Pack 1 (SP1) or Exchange Server 2010 Service Pack 2 (SP2).
For a list of update rollups applicable to Exchange Server 2010 RTM , Exchange Server 2010 Service Pack 1 (SP1) or Exchange Server 2010 Service Pack 2 (SP2), refer to the Knowledge Base article KB937052.
Update Rollup 17 for Exchange Server 2007 Service Pack 3 (KB3056710)
Update Rollup 17 for Exchange Server 2007 Service Pack 3 (SP3) resolves issues that were found in Exchange Server 2007 SP3 since the software was released. This update rollup is highly recommended for all Exchange Server 2007 SP3 customers.
For a list of changes that are included in this update rollup, see KB3056710.
This update rollup does not apply to Exchange Server 2007 Release To Manufacturing (RTM), Exchange Server 2007 Service Pack 1 (SP1) or Exchange Server 2007 Service Pack 2 (SP2).
For a list of update rollups applicable to Exchange Server 2007 RTM , Exchange Server 2007 Service Pack 1 (SP1) or Exchange Server 2007 Service Pack 2 (SP2), refer to the Knowledge Base article KB937052.

Related Links

Released: June 2015 Exchange Cumulative Update and Update Rollups

from Exchange News Full Article

msexchange.org: Compliance Search in the Office 365 Compliance Center documentation

You can use Compliance Search in the Office 365 Compliance Center to search mailboxes, SharePoint Online sites, and OneDrive for Business locations in your Office 365 organization. Compliance Search is a new eDiscovery search tool with new and improved scaling and performance capabilities. Use Compliance Search to run very large eDiscovery searches. You can search all mailboxes, all SharePoint Online sites, and OneDrive for Business locations in a single compliance search. There are no limits on the number of mailboxes and sites that you can search. There are also no limits on the number of searches that can run at the same time. After you run a compliance search, the number of content sources and an estimated number of search results are displayed in the details pane on the Compliance search page. You can preview the search results or export a complete set of the search results.

from Exchange News Full Article

MSExchange.org: Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 29)

In this part 29, we will continue where we left off in part 28. More specifically, we will take a look at the public folder side of things, and talk about the options we have at our disposal when it comes to configuring coexistence and migrating public folders to Exchange Online in Office 365.

from Exchange News Full Article

Wednesday, June 17, 2015

msexchange.org: Microsoft Office for Mac 2011 14.5.2 Update

This update fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code.

from Exchange News Full Article

Subject Exchange: Update for Outlook Junk E-mail Filter – June 2015

Microsoft has recently released the June updates for the Outlook 2007/2010/2013 Junk E-mail Filter.

“This update provides the Junk E-mail Filter in Microsoft Office Outlook with a more current definition of which e-mail messages should be considered junk e-mail.”

The update is available for Outlook 2007, Outlook 2010 (32-bit, 64-bit) and Outlook 2013 (32-bit, 64-bit) or you can use Microsoft Update. As usual, the updates come with the corresponding Knowledge Base article:

from Exchange News Full Article

msexchange.org: Released: June 2015 Exchange Cumulative Update and Update Rollups

The Exchange team is announcing today the availability of our latest quarterly updates for Exchange Server 2013 as well as updates for Exchange Server 2010 Service Pack 3 and Exchange Server 2007 Service Pack 3.

from Exchange News Full Article

msexchange.org: How to avoid messaging performance issues and data loss in hybrid Cloud?

from Exchange News Full Article

Tuesday, June 16, 2015

Exchange Team Blog: Released: June 2015 Exchange Cumulative Update and Update Rollups

Cumulative Update 9 for Exchange Server 2013 and UM Language Packs are now available on the Microsoft Download Center. Cumulative Update 9 contains the latest set of fixes and builds upon Exchange Server 2013 Cumulative Update 8. The release includes fixes for customer reported issues, minor product enhancements and previously released security bulletins. A complete list of customer reported issues resolved can be found in Knowledge Base Article KB3049849. Customers running any previous release of Exchange Server 2013 can move directly to Cumulative Update 9 today. Customers deploying Exchange Server 2013 for the first time may skip previous releases and start their deployment with Cumulative Update 9 directly.

For the latest information and product announcements please read What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Cumulative Update 9 may include Exchange related updates to the Active Directory schema and Exchange configuration when compared with the version of Exchange 2013 you have currently deployed. Microsoft recommends all customers test the deployment of a cumulative update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the most current (e.g., CU9) or the prior (e.g., CU8) Cumulative Update release.

Also being released today are, Exchange Server 2010 Service Pack 3 Update Rollup 10 (KB3049853) and Exchange Server 2007 Service Pack 3 Update Rollup 17 (KB3056710). These releases provide minor improvements and fixes for customer reported issues. Update Rollup 10 is the last scheduled release for Exchange Server 2010. Both Exchange Server 2010 and Exchange Server 2007 are in extended support and will receive security and time zone fixes on-demand on a go-forward basis.

Note: KB articles mentioned may not be fully available at the time this post was published.

The Exchange Team

from Exchange News Full Article

msexchange.org: Office 365 for Partners: scenarios and telesales script

If you're an Office 365 Partner, these 2 documents might interest you.

from Exchange News Full Article

msexchange.org: Active Directory from on-premises to the cloud – Azure AD whitepapers

msexchange.org: Microsoft Security Intelligence Report Volume 18 Regional Threat Assessment

msexchange.org: Rights Management Services Analyzer Tool

msexchange.org: Microsoft Exchange 2013 Public Folders Migration Scripts v15.01.0184.006

These scripts are required while migrating Public Folders from Exchange 2010/2007 to O365 Exchange 2013 Public Folders.

from Exchange News Full Article

MSExchange.org: Match Office 365 Mailbox with New On-Premises User in a Hybrid Deployment

This article looks at migrating two Active Directory (AD) Forestes to Exchange Online.

from Exchange News Full Article

Monday, June 15, 2015

Exchange Team Blog: Parsing the Admin Audit Logs with PowerShell

One of the nice features introduced in Exchange 2010 was Admin Audit Logging. Concerned administrators everywhere rejoiced! This meant that a record of Exchange PowerShell activity, organization wide, was now saved and searchable.

Administrators could query the Admin Audit Log, using the Search-AdminAuditLog Cmdlet, and reveal any CmdLets invoked, the date and time they were executed and the identity of the person who issued the commands. However, the results of the search are a bit cryptic and it didn’t allow for easy bulk manipulation like parsing, reporting or archiving.

The main complaint I heard from customers went something like this: “It’s great that I can see what Cmdlets are run, and what switches were used… but I can’t see the values of those switches!” Well, as it turns out, that data has actually been there the whole time; it’s just been stored in a non-obvious manner.

Consider a scenario where you’ve been informed that many, or all, of the mail users in your organization are reporting the wrong phone number listed in the Global Address List. It seems everyone has the same phone number now, let’s say 867-5309.

Because your organization uses Office 365 Directory Synchronization (DirSync), you know the change had to occur within your on-premises organization and was then subsequently synchronized to Office 365. The Search-AdminAuditLog Cmdlet must, therefore, be run on-premises.

It’s important to remember this concept. If you were investigating a Send Connector configuration change for your Office 365 – Exchange Online tenant, a search would need to be performed against your tenant instead. But let’s get back to our Jenny Phone number issue.

You know that the change was made on the 6^th so you restrict the search to that date.

Search-AdminAuditLog -StartDate "4/6/2015 12:00:00 AM" -EndDate 4/6/2015 11:20:00 AM"

(click on screenshots that might be too small to read)

Reviewing the output, you find that Tommy executed the Set-User Cmdlet but no indication as to what parameter(s) or values were used? What exactly did Tommy run? Where are the details!?

Then, you spot a clue. The ‘CmdletParameters’ and ‘ModifiedProperties’ are enclosed with braces { }. Braces are normally indicative of a hash table. You know a hash table is simply a collection of name-value pairs. You wonder if you’re only seeing the keys or a truncated view in this output. Could more details remain hidden?

Digging a bit deeper, you decide to store the search results to an array, named $AuditLog, which will allow for easier parsing.

$AuditLog = Search-AdminAuditLog -StartDate "4/6/2015 12:00:00 AM" -EndDate "4/6/2015 11:20:00 AM"

Next, you isolate a single entry in the array. This is done by calling the array variable and adding [0] to it. This returns only the first entry in the array.

$AuditLog[0]

To determine the object type of the ‘CmdletParameter’, you use the GetType() method and sure enough, it’s an array list.

$AuditLog[0].CmdletParameters.GetType()

Finally, you return the CmdletParameters array list to reveal all the details needed to conclude your investigation.

$AuditLog[0].CmdletParameters

Considering there are hundreds or thousands of entries in the audit log, how would you generate a full list of all the objects Tommy has changed? Or better yet, report all objects that he changed where ONLY the ‘Phone’ attribute was modified?

Fortunately, you don’t have to expend too much time on this. My colleague, Matthew Byrd recognized this exact problem and he wrote a PowerShell Script that does all the aforementioned steps for you and then some!

The script can be downloaded from TechNet Gallery and you’ll find it’s well documented and commented throughout. The script includes help (get-help .\Get-SimpleAuditLogReport.ps1) and can be used within Exchange 2010, Exchange 2013 and Office 365 - Exchange Online environments. That said, I’m not going to dissect the script. Instead, I will demonstrate how to use it.

The script simply manipulates or formats the results of the Search-AdminAuditLog query into a much cleaner and detailed output. You form your Search-AdminAuditLog query, then pipe it through the Get-SimpleAuditlogReport script for formatting and parsing.

Here are some usage examples:

This first example will output the results to the PowerShell Screen.

$Search = Search-AdminAuditLog -StartDate "4/6/2015 12:00:00 AM" -EndDate "4/6/2015 11:20:00 AM"
$Search | C:\Scripts\Get-SimpleAuditLogReport.ps1 –agree

You can see that the Get-SimpleAuditLogReport.ps1 script has taken results stored in the $Search variable and attempted to rebuild the original Command run. It isn’t perfect but the goal of the script is to give you a command that you could copy and paste into an Exchange Shell Window and it should run.

Should you expect a lot of data to be returned or wish to save the results for later use, this example will save the results to a CSV file.

Search-AdminAuditLog -StartDate "4/6/2015 12:00:00 AM" -EndDate "4/6/2015 11:20:00 AM"| C:\Scripts\Get-SimpleAuditlogReport.ps1 -agree | Export-CSV -path C:\temp\auditlog.csv

This example uses one of my favorite output objects, Out-GridView, to display the results. This is a nice hybrid CSV/PowerShell output option. The results shown in the Out-GridView window is sortable and filterable. You can select, copy/paste the filtered results into a CSV file. Meanwhile the raw, unfiltered, results are saved to a CSV file for future later use or archival.

Search-AdminAuditLog -StartDate "4/6/2015 12:00:00 AM" -EndDate "4/6/2015 11:20:00 AM"| C:\Scripts\Get-SimpleAuditlogReport.ps1 -agree | Out-GridView –PassThru | Export-Csv -Path c:\temp\auditlog.csv

Here I restrict it to only commands Tommy ran and remove anything that he ran against the discovery mailbox since it is a system mailbox.

Copy/Paste the filtered results into a CSV file. The Out-GridView has no built in export or save feature. To save your filtered results, click on an entry and then ctrl-a / ctrl-c to select all and copy results to your clipboard. Finally, in Excel, paste and you’re done.

There you have it. Admin Audit Log Mastery – CHECK! Thanks to Matthew Byrd’s wonderful script you can get the most out of your audit logs. Check it out over at TechNet.

Brandon Everhardt

from Exchange News Full Article

msexchange.org: Win a Pluralsight Annual Plus subscription!

Until the end of June 2015 we will be conducting a site survey to help us learn more about our visitors and what you'd like to see on the site in the future.

from Exchange News Full Article

Friday, June 12, 2015

Subject Exchange: Weekend reading

from Exchange News Full Article

msexchange.org: More control over data access with workload-specific admin roles

Your people and your data are your organization’s greatest assets. With Office 365, we continuously strive to provide you with more control over how your data is managed and accessed. At Ignite in May, we announced the ability to assign workload-specific service administrator roles to your organizations IT administrators for Exchange Online, SharePoint Online and Skype for Business Online. We’re pleased to announce that this capability is rolling out starting today.

from Exchange News Full Article

Thursday, June 11, 2015

msexchange.org: New access and security controls for Outlook for iOS and Android

We are pleased to announce new access and security controls for Outlook for iOS and Android. With today’s update, Outlook now uses Active Directory Authentication Library (ADAL)-based authentication for Exchange Online mailboxes in Office 365, replacing the previously used basic authentication method. This new authentication method enables IT administrators to configure new access scenarios for sign in to Office 365 and to better control and manage Outlook on mobile devices in their organization.

from Exchange News Full Article

msexchange.org: 7 new Exchange Online Protection enhancements

The Office 365 Exchange Online Protection (EOP) team has been hard at work on new features that reflect our continued commitment to provide advanced security, reliability and protection of your email, and a simpler and more efficient user experience for email admins.

from Exchange News Full Article

MSExchange.org: Troubleshooting synchronization with Windows Azure Active Directory (WAAD) (Part 4)

Using advanced filtering with Synchronization Service Manager (FIM 2010 R2).

from Exchange News Full Article

Wednesday, June 10, 2015

msexchange.org: Announcing Exchange ActiveSync v16

One advantage of having your mailbox in Office 365 is that we usually deploy our innovations there first. We’re making enhancements to Exchange ActiveSync (EAS) in Office 365 that will soon be available to Exchange ActiveSync applications.

from Exchange News Full Article

Tuesday, June 9, 2015

msexchange.org: New user experiences in Office 365 on the web

Today we are introducing a set of new user experiences in Office 365 on the web that provide quick access to notifications, help and what’s new feature introductions, contextual and immersive settings and the integration of Skype for Business conversations – all within the context of your work. These new features will be available across Office 365 web applications via a set of persistent icons in the top right of the navigation bar.

from Exchange News Full Article

msexchange.org: Office 365 - deploying Office in your environment

Join us for another virtual event live from a Microsoft Technology Center to learn how to deploy office in your organization with Office Click-to-Run.

from Exchange News Full Article

MSExchange.org: Migrating a small organization from Exchange 2010 to Exchange 2013 (Part 3)

In this part of the series we will complete post-installation configuration then begin to prepare for migration.

from Exchange News Full Article

Monday, June 8, 2015

Tony Redmond: Managing offline access for Outlook Web App

Offline access is one of the premier new features offered by Outlook Web App (OWA) in Exchange 2013 and Exchange Online. I have had the need to use OWA offline many times and think it is a very usable client, especially over low-speed or flaky Wi-Fi connections. Of course, Outlook’s adoption of MAPI over HTTP is an effort to improve that client’s ability to cope with the same kind of connections. It remains to be seen how this really works out in practice, but first signs are promising.

When I first wrote about OWA offline in December 2012, I described how different browsers implement the databases used to cache mailbox data and how this information needed to be protected because it could be exposed by an attacker who managed to gain access to a PC. BitLocker, which can be enabled on a PC even if the system is not equipped with a Trusted Platform Module (TPM) chip, provides a certain level of protection, but it’s still true that someone who gains access to a logged-in PC will be able to access the data. Then again, the same is true for Outlook.

User awareness is therefore an important part of deploying OWA offline. As is the case for all software, there’s no point in letting people use a new feature if it creates a security risk.

The warning that something will be stored on your computer

In any case, unless you disable the option to use OWA offline, users will be able to turn on the feature themselves by clicking “Offline options” in the drop-down menu to the right of the screen. The process of setting up offline access is very straightforward and the only thing that might cause a user any concern is the request to allow the browser to use some extra storage. I don’t think the words used really explain the need. For example, IE11 asked if Office365.com could use additional storage. I understood the request, but would the average user? Chrome, on the other hand, saw no need to request any storage.

Once enabled, OWA will download data from mailbox folders. Up to 150 most recent items are cached for folders accessed in the last week (this EHLO post explains what data is downloaded), so the amount on disk differs according to user behavior. Each browser has its own implementation of how data is stored on disk and I was curious whether this made a difference, so I compared how much data was downloaded from my Office 365 mailbox by IE11 and Chrome (version 43). The results were interesting.

OWA offline databases

On the surface, IE uses an ESE database – like Exchange, but it is very different because it supports the HTML5 standard. The database (Internet.edb) occupied 22,592 KB. Chrome stores its data in a WebSQL database splendidly named “9” and took just 36,696 KB. This information was extracted at the same time when the mailbox was as static as I would make it (a Sunday afternoon) after enabling offline access for both browsers and leaving them to download the data.

Your mileage might vary and the storage requirements of Safari (for Mac) or Firefox (for Mac or Windows) might also differ as I did not test these platforms (this page describes the current OWA support status for different browsers). The point is that OWA allows each browser to use its own storage in its own way and hides the difference from users.

You can stop individuals or groups of users accessing OWA offline mode. The easiest method is to create a new OWA mailbox policy (using EAC) that doesn’t allow offline access and then apply the policy to whatever mailboxes you want to restrict. Alternatively, you can disable offline access for an OWA mailbox policy by running the EMS Set-OWAMailboxPolicy cmdlet (the same settings work for both Exchange 2013 and Exchange Online in Office 365). For instance:

Set-OWAMailboxPolicy –Identity “Default OWA Mailbox Policy”       –AllowOfflineOn NoComputers

Once an OWA mailbox policy is amended to prevent offline access, you can apply it through EAC or by using the Set-CASMailbox cmdlet. For example:

Set-CASMailbox –Identity TRedmond –OWAMailboxPolicy ‘Restricted’

Note that if someone else logs onto a different account with a browser that is configured for offline access, offline access is disabled to ensure that the person who has just connected is unable to access the data in the offline cache.

OWA offline access is a useful feature. Make sure that you use it in a safe manner and it is even better.

Follow Tony @12Knocksinna

from Exchange News Full Article

Friday, June 5, 2015

Subject Exchange: Weekend reading

from Exchange News Full Article

Thursday, June 4, 2015

Tony Redmond: Announcing a Kindle version of “Office 365 for Exchange Professionals”

After a certain amount of struggle, mostly associated with the need to provide book files formatted in a certain manner, the “Office 365 for Exchange Professionals” team is happy to announce that we now have a Kindle version of the book available on Amazon.com.

Our original intention was not to create a Kindle version. The work necessary to format a large and complex book (many tables, graphics, and footnotes over the 630-odd pages) didn’t seem worth the effort, especially when we had a perfectly good EPUB version already available. In particular, we weren’t happy with the way that code examples are treated. And the way that Amazon publishes Kindle books through its Kindle Direct Publishing (KDP) platform didn’t seem to match our desire to create frequent updates for the book.

However, we continued to receive a number of requests to support Kindle and so resolved to attack the problem again. After working through some “interesting” conversions, a Kindle edition is now available in Amazon stores worldwide.

We will continue to sell the book on ExchangeServerPro.com, where you can download PDF and EPUB versions. Amazon is easier for those who only want to read the book on a Kindle and like the way that Amazon wirelessly delivers content to Kindle devices. We actually believe that PDF on a PC is the best reading experience, but we want to support choice.

As mentioned above, we intend to issue frequent updates. The next edition should be available in September 2015 to coincide with the IT/DEV Connections conference in Las Vegas when all of the author team will be speaking at the event. When a new edition is available, we will release first on ExchangeServerPro.com and then work on the Kindle version. Once the new Kindle version is ready, we will publish it and withdraw the current edition from sale. The versions will be clearly marked as “May 2015 edition”, “September 2015 edition”, and so on, and we will include a description of the changes that are present in each version.

Right now, we are busy preparing the September 2015 edition. Many updates and new material have been incorporated in a number of chapters (35 additional pages to date) based on recent developments inside Office 365. More information will come as we have the chance to use some of the new technology that Microsoft announced at the recent Ignite conference, assuming that technology is available to Office 365 tenants by the start of September

Based on our experience to date, it seems like three-times-a-year might be a good cadence to attain for updates. Of course, that depends on having sufficient material to warrant an update, but signs are that Microsoft will continue to pump out changes into “the service” and those changes need to be examined, analyzed, and documented. That’s the task we have taken on and intend to see through. Hopefully you’ll join us on the journey.

Follow Tony @12Knocksinna

from Exchange News Full Article

MSExchange.org: Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 28)

In this article we will take a look at the hybrid configuration settings configured by the hybrid configuration wizard in the Exchange Online organization in Office 365.

from Exchange News Full Article

Wednesday, June 3, 2015

Exchange Team Blog: Exchange Online Advanced Threat Protection is now available

Just a quick note that we have released a new service that some of you might be interested in, called Exchange Online Advanced Threat Protection. This is a complementary service to already existing Exchange Online Protection (EOP) and extends to additional types of advanced threats. To learn more, head over here:

Exchange Online Advanced Threat Protection is now available

Nino Bilic

from Exchange News Full Article

Tuesday, June 2, 2015

MSExchange.org: DKIM and DMARC in Office 365 (Part 3)

In this article we started to look at DMARC, how it works and what its purpose is. In this final part of this article series we will implement our DMARC record and see it in action.

from Exchange News Full Article