Exchange 2013 / 2016 Enabling TLS 1.2

Exchange

I have recently been working with a customer to upgrade to Exchange Server 2016, one of the requirements is to enable TLS 1.2. The following will guide you through the preparation, implementation and then testing.

For the testing I have used ZenMap/NMAP: –  https://nmap.org/download.html

Preparation

Exchange Server 2016

  • Install Cumulative Update (CU) 8 in production for TLS 1.2 support and be ready to upgrade to CU9 after its release if you need to disable TLS 1.0 and TLS 1.1. –CU 10 is now available.
  • Install the newest version of .NET and associated patches supported by your CU (currently 4.7.2).

Exchange Server 2013

  • Install CU19 in production for TLS 1.2 support and be ready to upgrade to CU20 after its release if you need to disable TLS 1.0 and TLS 1.1.
  • Install the newest version of .NET and associated patches supported by your CU (currently 4.7.2).

Windows Server 2016

  • TLS 1.2 is the default security protocol for Schannel and consumable by WinHTTP.
  • Ensure you have installed the most recent Monthly Quality Update along with any other offered Windows updates.

Windows Server 2012 R2

  • TLS 1.2 is the default security protocol for Schannel and consumable by WinHTTP
  • Ensure your server is current on Windows Updates.
    • This should include security update KB3161949 for the current version of WinHTTP.
  • If you rely on SHA512 certificates; please see KB2973337.

Windows Server 2012

  • TLS 1.2 is the default security protocol for Schannel.
  • Ensure your server is current on Windows Updates.
    • This should include security update KB3161949 for the current version of WinHTTP.
  • If you rely on SHA512 certificates; please see KB2973337.

Implementation

Enable TLS 1.2 for Schannel

To enable TLS 1.2 for both server (inbound) and client (outbound) connections on an Exchange Server please perform the following.

  1. From Notepad.exe, create a text file named TLS12-Enable.reg.
  2. Copy and paste the following text into the file.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\
Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\
Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\
Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
  1. Save TLS12-Enable.reg.
  2. Double-click the TLS12-Enable.reg file.
  3. Click Yes to update your Windows Registry with these changes.
  4. Restart the machine for the changes to take effect.

Enable TLS 1.2 for .NET 4.x

This step is only required for Exchange Server 2013 or later installations where .NET 4.x is relied upon.

The SystemDefaultTlsVersions registry value defines which security protocol version defaults will be used by .NET Framework 4.x. If the value is set to 1, then .NET Framework 4.x will inherit its defaults from the Windows Schannel DisabledByDefault registry values. If the value is undefined, it will behave as if the value is set to 0. By configuring .NET Framework 4.x to inherit its values from Schannel we gain the ability to use the latest versions of TLS supported by the OS, including TLS 1.2.

  1. From Notepad.exe, create a text file named NET4X-UseSchannelDefaults.reg.
  2. Copy, and then paste the following text.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
  1. Save the NET4X-UseSchannelDefaults.reg file.
  2. Double-click the NET4X-UseSchannelDefaults.reg file.
  3. Click Yes to update your Windows Registry with these changes.
  4. Restart your computer for the change to take effect.

Note: When configuring a system for TLS 1.2, you can make the Schannel and .NET registry keys at the same time and reboot the server once.

Testing

Testing before TLS has been enabled (the default state of an Exchange 2016 Deployment) using ZenMap

NO TLS enabled

Testing after TLS has been enabled (after following the above procedures) using ZenMap

TLS Enabled

Message Headers (Exchange Server 2016 Only)

Message header data in Exchange Server 2016 provides the protocol negotiated and used when the sending and receiving host exchanged a piece of mail. While this is a more manual method of checking how mail arrived it can be used for testing between specific systems in a pinch.

Example when viewing message header data via Message Header Analyzer at https://testconnectivity.microsoft.com

TLSP2_1

Mail Flow via SMTP Logging

SMTP Logs in Exchange 2016 will contain the encryption protocol and other encryption related information used during the exchange of email between two systems.

When the server is the SMTP receiving system, the following strings exist in the log depending on the version of TLS used.

  • TLS protocol SP_PROT_TLS1_0_SERVER
  • TLS protocol SP_PROT_TLS1_1_SERVER
  • TLS protocol SP_PROT_TLS1_2_SERVER

When the server is the SMTP sending system, the following strings exist in the log depending on the version of TLS used.

  • TLS protocol SP_PROT-TLS1_0_CLIENT
  • TLS protocol SP_PROT-TLS1_1_CLIENT
  • TLS protocol SP_PROT-TLS1_2_CLIENT

 

Advertisements

Exchange Online Delegation Rights

exchange-online

Managing Exchange Calendars with PowerShell.

Some companies I deployed Exchange or Office 365 would like to be able to view readable information in everyone’s calendar by default you only get Free or Busy information. The following script changes the default calendar permissions for ALL Users folders to Reviewer – This gives you readable / not editable information.

foreach($user in Get-Mailbox  -RecipientTypeDetails UserMailbox) {
$cal = $user.alias+":\Calendar"
Set-MailboxFolderPermission -Identity $cal -User Default -AccessRights Reviewer
}

Senior management sometimes have PA’s that will need delegate access to their calendar, this this will include view calendar items that are marked as private.

To Set the delegate to view private items in the calendar

Add-MailboxFolderPermission –Identity <delegates mailbox>:\Calendar 
–User <delegated mailbox> -AccessRights Editor -SharingPermissionFlags 
Delegate,CanViewPrivateItems

To Set the delegate to not view private items in the calendar

Add-MailboxFolderPermission -Identity <delegates mailbox>:\Calendar 
-User <delegated mailbox> -AccessRights Editor -SharingPermissionFlags 
Delegate

To remove any individual calendar permission

Remove-MailboxFolderPermission -Identity "delegates mailbox:\Calendar" 
-user "delegated mailbox"

How to migrate G-Suite to Office 365

Wow, time flies when you are having fun….I can’t believe it has been 7 months since my last post.

So since January I have been really busy with numerous projects revolving largely around Office 365 and Exchange. I have picked up some useful knowledge which I will write about here in the coming weeks.

This post is dedicated to something new to me – G-Suite to Office 365 – What a ride this has been! Let me explain how I managed to get it all to hang together and get the two services to exist together during the migration and testing phases.

EMAIL Co Existence / Routing between O365 and G-Suite

This was the tricky bit, how could we get users to co-exist in different services whilst we undertake testing and migrations? There is no connector or hybrid solution like there is with Exchange. We did not want to cut over all the users at the same time – this had to be a phased migration over to Office 365. We are also using MimeCast for SPAM and Relay protection so we need Google & Office 365 to send outbound via Mimecast without any mails getting blocked. Here is how we did it:

Office 365

Office 365 needs to be forwarding mail onto a domain that G-Suite knows about and the users mailboxes need to have an alias address for office 365 to forward onto.

The steps are as follows:

  • Add Domain Domain A with MX Record
  • Add secondary email address for each user. This needs to be set to: user@domainA.com

For users that are not yet in Office 365 we need to configure the Accepted Domain as an Internal Relay in Mail Flow in Exchange Online Admin Centre

internalrelay

Then we create a connector back to G-Suite for any address that does not live in O365 yet. Doing this tells Exchange Online to send the email to the recipient over in G-Suite.

We then stumbled across another minor problem. In order for the Email Data to be migrated into the new Office 365 users mailbox, we need to activate the license. In doing this creates a Office 365 mailbox so then Office 365 thinks the user is now happily working from Office 365. “WRONG”!!! The user still lives in G-Suite until the migration is completed. So in order for the users in Office 365 to send to a user in G-Suite who’s mailbox is provisioned in O365 we have need to create another forwarder back to G-Suite until the migration is completed. How to do this in bulk is in a following section in the blog post. – Adding Contacts to Office 365.

G-Suite

G-Suite needs to have a forwarder configured that the Tenant does not have the domain registered to. If you register a domain with Google it treats all SUB domains as internal as well, so a completely new unregistered domain is required to forward any Office 365 bound mail to.

In order for Gmail to send a message to a forwarding address, the address needs to be verified. So here is a way to forward to an address that is not verified (added to the G-Suite Tenant):

You will need to apply mappings (aliases) to recipient addresses on messages received by your domain. You can map multiple individual recipient addresses (a maximum of 2,000 entries) to other addresses. An individual address can map to a maximum of twelve addresses.

This is a basic routing concept, sometimes called a virtual user table, that’s frequently used in mail routing situations to redirect mail from one address to another. By using this setting you don’t need to create individual routing settings for each address mapping.

Configure the Recipient address map setting for your domain:

  1. From the Admin console Home page, go to Appsand thenG Suiteand thenGmailand thenAdvanced settings.Tip: To see Advanced settings, scroll to the bottom of the Gmail page.

  2. At the top of the page, ensure that the top-level org is highlighted.
  3. Scroll down to the Recipient address map section, or type Recipient address map in the search box:

    If the setting’s status is Not configured yet, click Configure (the “Add setting” dialog box displays).

    ​If the setting’s status is Locally applied or Inherited, click Edit to edit an existing setting (the “Edit setting” dialog box displays).

  4. Enter a short description that will appear within the setting’s summary.
  5. Under Messages to affect, select All incoming messages or Only external incoming messages.
  6. Scroll down to Routing options, and select Also route to original destination to send a copy of the message to the new address and also deliver it to the original recipient.

    Note: If you don’t select this option, the message is only sent to the new address.

    For example, jensmith@solarmora.com is in the address map and the new address is jensmith@gmail.com. If the checkbox is checked, both jensmith@solarmora.com and jensmith@gmail.com will receive a copy of the message. If the checkbox is unchecked, then only jensmith@gmail.com will receive the message.

  7. Enter address mappings in the box.

    Each mapping must include two addresses on a single line, separated by a comma. Place the map-to address after the comma. In the following example, davidb@solarmora.com is the map-to address:

    jensmith@solarmora.com, davidb@solarmora.com
    Each address must be a complete, specific address, and is case-insensitive. An address can be mapped to multiple map-to addresses. In the following example, jensmith@solarmora.com is mapped to both michellec@solarmora.com and johnd@solarmora.com:

    jensmith@solarmora.commichellec@solarmora.com
    jensmith@solarmora.comjohnd@solarmora.com

  8. Click Add to add the mappings.
  9. When you’re finished making changes, click Add setting or Save to close the dialog box.
    Note: Any settings you add are highlighted on the “Email settings” page.
  10. Click Save changes at the bottom of the “Email settings” page.
  11. When you’re finished, click Add Setting (at the bottom of the dialog box).
  12. Click Save changes (at the bottom of the “Email settings” page) to confirm your changes.

It can take up to an hour for changes to propagate to user accounts. You can track changes in the Admin audit log.

Adding Contacts to Office 365

First of all you will need a CSV file like the one in the image below ensuring the column headers match:

externalcontacts

When you have created your list of new Contacts that you need to create you can then import these into Office 365 using the following Powershell Commands:

To Connect to Office 365 Powershell:

Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri 
https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic 
-AllowRedirection
Import-PSSession $O365Session

To import the contacts in your CSV file:

Import-Csv c:\externalcontacts.csv|%
{New-MailContact -Name $_.Name -DisplayName $_.Name -ExternalEmailAddress 
$_.ExternalEmailAddress -FirstName $_.FirstName -LastName $_.LastName}

We then had to update all the Office 365 mailboxes to use the forwarding address to send mail back to G-Suite using the following PowerShell and CSV file:

o365forwarding

Import-CSV "C:\Temp\Users.csv" | % 
{ $_.Condition = [bool]($_.Condition -as [int]); $_  } |
 ForEach {Set-Mailbox -Identity $_.mailbox
 -ForwardingAddress $_.forwardto -Delivertomailboxandforward
 $_.Condition}

On Prem AD with NO Exchange Attributes

So when adding the mailboxes in Office 365 be default the users email addresses were the onmicrosoft.com domain. This was happening because there were no On Premise Exchange Server therefore no Proxy addresses recorded in Active Directory. We then had to add all of the email address alias’s to the proxy addresses using PowerShell. The next few commands are how we did this.

Export the SamAccount and Existing Email details

Import-Module ActiveDirectory
# Delete file if it exists
$FileName = "C:\temp\user.csv"
if (Test-Path $FileName) 
{
  Remove-Item $FileName
}
Get-Aduser -filter * -Properties * | 
Select SamAccountName,mail | export-csv $FileName

Once you have a list of users with the correct list of Alias addresses I then ran the following PoweShell to update all of the proxy addresses

GC C:\temp\user.csv | % {
Set-ADUser $_ -Add @{ProxyAddresses="smtp:$_@aliasdomain.org.uk"}
}

Implementation of Mimecast – Outbound

G-Suite

To prepare your outbound G Suite hostname:

  1. Log on to the Google Admin Console.
  2. Navigate to Apps | G Suite | Gmail | Advanced Settings.
  3. Click on the Hosts button.
  4. Click on the Add Route button.
  5. Enter a Route Name (e.g. Mimecast Outbound Host).
  6. Select Multiple Host and enter the Mimecast Outbound Hostnames for your Mimecast region. Both must be marked as primary. See the “Outbound Send Connectors section of the Mimecast Gateway page for full details.
  7. Click on the Save button.
  8. Click on the Add Route button.
  9. Enter a Route Name (e.g. Internal Sending Host).
  10. Select Multiple Host and enter the Google Apps MX Records (ASPMX.L.GOOGLE.COM. and ALT1.ASPMX.L.GOOGLE.COM).
  11. Click on the Save button.

To configure routing rules:

  1. Click on the General Settings tab.
  2. Navigate to the Routing section.
  3. Click on the Configure button.
  4. Select the Outbound option in the “Messages to Affect” section.
  5. Select the Change Route option in the Route section.
  6. Select the Route Name created in step 5 of the “Preparing Your Outbound Hostname” section.
  7. Click on the Add Setting button.
  8. Click on the Add Another button.
  9. Select the Internal | Sending option in the “Messages to Affect” section.
  10. Select the Change Route option in the Route section.
  11. Select the Route Name created in step 9 of the “Preparing Your Outbound Hostname” section.
  12. Click on the Add Setting button.

 

Office 365

  1. Log in to the Office 365 Administration Console.
  2. Select the Admin | Exchange menu item.
  3. Select the Mail Flow | Connectors menu item.
  4. Create a Connector.
  5. Complete the New Connector – Select Your Mail Flow Scenario dialog as follows:
    Field Description
    From Select “Office 365” from the drop down list.
    To Select “Partner Organization” from the drop down list.
  6. Select the Next button.
  7. Complete the New Connector – New Connector dialog as follows:
    Field Description
    Name Enter a name for the connector.
    Description Enter a description for the connector.
    Turn It On Select this option to enable the connector.
  8. Select the Next button.
  9. Select the Only When Email Messages are Sent to These Domains option.
  10. Select the ico_plus.png icon to add the recipient domains that should use this connector.
  11. Enter a value of * to route all outbound emails through us.
  12. Select the OK button.
    Connector
  13. Select the Next button.
  14. Select the Route Email Through These Smart Hosts option.
  15. Select the ico_plus.png icon to add your region’s smart hosts.
    add_smart_host.png

    Region Office 365 Account Hostnames
    Europe (Excluding Germany) eu-smtp-o365-outbound-1.mimecast.com

    eu-smtp-o365-outbound-2.mimecast.com

    Germany de-smtp-o365-outbound-1.mimecast.com

    de-smtp-o365-outbound-2.mimecast.com

    America us-smtp-o365-outbound-1.mimecast.com

    us-smtp-o365-outbound-2.mimecast.com

    South Africa za-smtp-o365-outbound-1.mimecast.co.za

    za-smtp-o365-outbound-2.mimecast.co.za

    Australia au-smtp-o365-outbound-1.mimecast.com

    au-smtp-o365-outbound-2.mimecast.com

    Offshore je-smtp-o365-outbound-1.mimecast-offshore.com

    je-smtp-o365-outbound-2.mimecast-offshore.com

  16. Select the Save button.
  17. Select the Next button.
  18. Select the following options:
    • Always use Transport Layer Security (TLS) to Secure the Connection (recommended)
    • Issued by a trusted certificate authority (CA)
  19. Select the Next button.
  20. Select the Next button.
  21. Add an Email Address of a recipient from a domain external to your organization.
  22. Select the Validate button.
  23. Select the Save button once Office 365 has successfully validated your settings.

Cloud Migrator Used for Data Migrations

Link to the 3rd Party Migration Tool:

https://cloudm.co/cloudmigrator?gclid=CjwKCAjwns_bBRBCEiwA7AVGHlIcjIAmgfI64swjBotgV_WwduBCpMhEaBjYrcruD30K1wuJPuIkERoC–wQAvD_BwE

So our experience with the Cloud Migrator APP has been interesting. Initially we started to use the Cloud Migrator Go SaaS application which was reasonably simple to configure following the guides provided by Cloud M. However we soon realised there were speed issues when moving data between G-Suite & O365.  The issues are caused by the API’s between GSuite and O365 being limited. There is nothing we or Cloud M could do to improve the migration speed between the two services.

We then switched to the Cloud Migrator App which you install on your own dedicated server On Premise – in our case we used a Virtual machine in VMWare. Once configured we were able to fire up numerous Servers to run Cloud Migrator having a number of migration batches running at the same time and our Data throughput seemed to be 4x that of the cloud Migrator Go SaaS option.

All in all the customer is now running Co Existence of Office 365 and G-Suite. Mail is flowing and users are happy. We intend to complete the migration to Office 365 in the coming weeks. I decided to write this post as there does not seem to be many guides out there to help you migrate from G-Suite to Office 365. Hopefully if you read this it will help you on your projects.

 

 

Useful Powershell Commands for Exchange

One of my recent projects was to implement a new Highly Available Exchange 2016 environment for a customer who was upgrading from Exchange 2010. When Exchange 2016 was in place, we then had to create  hybrid to Office 365. Below are some really useful PowerShell Commands I used during the implementation.

Installing Exchange 2016 Pre Requisites 

Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, 
NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, 
RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, 
RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, 
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, 
Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, 
Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, 
Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, 
Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, 
Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, 
RSAT-ADDS

Collecting Virtual Directory Details 

Outlook Anywhere

Get-OutlookAnywhere -AdPropertiesonly | Select server,Internalhostname,
Externalhostname

Outlook Web Access

Get-OWAVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Exchange Control Panel

Get-ECPVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Outlook Address Book

Get-OABVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Web Services

Get-WebServicesVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

MAPI

Get-MAPIVirtualDirectory -AdPropertiesOnly | Select Server,InternalURL,
ExternalURL

Active Sync

Get-ActiveSyncVirtualDirectory -AdPropertiesOnly | Select Server,
InternalURL,ExternalURL

 

AutoDiscover

Collecting the AutoDiscover URI for Exchange 2010 Servers in the environment

Get-ClientAccessServer -identity SERVERNAME|select Name,
AutodiscoverServiceInternalURI |FL

Setting the AutoDiscover URI on the newly installed Exchange 2016 Server

Set-ClientAccessService -identity SERVERNAME -AutodiscoverServiceInternalURI 
https://mail.domainname.com/autodiscover/autodiscover.xml

 

Exchange 2016 CU7 Hybrid Gotcha!!!

So after a successful deployment of Exchange 2016 the next step was to create a hybrid to Office 365 Exchange Online, Simple as Exchange 2016 was “Born in the cloud” according to Microsoft. NOT SO!!! – I downloaded the latest version of Exchange 2016 which at the time was CU7, but when configuring the hybrid it would just sit at adding Federated Domain.

A bug slipped into Exchange 2016 CU7 which prevents the HCW from completing. The HCW fails to get past the domain ownership validation:


No matter how hard you try, you can’t get past this screen.

Fortunately CU8 was release 19th December 2017 – So I spent the next day patching my newly installed Exchange environment. – then completing the Hybrid configuration.

Office 365 – Linking Cloud Only Accounts to Sync’d AD Accounts

Recently I have been working with a customer who wanted to move key business services over to Office 365, so Exchange Online, SharePoint and OneDrive. The company had already created a tenant and was using it for Power BI. They had a number of user accounts created (Cloud only) that matched the company email address.  – This made the migration process a little more interesting as we had to match up the Active directory user accounts with the Azure AD account that were already being used within Office 365 so the user only had one username and the password that matched that of the one they use to log onto there local domain.

In order to make this work, we have to match up the users GuiD from Active Directory to the Immutable ID of that for the users created on Office 365 / Azure AD. – The following steps will explain how this is done.

Install Microsoft Online Services Signin Assistant and Azure AD powershell module, I recommend that you do this on a domain controller for making things simple (Link https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx#bkmk_installmodule )

On the Domain Controller open a powershell window and run the command

Import-Module ActiveDirectory

Then run the command

Get-ADUser -Identity "Enter Local AD logon ID in these quotes"

Once you run the above command you should be able to see an output like this:-​​

Now copy the objectGUID from the output and open the website http://guid-convert.appspot.com/ and paste the same on the textbox as shown in the image and click on convert, you shoud be getting the B64 value and copy the same. Make sure that there are no spaces when you paste the value in the text box. (Although, there are other ways to get the Base64 value from a GUID I recommend this approach as it is simple, you can get the same results from LDIFDE and Powershell)

 

Now run the command

 Import-Module MSOnline

Then run the command

Connect-MSOLService

you will see a prompt to enter credentials, enter the office 365 global admin credentials here.

Now before we proceed further make sure you get rid of the duplicate account from Office 365/Azure AD. (The one that has been Syncronised from AD) Make sure you remove it from the Deleted Users as well.

 

To remove the user from the deleted users container run the command:

 

 Remove-MsolUser -UserPrincipalName malcolm.plested@mapleit.onmicrsosoft.com -RemoveFromRecycleBin -Force

 

This command would permanently remove the user, so make sure you remove the right account.

 

Once you remove the account run the command:

 Set-MsolUser -UserPrincipalName malcolm.plested@mapleit.net -ImmutableId QX00ApTUDEiiEm5kX0WP2w==

Here you need to enter the UPN /Signin address of office 365/azure AD against which you wish to perform a hard match and after the -immutableID flag enter the B64 value that you copied from http://guid-convert.appspot.com/

Once this is done run a delta sync and you will see the once Cloud Only account will now be Synced with that of the user in AD.

Enabling Legacy On Premise Public Folders in Office 365

I have recently worked on numerous Office 365 migrations that require users that have been migrated to Office 365 to have access to legacy Exchange 2010 Public folders. By default this will not work so will require a few extra steps in order to make the magic happen. Hopefully the below will be simple enough to follow in order to enable Legacy public folders…

These instructions assume that you have used the Hybrid Configuration Wizard to configure and synchronise your on-premises and Exchange Online environments and that the DNS records used for most users’ Autodiscover references an on-premises end-point. For more information, see Hybrid Configuration wizard.

If your public folders are on Exchange 2010 servers, then you need to install Client Access services on all mailbox servers that have a public folder database. This allows the Exchange RpcClientAccess service to be running, which allows for all clients to access public folders. For more information, see Install Exchange Server 2010. – The Servers will require a reboot in order for this role to become available – so remember to plan the outage before starting this process.

Create an empty mailbox database on each public folder server.

For Exchange 2010, run the following command. This command excludes the mailbox database from the mailbox provisioning load balancer. This prevents new mailboxes from automatically being added to this database.

New-MailboxDatabase -Server <PFServerName_with_CASRole> -Name 
<NewMDBforPFs> -IsExcludedFromProvisioning $true

Create a proxy mailbox within the new mailbox database and hide the mailbox from the address book. The SMTP of this mailbox will be returned by AutoDiscover as the DefaultPublicFolderMailbox SMTP, so that by resolving this SMTP the client can reach the legacy exchange server for public folder access.

New-Mailbox -Name <PFMailbox1> -Database <NewMDBforPFs>
Set-Mailbox -Identity <PFMailbox1> -HiddenFromAddressListsEnabled $true

For Exchange 2010, enable Autodiscover to return the proxy public folder mailboxes.

For Exchange 2010, enable Autodiscover to return the proxy public folder mailboxes.

Set-MailboxDatabase <NewMDBforPFs> -RPCClientAccessServer 
<PFServerName_with_CASRole>

Repeat the preceding steps for every public folder server in your organisation.

Download the following files from Mail-enabled Public Folders – directory sync script:

  • Sync-MailPublicFolders.ps1
  • SyncMailPublicFolders.strings.psd1

Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

On the legacy Exchange server with the public folders, run the following command to synchronise mail-enabled public folders from your local on-premises Active Directory to Office 365.

Sync-MailPublicFolders.ps1 -Credential (Get-Credential) 
-CsvSummaryFile:sync_summary.csv

Where Credential is your Office 365 user name and password, and CsvSummaryFile is the path to where you would like to log synchronisation operations and errors, in .csv format.

The final step in this procedure is to configure the Exchange Online organisation and to allow access to the legacy on-premises public folders. Make remote public folders discoverable to enable the Exchange Online organisation to access the on-premises public folders.

Set-OrganizationConfig -PublicFoldersEnabled Remote -
RemotePublicFolderMailboxes PFMailbox1,PFMailbox2,PFMailbox3

You must wait until Active Directory synchronisation has completed to see the changes. This process can take up to 3 hours to complete. If you don’t want to wait for the recurring synchronisations that occur every three hours, you can force directory synchronisation at any time. For detailed steps to force directory synchronisation, see Force directory synchronization. Office 365 randomly selects one of the public folder mailboxes that’s supplied in this command. – Make sure the PFUser that you created is also located in an OU that is synchronised to O365, if not the above command will not work.

How Do You Know If This Has Worked?

This last change can take a while to apply (Approx 1 Hour). To make sure that the change applied run the following cmdlet: Get-Mailbox <username> |fl *public*

defaultPFMBX.png

Add customised help desk info to the Office 365 help pane

Well, here is a nice little feature that I was unaware of until today…. A handy way to inform your users on support information for Microsoft Office 365.

As an Office 365 admin, you can streamline user support by adding customised contact information to the help pane. Users in need of support will be able to access your organisation’s custom support contact info with a single click of the help icon.

image

Create the custom help desk card

NOTE: To create a custom help desk card, you must be a global admin for Office 365 and have a license to Exchange Online. Learn how to assign licenses in Office 365 for business.

Create the custom help desk card in the admin center

1. Sign in to Office 365 with your work or school account. Learn how to sign in to Office 365.

2. Select the app launcher icon clip_image003 and choose Admin.

3. Choose the settings icon, and then choose Organization profile.

clip_image004

4. Next to Provide customized help desk contact info, choose Edit.

clip_image005

5. Turn on the Help desk card.

6. As an admin, you decide what kind of contact information you want to give users. The title and at least one form of contact information are required. Select what you want to display, and fill out the appropriate info.

o Custom title: Enter a title that clearly indicates your intent, like “Contoso help desk” or “Need help?”

o Help desk phone: Enter the phone number users should call to talk to a tech support agent at your organization. Be sure to include any prefixes that may be needed to complete the call.

o Help desk email: Enter the email address for your support department.

o Help desk URL: If your support department has an internal or public website with helpful tools and resources, enter its name and the associated URL.

7. Choose Save.

To see your new customized help desk card, sign out and back in again. We recommend you test the links on the card as soon as you sign back in. Your users will be able to see the card the next time they sign in.

Microsoft Release a SharePoint Migration Tool

The SharePoint Migration Tool lets you migrate your files from SharePoint on-premises document libraries or your on-premises file shares and easily move them to either SharePoint or OneDrive in Office 365. It is available to all Office 365 users.

Designed to be used for migrations ranging from the smallest set of files to a large scale enterprise migration, the SharePoint Migration Tool will let you bring your information to the cloud and take advantage of the latest collaboration, intelligence, and security solutions with Office 365.

SharePoint Migration Tool

Download and Install the SharePoint Migration Tool

You can download and install the SharePoint Migration Tool using Internet Explorer, Edge or Chrome browser.

IMPORTANT:

  • If you are using the Chrome browser, you need to install the ClickOnce for Google Chrome plug-in before installing the SharePoint Migration Tool.
  • To download and install the plug-in: Using Chrome, go to this site and then click Add to ChromeClickOnce for Google Chrome plug-in
  1. To download the tool, go to SharePoint Migration Tool.
  2. Click Install.
  3. Click Yes to allow this app.
    After downloading and installing the SharePoint Migration Tool, read How to use the SharePoint Migration Tool to help you get started.

For a video introduction and overview of how this new tool works, please see below:

 

New Features In The Outlook APP for IOS & Android

Over the past few years I have slowly tried to dump the laptop and go to a tablet instead.. My previous weapon of choice was the iPad, more recently moving over to the Microsoft Surface Pro for work..only because of the key requirements for me to do my day job.

But having just found out the following, I might consider going back to my iPad again, as this was one of the key reasons for dumping the iPad.

Whether you’re planning your next dinner date or an upcoming meeting with teammates, the Outlook app is there to help you manage and make the most of your day. October 10 2017 Microsoft are adding several of the most highly requested calendaring features, including the ability to sync your shared calendars to your phone and manage and RSVP to recurring events.

A big part of Microsoft’s prioritisation of new features and enhancements comes from the votes and feedback Microsoft receive from Outlook UserVoice.

Here’s a look at what’s new:

Sync shared calendars to Outlook

You will now be able to view and edit shared Office 365 or Outlook.com calendars, just like you can with your own calendars. Better yet, you can also share your own calendars with others and accept sharing invitations easily right from the app.

If you don’t see your shared calendars right now, don’t worry. Microsoft are in the process of upgrading existing shared calendars so that they start syncing to Outlook. However, if you just can’t wait and want the new experience immediately, simply re-accept the sharing invitation from Outlook on iOS or Android. Once you do this, your shared calendar will appear. If you cannot find the original calendar sharing invitation, ask the calendar owner to re-share and accept the new invite from Outlook. And voila!

Manage delegate calendars on the go

For those of you who manage someone else’s calendar at work, you’ll now be able to do this from the palm of your hand. Manage your delegates, accept a delegation request, and fully view and edit the delegated calendar all from Outlook on iOS or Android. And when you receive meeting invitations and responses, we will more clearly indicate if they are for your or your manager’s calendar, so you don’t get them confused.

Get your Meetups added directly to your calendar

Following up on Microsoft’s launch of Facebook and Evernote in Outlook on iOS and Android this year, we are releasing support for Meetup—a new Calendar app in Outlook. Meetup brings people together in thousands of cities to do more of what they want to do in life. Now, when you connect your Meetup account to Outlook, you can see your upcoming Meetups directly on your calendar.

Managing your events is even easier

Microsoft are bringing the best of what Outlook has to offer on the web and desktop to your phone, so you can make the most of your busy day while on the go.

These updates are available for both iOS and Android:

  • Create events with daily, weekly, monthly or yearly recurrences.
  • RSVP to a single occurrence of a recurring event series (e.g. decline one instance without removing the entire series from your calendar).
  • See your coworkers’ availability when scheduling meetings (available previously on iOS, now available on Android).

These features are now available on iOS, coming soon to Android:

  • Add a message when responding to a meeting invite (e.g. explain why you are declining a meeting invitation.)
  • Set an event as private, to keep the details to yourself when sharing your calendar.
  • Mark your calendar events as Busy, Free, Out of Office, or Tentative.

Office 365 New Application “Bookings”

Last year, Microsoft released a product called Bookings to customers in the U.S. and Canada, introducing an easy way for small businesses to schedule and manage appointments with their customers. Microsoft have recently announced that they are beginning to roll out the service to Office 365 Business Premium subscribers worldwide. based on user feedback, they are bringing several new features to Bookings as well.

  • Add your Office 365 calendar to Bookings—Connect your Office 365 calendar to Bookings, so that the times you are busy will automatically be blocked in your public Booking page.
  • Add buffer time before and after your appointments—Do you need prep time before or after an appointment? Adding buffer time to a service automatically blocks that time in your Booking page too.
  • Bookings apps for your iOS and Android phone—Now you can book an appointment, contact a customer or check a staff member’s appointments while away from the office.
  • Customize your Booking page—We added more color customization options, so you can better personalize your Booking page.

These new capabilities will start showing up automatically in Bookings in the coming weeks. Let’s take a detailed look at what’s new.

Add your Office 365 calendar to Bookings

One of the top pieces of feedback we’ve heard is that you want to be able to add events from your Office 365 calendar to Bookings. So, we added integration between these calendars to help you avoid booking customer meetings during the time you’ve set aside for personal appointments, staff and partner meetings or other aspects of running your business.

To add Office 365 calendars to Bookings, click the Staff tab on the left navigation panel. On the Staff details page, select the Events on Office 365 calendar affect availability checkbox.

Add Office 365 calendar events to Bookings.

Once you activate this option, the system automatically blocks busy times on the Bookings calendar and on the self-service Booking page your customers see, so that you won’t get double-booked. Similarly, so your staff doesn’t get double-booked, you can also add their Office 365 calendars.

Add buffer time between appointments

Some services can be provided through back-to-back appointments. But another top piece of feedback you gave us was that many of your services require travel, prep and/or set-up time beforehand, and clean-up and travel time once the service was delivered. For customers with these needs, we added buffer times to give you more options to customize the services you deliver.

To add buffer times, click the Services tab in the left navigation column and either edit a current service or create a new one. Turn on the toggle below the Buffer time your customers can’t book and you will get buffer time selections that can be applied before and after the service appointment. These are times your customers can’t book an appointment with you before and after an appointment.

You can turn on the “buffer time” option in the Services tab.

Apps for iOS and Android

We know it’s essential for you to keep up with your business while you are away from a desk, so we built mobile apps that let you manage your bookings and staff, or access your customer list while you’re on the go.

After you download the Bookings app on iOS and Android, you can use your phone to:

  • View and manage your Bookings calendar.
  • Create and edit bookings.
  • See real-time availability and whereabouts of your staff.
  • Respond to customers with bookings quickly and easily.
  • Get directions to your next booking.
  • Access your customer list.

Customise your Booking page

Your Booking page should look and feel like an extension of your business, and it needs to positively reflect your brand.

To help you achieve this, we added options to customize it. For example, you can choose your main color for your Booking page from a color palette, and choose whether you’d like to show your business logo.

To customise your page, click Booking page in the left navigation list and select the color you want. If you don’t want your logo to be displayed, uncheck the Display your business logo on your booking page checkbox. Once you are done, simply click Save and publish.

Use the Booking page tab to customize your Booking page. Remember to click Save and publish to keep your changes.

How to get started with Bookings

Bookings is included in all Office 365 Business Premium subscriptions, and getting started is easy. To simplify the work of customer scheduling for your business, just sign in to Office 365 and click the Bookings tile on the App Launcher. If you don’t see the Bookings tile, we may still be in the process of rolling out the service in your region—so check back a bit later. If you need more help, the article “Say hello to Microsoft Bookings” provides a quick overview of how to use Bookings.

Once you are signed in to Office 365 you can find the App Launcher on the top left corner.

Bookings is designed to delight your customers, simplify scheduling and free time for you to be on top of your business wherever you are. Your feedback has been extremely useful; please keep it coming by clicking the feedback links found on the Bookings home page.

Microsoft intend to bring Bookings to E3 and E5 customers in the near future