Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
The first video in this series is:
This video looks at the configuration of Exchange Online Malware filters. You can find the Microsoft documentation for these policies here:
Configure anti-malware policies in EOP
A direct link to this video can be found at:
https://www.youtube.com/watch?v=zILBf4M0JHA
This video provides an introduction to Exchange Online Spam policies. particularly Inbound and Outbound policies plus Connect Filter Policies. You’ll see how to view the existing policies, make changes to these policies as well as create new ones using the Microsoft 365 Security Administration console.
Slides from this month’s webinar are at:
July 2021 Microsoft 365 Need to Know Webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
Watch out for next month’s webinar.
Last months attempt at using Microsoft Teams Webinars went well and I’ll be continuing to use this going forward. Registration for this month is here:
Shortly after this you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite!
This month we’ll dive into email security with Microsoft 365, particularly the best practice configurations for Exchange Online. So please join us for this and all the latest news from the Microsoft Cloud.
You can register for the regular monthly webinar here:
The details are:
CIAOPS Need to Know Webinar – July 2021
Friday 30th of July 2021
11.00am – 12.00am Sydney Time
All sessions are recorded and posted to the CIAOPS Academy.
The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:
or purchase them individually at:
Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.
I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.
I’ve created a new Exchange user best practices summary script which you can find at:
https://github.com/directorcia/Office365/blob/master/o365-mx-usr-all.ps1
The idea with this script is to give you a quick visual summary of your user mailboxes to ensure they conform to best practices.
When you run the script without any command line options you will see the above output. Each row is a user with their name at the end of the line. The entries on the right provide you an indication of settings status. A green dot is for good and a red X is for bad. You will see this creates a matrix of settings for each mailbox. These settings are designated by a letter (currently a through p). These letters correspond to the following settings:
a = Mailbox type: S = Shared, R = Resource, U = User
b = Enabled
c = Inactive
d = Remote PowerShell Enabled
e = Retain Deleted Items for at least 30 days
f = Deliver to Mailbox and Forward
g = Litigation Hold Enabled
h = Archive Mailbox Status
i = Auto-expanding Archive Enabled
j = Hidden From Address Lists Enabled
k = POP Enabled
l = IMAP Enabled
m = EWS Enabled
n = EWS Allow Outlook
o = EWS Allow Mac Outlook
p = Mailbox Audit Enabled
If you use the –verbose command line option, you’ll get additional information about the script operation as you see above.
If you use the –debug command line option, a log file of the script process will be created in the parent directory.
If you use the –prompt command line option, the script will wait after each user for you to press ENTER.
If you use the –select command line option, the script will prompt you to select the users you wish to display.
If you also specify any letter from, currently, a through p on the command line, those settings will not be checked by the script. Thus, specifying dhl on the command line will not check or display Remote PowerShell Enabled (setting = d), Archive Mailbox Status (setting = h) or IMAP enabled (setting = l).
Thus:
.\o365-mx-usr-all.ps1 dhl
will display:
(note: no d, h or l in the output)
and
.\o365-mx-usr-all.ps1 dhl –select
will display:
no d, h or l settings as well as prompting for selection of users to check and display.
The script requires that you are connected to Exchange Online first via PowerShell prior and this can be done using my script:
https://github.com/directorcia/Office365/blob/master/o365-connect-exo.ps1
In summary then, this script when run without any command line options is designed to give you a quick reference to your user mailboxes and whether they have best practice settings enabled. You can also run the script with number of different command line options to create a log, individually select users and settings to test as well as pause after each user if desired.
I’ll continue to update and improve this script over time so make sure you follow my Office 365 GitHub repository, which you can find here:.
When you set up bulk alerting for mailboxes you may end up enabling alerts for system mailboxes like DiscoverySearchMailbox as shown above. This will mean receiving regular alerts about changes to that mailbox by the system. This basically means Exchange Online is performing some expected administrative process on a mailbox, which triggers a configured alert.
To reduce the noise caused by these alerts you can do the following to disable it:
Firstly connect to Exchange Online using PowerShell. My script for that is here:
https://github.com/directorcia/Office365/blob/master/o365-connect-exo.ps1
next run the command to find any DiscoverySearchMailbox
get-mailbox -ResultSize unlimited | Where-Object {$_.name -MATCH “Discovery”} | Select-Object alias, displayname, auditenabled
which should give you a result like shown above.
$dsm = get-mailbox -ResultSize unlimited | Where-Object {$_.name -MATCH “Discovery”}
Run the above command to save the mailbox details to a variable. Then run:
set-mailbox -identity $dsm.alias -AuditEnabled $false
to disable auditing for that mailbox.
if you now re-run
get-mailbox -ResultSize unlimited | Where-Object {$_.name -MATCH “Discovery”} | Select-Object alias, displayname, auditenabled
you should find that the auditing is now disabled for that mailbox as shown above.
Exchange Online now has the ability to migrate across tenants, as shown above. More details are here:
There are some real nice and helpful email report in your Microsoft 365 Security console if you haven’t taken a look recently. You can pull them up by visiting:
https://security.microsoft.com/securityreports
as shown above. Then selecting Email & collaboration reports on the right.
The one I really like is the Mailflow status summary which you can drill into further by clicking on the heading or selecting the View details button.
If you then select the Funnel option across the top as shown, you get an idea of the number of bad emails that are being caught by each stage of the filtering process, from top (total in) to bottom (remaining out).
However, the report I love is the one you get when you select the Tech view as shown above. Why? Because this one even shows you results from DMARC as highlighted.
Many also allow you to Create schedule as shown above,
that allows you to email the reports regularly.
Keep an eye on the reporting areas of your tenant, as they are rapidly improving and expanding!
CIAOPS 