Click to edit Master

subtitle style

07 | Administering Exchange Online

Anthony Steven | Principal Technologist, Content Master

Martin Coetzer | Portfolio Architect, Microsoft
Module Overview
Configure Personal Archive Policies
Manage Anti-malware and Anti-spam Policies
Configure Additional Email Addresses for Users
Create and Manage External Contacts, Resources, and Groups
Lesson One
Introduction to Messaging
Records Management
Configuring In-Place Archives
Retention Tags
Retention Policies
Managed Folder Assistant
Configuring Retention Tags
Configuring Retention Policies
Applying Retention Policies to
Mailboxes
Configuring eDiscovery
Configuring In-Place Hold
Introduction to Messaging Records Management
Messaging Records Management is a key feature of Exchange Online
MRM protects data by ensuring that records are kept of emails
MRM also controls mailbox sizes through automatic archiving and deletion
MRM consists of:
Personal archives
Retention tags
Retention policies
eDiscovery and litigation hold
Journaling
Data loss prevention
Auditing
Configuring In-Place Archives
Requires:
Assigned suitable Office 365 licence
Archive-enabled mailbox
Supported messaging client

Enable by using EAC or PowerShell

Disable by using EAC or PowerShell
Reconnect by using PowerShell only
Users can move messages to the archive:
Manually
Through Inbox rules
AutoArchive
Personal retention policies
Retention Tags
Retention Policies
A retention policy is a group of retention tags that apply to a
mailbox
A mailbox can have only one retention policy applied to it
When a mailbox is created, a default retention policy is applied
In Exchange Online, the default retention policy applied to new
mailboxes is Default MRM Policy
New policies may be required to deal with differing retention
needs
Demo: Retention Tags and Policies
Managed Folder Assistant
Applying Retention Policies to Mailboxes
Apply policy to a mailbox using EAC or PowerShell
With EAC, slightly different steps for single or multiple mailboxes
With PowerShell, easy to set retention policies for one or
multiple mailboxes
Use the Get-Mailbox "Mailbox Name" | Select
RetentionPolicy to find what policy applies to a particular
mailbox
Configuring eDiscovery
Demo: Configuring In-Place Hold
Lesson Two
Configuring Malware Filters
Message Headers and Spam Confidence Levels
Customizing the Connection Filter
Configuring Content Filters
Customizing Outbound Spam Settings
Managing Spam Quarantine
Configuring Malware Filters
Malware protection is provided by Exchange Online Protection
Malware filters control what happens when malware is detected
Malware filters consist of a malware policy and a malware rule
In EAC, you configure the policy and rule together
In PowerShell, you configure the policy first and then apply policy with
a rule
The default filter applies to everyone and just deletes the message with no
notifications
Message Headers and Spam Confidence Levels
Anti-Spam message headers
Inserts header into message
Includes information about message and how it was processed
Spam Confidence Levels
Rates the likelihood that a message is spam
Exchange online uses following levels:
-1 Safe sender, recipient or domain
0, 1 scanned and found safe
5 Probable spam
9 High confidence spam
Actions depend on SCL rating
Customizing the Connection Filter
Connection filters enable setting up of allow and block lists for
spam based on IP addresses and ranges
Allow lists and block lists accept CIDR ranges
CIDR ranges outside /32 to /24 require setting up of Exchange
transport rule
Addresses in both allow and block lists are allowed
Demo: Configuring Content Filters
Customizing Outbound Spam Settings
Organization-level filter acts on all outgoing messages
No further filters can be added
Cannot be disabled
Can be customized:
Send a copy of all suspicious outbound email messages to the
following email address or addresses
Send a notification to the following email address or addresses when a
sender is blocked for sending outbound spam
Managing Spam Quarantine
Quarantine holds messages picked up by content filters or transport rules
Messages remain in quarantine for up to 15 days
Advanced filtering enables sorting on:
Message ID
Sender email address
Recipient email address
Received (by day)
Expires (by day)
Message type (spam or content rule filtering)

Messages can be released to recipients

Messages can be marked as false positives to Microsoft
Configure Additional Email Addresses for Users
Email Address Assignment in Exchange Online
Configuring Additional Email Addresses
SIP Addressing
Managing Email Addresses with DirSync
Email Address Assignment in Exchange Online
Office 365 does not use email policies like
Exchange on-premises

Default email addresses for new Office 365

account are @companyname.onmicrosoft.com.

Additional domains can be registered, allowing

you to create email addresses for those domains

Email addresses can be created or marked as

primary (reply-to) in EAC or with PowerShell
Configuring Additional Email Addresses
Configure additional email addresses individually
through EAC or in bulk using PowerShell

PowerShell command must evaluate all users and

then change the email address. For example:

$users = Get-Mailbox
foreach ($a in $users) {$a.emailaddresses.Add("smtp:$
($a.alias)@thenewdomainname")} $users | %{Set-Mailbox
$_.Identity -EmailAddresses $_.EmailAddresses}

Must connect to Exchange Online Service first

SIP Addressing
Managing Email Addresses with DirSync
With DirSync, email addresses in Office 365 can be
populated using attributes in Active Directory
DirSync synchronization then pushes these addresses to
Office 365 mailboxes
Proxy email addresses can be edited in ADSI Edit or Active
Directory Users and Computers
Primary email addresses start with SMTP:

Secondary email addresses start with smtp:

You can still add email addresses to Exchange Online for

registered domains through EAC or PowerShell
Create and Manage External Contacts,
Resources, and Groups
Configuring Mail Contacts Configuring Resource Mailboxes
Bulk Importing Contacts Changing Mailbox Types
Hiding External Contacts Configuring Distribution and
Configuring Mail Users Security Groups
Configuring Shared Mailboxes
Configuring Mail Contacts
Mail contacts in Office 365 are the equivalent of contacts in
Active Directory
Mail contacts enable external contact details to be added to the
GAL
Mail contacts can be created through EAC or by using
PowerShell
Mail contacts require an alias and an external email address
Further fields are available after you have created the contact
Demo: Configuring Mail Contacts
Bulk Importing Contacts
Bulk Import process
Create a CSV file containing the necessary information
Use PowerShell to create the contacts
Customize the newly created contacts using PowerShell

Import file must provide:

FirstName
LastName
Name
ExternalEmailAddress

Use the Import-CSV command to create contacts with mandatory fields

Rerun Import-CSV command to populate additional variables
Hiding External Contacts
Hide one contact
Set-MailContact <contact name> -HiddenFromAddressListsEnabled $true

Hide all contacts

Get-Contact -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'MailContact')} | Set-
MailContact -HiddenFromAddressListsEnabled $true

Hide with DirSync

Change msExchHideFromAddressList to TRUE

Check if a user is hidden

Get-MailUser -Identity <alias> |fl *HiddenFromAddressListsEnabled*
Configuring Mail Users
Mail users can log onto Office 365
Mail users have an external address rather than a mailbox
Create in EAC or with PowerShell
Unlike contacts, mail users can be added to shared mailboxes
Demo: Configuring Mail Users
Configuring Shared Mailboxes
Shared mailboxes provide generic email addresses that multiple user accounts can
access
Can have three permission levels:
Full Access: can act as mailbox owner
Send As: can send mail as if from the mailbox
Send on Behalf Of: Can send mail on behalf of the mailbox

Mailbox users and mail users can access shared mailboxes, not contacts
Automapping feature automatically opens all Full Access mailboxes but can be
disabled
Configuring Resource Mailboxes
Resource mailboxes can be for rooms or equipment
Their main purpose is to accept or reject booking requests
Booking requests can be automatically or manually accepted
Users can log on to the resource mailbox through delegated
access rights
Ensure that labelling of the resource is carried out logically and
consistently
Changing Mailbox Types

User
See the slide Note for additional
information on the User>Shared
relationship

Resource Shared
Configuring Distribution and Security Groups
Office 365 Exchange Online Exchange Online Exchange Online Dynamic
Security Group Security Group Distribution Group Distribution Group
Visible in Office 365
Users and Groups
Visible in Exchange
Online Groups
Can set permissions

Has email address

Has dynamic
membership
Supports Self-enrol

Demo: Security and Distribution Groups
Module Review
Configure Personal Archive Policies
Manage Anti-malware and Anti-spam Policies
Configure Additional Email Addresses for Users
Create and Manage External Contacts, Resources, and Groups
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the
U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.