Click to edit Master

subtitle style

07 | Administering Exchange Online

Anthony Steven | Principal Technologist, Content Master
Martin Coetzer | Portfolio Architect, Microsoft

Module Overview
Configure Personal Archive Policies
Manage Anti-malware and Anti-spam Policies
Configure Additional Email Addresses for Users
• Create and Manage External Contacts, Resources, and Groups

Lesson One
Introduction to Messaging Configuring Retention Tags
Records Management Configuring Retention Policies
Configuring In-Place Archives Applying Retention Policies to
Retention Tags Mailboxes
Retention Policies Configuring eDiscovery
• Managed Folder Assistant • Configuring In-Place Hold

Introduction to Messaging Records Management • Messaging Records Management is a key feature of Exchange Online • MRM protects data by ensuring that records are kept of emails • MRM also controls mailbox sizes through automatic archiving and deletion • MRM consists of: – Personal archives – Retention tags – Retention policies – eDiscovery and litigation hold – Journaling – Data loss prevention – Auditing .

Configuring In-Place Archives • Requires: – Assigned suitable Office 365 licence – Archive-enabled mailbox – Supported messaging client • Enable by using EAC or PowerShell • Disable by using EAC or PowerShell • Reconnect by using PowerShell only • Users can move messages to the archive: – Manually – Through Inbox rules – AutoArchive – Personal retention policies .

Retention Tags .

the default retention policy applied to new mailboxes is Default MRM Policy • New policies may be required to deal with differing retention needs .Retention Policies • A retention policy is a group of retention tags that apply to a mailbox • A mailbox can have only one retention policy applied to it • When a mailbox is created. a default retention policy is applied • In Exchange Online.

Demo: Retention Tags and Policies .

Managed Folder Assistant .

slightly different steps for single or multiple mailboxes • With PowerShell.Applying Retention Policies to Mailboxes • Apply policy to a mailbox using EAC or PowerShell • With EAC. easy to set retention policies for one or multiple mailboxes • Use the Get-Mailbox "Mailbox Name" | Select RetentionPolicy to find what policy applies to a particular mailbox .

Configuring eDiscovery .

Demo: Configuring In-Place Hold .

Lesson Two Configuring Malware Filters Message Headers and Spam Confidence Levels Customizing the Connection Filter Configuring Content Filters Customizing Outbound Spam Settings • Managing Spam Quarantine .

you configure the policy and rule together – In PowerShell.Configuring Malware Filters • Malware protection is provided by Exchange Online Protection • Malware filters control what happens when malware is detected • Malware filters consist of a malware policy and a malware rule – In EAC. you configure the policy first and then apply policy with a rule • The default filter applies to everyone and just deletes the message with no notifications .

recipient or domain • 0.Message Headers and Spam Confidence Levels • Anti-Spam message headers – Inserts header into message – Includes information about message and how it was processed • Spam Confidence Levels – Rates the likelihood that a message is spam – Exchange online uses following levels: • -1 – Safe sender. 1 – scanned and found safe • 5 – Probable spam • 9 – High confidence spam – Actions depend on SCL rating .

Customizing the Connection Filter • Connection filters enable setting up of allow and block lists for spam based on IP addresses and ranges • Allow lists and block lists accept CIDR ranges • CIDR ranges outside /32 to /24 require setting up of Exchange transport rule • Addresses in both allow and block lists are allowed .

Demo: Configuring Content Filters .

Customizing Outbound Spam Settings • Organization-level filter acts on all outgoing messages • No further filters can be added • Cannot be disabled • Can be customized: – Send a copy of all suspicious outbound email messages to the following email address or addresses – Send a notification to the following email address or addresses when a sender is blocked for sending outbound spam .

Managing Spam Quarantine • Quarantine holds messages picked up by content filters or transport rules • Messages remain in quarantine for up to 15 days • Advanced filtering enables sorting on: – Message ID – Sender email address – Recipient email address – Received (by day) – Expires (by day) – Message type (spam or content rule filtering) • Messages can be released to recipients • Messages can be marked as false positives to Microsoft .

Configure Additional Email Addresses for Users Email Address Assignment in Exchange Online Configuring Additional Email Addresses SIP Addressing • Managing Email Addresses with DirSync .

onmicrosoft. allowing you to create email addresses for those domains • Email addresses can be created or marked as primary (reply-to) in EAC or with PowerShell .com. • Additional domains can be registered.Email Address Assignment in Exchange Online • Office 365 does not use email policies like Exchange on-premises • Default email addresses for new Office 365 account are @companyname.

emailaddresses.alias)@thenewdomainname")} $users | %{Set-Mailbox $_.Configuring Additional Email Addresses • Configure additional email addresses individually through EAC or in bulk using PowerShell • PowerShell command must evaluate all users and then change the email address.Identity -EmailAddresses $_.EmailAddresses} • Must connect to Exchange Online Service first .Add("smtp:$ ($a. For example: $users = Get-Mailbox foreach ($a in $users) {$a.

SIP Addressing .

Managing Email Addresses with DirSync • With DirSync. email addresses in Office 365 can be populated using attributes in Active Directory • DirSync synchronization then pushes these addresses to Office 365 mailboxes • Proxy email addresses can be edited in ADSI Edit or Active Directory Users and Computers • Primary email addresses start with SMTP: • Secondary email addresses start with smtp: • You can still add email addresses to Exchange Online for registered domains through EAC or PowerShell .

and Groups Configuring Mail Contacts Configuring Resource Mailboxes Bulk Importing Contacts Changing Mailbox Types Hiding External Contacts • Configuring Distribution and Configuring Mail Users Security Groups • Configuring Shared Mailboxes . Resources.Create and Manage External Contacts.

Configuring Mail Contacts • Mail contacts in Office 365 are the equivalent of contacts in Active Directory • Mail contacts enable external contact details to be added to the GAL • Mail contacts can be created through EAC or by using PowerShell • Mail contacts require an alias and an external email address • Further fields are available after you have created the contact .

Demo: Configuring Mail Contacts .

Bulk Importing Contacts • Bulk Import process – Create a CSV file containing the necessary information – Use PowerShell to create the contacts – Customize the newly created contacts using PowerShell • Import file must provide: – FirstName – LastName – Name – ExternalEmailAddress • Use the Import-CSV command to create contacts with mandatory fields • Rerun Import-CSV command to populate additional variables .

Hiding External Contacts • Hide one contact – Set-MailContact <contact name> -HiddenFromAddressListsEnabled $true • Hide all contacts – Get-Contact -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'MailContact')} | Set- MailContact -HiddenFromAddressListsEnabled $true • Hide with DirSync – Change msExchHideFromAddressList to TRUE • Check if a user is hidden – Get-MailUser -Identity <alias> |fl *HiddenFromAddressListsEnabled* .

mail users can be added to shared mailboxes .Configuring Mail Users • Mail users can log onto Office 365 • Mail users have an external address rather than a mailbox • Create in EAC or with PowerShell • Unlike contacts.

Demo: Configuring Mail Users .

not contacts • Automapping feature automatically opens all Full Access mailboxes but can be disabled .Configuring Shared Mailboxes • Shared mailboxes provide generic email addresses that multiple user accounts can access • Can have three permission levels: – Full Access: can act as mailbox owner – Send As: can send mail as if from the mailbox – Send on Behalf Of: Can send mail on behalf of the mailbox • Mailbox users and mail users can access shared mailboxes.

Configuring Resource Mailboxes • Resource mailboxes can be for rooms or equipment • Their main purpose is to accept or reject booking requests • Booking requests can be automatically or manually accepted • Users can log on to the resource mailbox through delegated access rights • Ensure that labelling of the resource is carried out logically and consistently .

Changing Mailbox Types User See the slide Note for additional information on the User>Shared relationship Resource Shared .

Configuring Distribution and Security Groups Office 365 Exchange Online Exchange Online Exchange Online Dynamic Security Group Security Group Distribution Group Distribution Group Visible in Office 365 Users and Groups     Visible in Exchange Online Groups     Can set permissions     Has email address     Has dynamic membership     Supports Self-enrol     .

Demo: Security and Distribution Groups .

Resources.Module Review Configure Personal Archive Policies Manage Anti-malware and Anti-spam Policies Configure Additional Email Addresses for Users • Create and Manage External Contacts. and Groups .

AS TO THE INFORMATION IN THIS PRESENTATION. Office. IMPLIED OR STATUTORY. Microsoft. System Center. and/or other countries. EXPRESS. All rights reserved. MICROSOFT MAKES NO WARRANTIES.S. Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.©2013 Microsoft Corporation. Azure. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. . Because Microsoft must respond to changing market conditions. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Windows. it should not be interpreted to be a commitment on the part of Microsoft.