Category Archives: Exchange Server tips tutorials and expert advice

Exchange Server tips tutorials and expert advice

What are some considerations for a public folders migration?


A public folders migration from one version of Exchange to another can tax the skills of an experienced administrator…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

— but there’s another level of complexity when cloud enters the mix.

A session at last week’s Virtualization Technology Users Group event in Foxborough, Mass. detailed the nuances of Office 365 subscription offerings and the migration challenges administrators face. Microsoft offers a la carte choices for companies that wish to sign up for a single cloud service, such as Exchange Online, and move the messaging platform into the cloud, said Michael Shaw, a solution architect for Office 365 at Whalley Computer Associates in Southwick, Mass., in his presentation.

Microsoft offers newer collaboration services in Office 365, but some IT departments cling to one holdover that the company cannot extinguish — public folders. This popular feature, introduced in 1996 with Exchange 4.0, gives users a shared location to store documents, contacts and calendars.

For companies on Exchange 2013/2016, Microsoft did not offer a way to move “modern” public folders — called “public folder mailboxes” after an architecture change in Exchange 2013 — to Office 365 until March 2017. Prior to that, many organizations either developed their own public folders migration process, used a third-party tool or brought in experts to help with the transition.

Organizations that want to use existing public folders after a switch from on-premises Exchange to Office 365 should be aware of the proper sequence to avoid issues with a public folders migration, Shaw said.

Most importantly, public folders should migrate over last. That’s because mailboxes in Office 365 can access a public folder that is on premises, but a mailbox that is on premises cannot access public folders in the cloud, Shaw said.

“New can always access old, but old can’t access new,” he said.

IT admins should keep in mind, however, that Microsoft dissuades customers from using public folders for document use due to potential issues when multiple people try to work on the same file. Instead, the company steers Office 365 shops to SharePoint Online for document collaboration, and the Groups service for shared calendars and mobile device access.

In another attempt to prevent public folders migration to Office 365, Microsoft caps public folder mailboxes in Exchange Online at 1,000. They also come with a limit of 50 GB per mailbox in the lower subscription levels and a 100 GB quota in the higher E3 and E5 tiers. Public folder storage cannot exceed 50 TB.

Still, support for public folders has no foreseeable end despite Microsoft’s efforts to eradicate the feature. Microsoft did not include public folders in Exchange Server 2007, but reintroduced it in a service pack after significant outcry from customers, Shaw said. Similarly, there was no support for public folders when Microsoft introduced Office 365 in 2011, but it later buckled to customer demand.

Office 365 labels help keep content under control

Office 365 labels make it easy to classify data for compliance purposes through both manual and automatic methods.

Office 365 label policies, included with E3 subscriptions, provide a central location to configure and publish labels to Exchange Online, SharePoint Online and the services that depend on them, such as Office 365 Groups.

For example, administrators can add a label named Financial Data to the Security & Compliance Center and designate it to keep data with that label for six years. An Office 365 label policy pushes that label out to the other Microsoft services on the platform.

Users mark items in their inbox or documents with labels. Office 365 labels have policies that retain or delete data based on the organization’s needs. Personal data might get marked for deletion after a certain amount of time following a review, for example, or other information might get marked as an organizational record, so nobody can change or purge it.

The Advanced Data Governance functionality in an E5 subscription enables the automatic application of data labels based on keywords or sensitive information. Policies could mark all data with Social Security numbers as personal data or mark all data with credit card numbers as financial data.

The Advanced Data Governance functionality in an E5 subscription enables the automatic application of data labels based on keywords or sensitive information.

Label policies require some forethought to cover different types of information. Many organizations might require multiple labels to cover the types of data to retain or delete.

Office 365 labels take approximately 24 hours before they appear. Automatic labeling starts after about seven days.

User or organization-wide retention policies that hold data take precedence over Office 365 labels. A policy that holds data for 10 years across the organization will overrule one that removes certain data after five years.

View All Videos

Curb stress from Exchange Server updates with these pointers

systems. In my experience as a consultant, I find that few organizations have a reliable method to execute Exchange Server updates.

This tip outlines the proper procedures for patching Exchange that can prevent some of the upheaval associated with a disruption on the messaging platform.

How often should I patch Exchange?

In a perfect world, administrators would apply patches as soon as Microsoft releases them. This doesn’t happen for a number of reasons.

Microsoft has released patches and updates for both Exchange and Windows Server that cause trouble on those systems. Many IT departments have long memories, and they will let the bad feelings keep them from staying current with Exchange Server updates. This is detrimental to the health of Exchange and should be avoided. With proper planning, updates can and should be run on Exchange Server on a regular schedule.

Another wrinkle in the update process is Microsoft releases Cumulative Updates (CUs) for Exchange Server on a quarterly schedule. CUs are updates that feature functionality enhancements for the application.

With proper planning, updates can and should be run on Exchange Server on a regular schedule.

Microsoft plans to release one CU for Exchange 2013 and 2016 each quarter, but they do not provide a set release date. The CUs may be released on the first day of one quarter, and then on the last day of the next.

Rollup Updates (RUs) for Exchange 2010 are also released quarterly. An RU is a package that contains multiple security fixes, while a CU is a complete server build.

For Exchange 2013 and 2016, Microsoft supports the current and previous CU. When admins call Microsoft for a support case, the company will ask them to update Exchange Server to at least the N-1 CU — where N is the latest CU, N-1 refers to the previous CU — before they begin work on the issue. An organization that prefers to stay on older CUs limits its support options.

Because CUs are the full build of Exchange 2013/2016, administrators can deploy a new Exchange Server from the most recent CU. For existing Exchange Servers, using a new CU for that version to update it should work without issue.

Microsoft only tests a new CU deployment with the last two CUs, but I have never had an issue with an upgrade with multiple missed CUs. The only problems I have seen when a large number of CUs were skipped had to do with the prerequisites for Exchange, not Exchange itself.

Microsoft releases Windows Server patches on the second Tuesday of every month. As many administrators know, some of these updates can affect how Exchange operates. There is no set schedule for other updates, such as .NET. I recommend a quarterly update schedule for Exchange.

How can I curb issues from Exchange Server updates?

As every IT department is different, so is every Exchange deployment. There is no single update process that works for every organization, but these guidelines can reduce problems with Exchange Server patching. Even if the company has an established patching process, if it’s missing some of the advice outlined below, then it might be a good idea to review that method.

  • Back up Exchange servers before applying patches. This might be common sense for most administrators, but I have found it is often overlooked. If a patch causes a critical failure, a recent backup is the key to the recovery effort. Some might argue that there are Exchange configurations — such as Exchange Preferred Architecture — that do not require this, but a backup provides some reassurance if a patch breaks the system.
  • Measure the performance baseline before an update. How would you know if the CPU cycles on the Exchange Server are too high after an update if this metric hasn’t been tracked? The Managed Availability feature records performance data by default on Exchange 2013 and 2016 servers, but Exchange administrators should review server performance regularly to establish an understanding of normal server behavior.
  • Test patches in a lab that resembles production. When a new Exchange CU arrives, it has been through extensive testing. Microsoft deploys updates to Office 365 long before they are publicly available. After that, Microsoft gives the CUs to its MVP community and select organizations in its testing programs. This vetting process helps catch the vast majority of bugs before CUs go to the public, but some will slip through. To be safe, test patches in a lab that closely mirrors the production environment, with the same servers, firmware and network configuration.
  • Put Exchange Server into maintenance mode before patching: If the Exchange deployment consists of redundant servers, then put them in maintenance mode before the update process. Maintenance mode is a feature of Managed Availability that turns off monitoring on those servers during the patching window. There are a number of PowerShell scripts in the TechNet Gallery that help put servers into maintenance mode, which helps administrators streamline the application of Exchange Server updates.

Compliance Manager tool aims to ease security audit process

underlying environment also means they are at Microsoft’s mercy for its answers on regulatory compliance audits. To address this situation and others, Microsoft developed a Compliance Manager tool that provides a real-time risk analysis of the different cloud workloads.

Over the last year, there has been an uptick in security measures in the enterprise. Two compliance regulations that come up frequently are the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).

For HIPAA, introduced in 1996, the rise in hospital audits by the Office for Civil Rights and data breaches in recent years has many enterprises re-evaluating their security practices around patient data. GDPR is the compliance requirement that starts May 25, 2018, for organizations that handle the data of European Union citizens.

Most organizations that deal with HIPAA, GDPR or any other regulatory compliance know the difficulties associated with tracking results from audits, questionnaires, surveys and other standard operating procedures. The amount of information required to satisfy requests for compliance checklists and security assessments can overwhelm many Exchange administrators.

Regardless of the industry, the IT staff must address regulatory compliance audits; otherwise, the company can face financial and legal penalties. Microsoft released its Compliance Manager tool in November to assist IT in these efforts.

Compliance Manager tool offers compliance overview

Compliance Manager is a SaaS application located in the Service Trust Portal that features a dashboard summary of an organization’s data protection, compliance status and documentation details related to GDPR, HIPAA and other requirements.

The Compliance Manager tool provides an automated assessment of Microsoft workloads such as Office 365, Dynamics 365 and some in Azure. The utility suggests ways to boost compliance and data protection in the environment.

Compliance audits often require gathering the same information. Exchange administrators can save some time by using the Compliance Manager tool, which acts as a central repository of audit details and documentation. Admins can maintain this documentation over time and ensure they meet the compliance processes mandated by their teams.

The Compliance Manager tool is still in preview mode; Microsoft said it plans to have all the compliance templates set prior to May 2018, but anyone with an Office 365 subscription can sign up to test it.

For on-premises workloads, the Compliance Manager tool provides the requirements that need to be validated and evaluated by the administrators. Microsoft has not indicated if it will extend the automated assessment feature to any on-premises tools.

Compliance Manager assists administrators with compliance requirements across the different Microsoft workloads with full document management features and task management.

Compliance Manager assessments
The dashboard in the Compliance Manager tool gives a summary of the controls fulfilled by the customer and by Microsoft to meet a standard or regulation.

Compliance Manager breaks down compliance for a standard or regulation into assessments. Each assessment consists of controls mapped to a standard that are shared between Microsoft and the tenant. The dashboard shows which controls a customer and Microsoft have met to comply with a regulation or standard.

Administrators can use the Compliance Manager portal to manage control assignments for team members based on specific compliance requirements. Microsoft calls this task management feature action items, and it allocates different controls to individuals within the organization. This helps organize the tasks needed from each IT worker, such as data or email retention associated with GDPR, that Exchange administrators must complete. The platform enables administrators to set the priority and the individual responsible for it.

There are a few other features in the Compliance Manager tool worth noting:

  • A flexible platform that supports multiple regulations. In the initial preview release of the Compliance Manager tool, the application only supports GDPR, ISO 27001 and ISO 27018. Microsoft said it will add support for HIPAA and other regulatory standards, such as the National Institute of Standards and Technology Special Publication 800-53. Having one tool that covers the range of regulatory compliance requirements makes it a very attractive option for IT and Exchange administrators.
  • Coverage on multiple platforms. After Microsoft introduced Office 365, a number of Exchange Online administrators began to manage more than just Exchange workloads. It’s the responsibility of the IT department to ensure the interdependent workloads associated with Exchange Online meet compliance requirements. Microsoft includes assessments of Dynamics 365, Azure and the full Office 365 suite in the Compliance Manager tool to give IT full visibility into all the workloads under one compliance platform.

Compliance Manager tool shows promise

Microsoft has certainly delivered a good snapshot of what most compliance officers and administrators would like in its preview version of Compliance Manager. However, the tool only addresses three existing compliance requirements, when many in IT will want to see coverage extend to include the Payment Card Industry Data Security Standard, the Sarbanes-Oxley Act, HIPAA, Food and Drug Administration 21 Code of Federal Regulations part 11 and others. 

While there are a number of mature compliance and auditing tools in the market that offer more certifications and regulatory compliance, Compliance Manager eliminates the daunting task for administrators to produce detailed assessments under each of the compliance requirements. Some of this manual work includes interviewing Microsoft technical resources, gathering legal and written statements with certain security configurations, and, in some cases, hiring third-party auditors to validate the findings.

Microsoft will need to cover the rest of the compliance spectrum to encourage administrators to embrace this platform. But the platform is easy to use and addresses many of the concerns organizations have with the upcoming GDPR.

Set Office 365 group limits to avoid administrative hassles

Office 365 group limits to rein in unchecked access, which could lead to unintended consequences.

An Office 365 group not only contains the membership list for a collection of people, but also manages provisioning and access to multiple services, such as Exchange and SharePoint. At a fundamental level, this means each time a user creates a group for something — a project, or perhaps a team — they add a SharePoint site, group inbox, calendar, Planner, OneNote and more.

Groups is also the foundation behind new services such as Microsoft Teams, Office 365’s chat-based collaboration app. In addition to messaging via channels, Teams enables users to chat with colleagues over voice and video calls, collaborate on documents and use tabs to display other relevant team information. Teams uses Office 365 Groups to produce a team within Teams, not only for the membership list, but also to connect the underlying group-enabled services for data storage.

Why Office 365 group limits are crucial

By default, Office 365 users can create groups without any restrictions. While this appears to be a great idea to prompt viral adoption, it is likely to backfire.

The strength of Office 365 Groups is only one group is needed to manage a team’s calendar, share files among colleagues, and hold group video calls and chats. However, this is not immediately obvious to workers as they explore available services.

For example, a user starts work on a project and, being new to Microsoft Planner, decides to add a plan with the name Project Z Plan. The user also sees he can create a group calendar in Outlook, which he names Project Z Calendar. He feels he could also use a SharePoint site for the project, so he makes one called Project Z. Later, the user discovers Microsoft Teams and feels it can help with the project collaboration efforts, so he generates a new team named Project Z Team.

Each of those actions creates a new group in Office 365. A combined lack of guidance and structure means the worker’s actions — intended to build a seamless fabric that connects multiple Office 365 services — added multiple silos and redundant resources.

This scenario illustrates the need for administrators to develop Office 365 group limits to avoid similar issues. Users need instruction on what tool to use and when, but also some understanding of what a group is in the context of the organization.

Checklist for a proper Office 365 Groups configuration

Before enabling Office 365 Groups for widespread adoption, the administrator should adjust the basic settings to provide limits and help users adhere to corporate standards.

At a minimum, the IT department should consider the following Office 365 Groups configuration:

  • the email address policy for group Simple Mail Transfer Protocol addresses;
  • usage guidelines;
  • group creation restrictions; and
  • group classifications.

Apart from the email address policy, all other configurations require an Azure Active Directory Premium license, as documented here.

Next, define the settings to adjust:

Policy to update

Configuration to implement

Reason for the change

Email address

groupname@contoso.com

The company will use the main domain name because all the mailboxes were moved to Office 365.

Usage guideline URL

https://contoso.sharepoint.com/usage

Shows users best practices for producing Office 365 Groups.

Group creation restrictions

Enables line managers group to add Office 365 Groups

Only managers can create new Office 365 Groups.

Group classifications

Low risk, medium risk and high risk

Enables users to classify groups and be aware of the sensitivity of the information within the group.

To make these changes, we use PowerShell to change the configuration in multiple places.

For the email address policy configuration, add a new policy that applies to all groups with the New-EmailAddressPolicy cmdlet:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

New-EmailAddressPolicy -Name GroupsPolicy -IncludeUnifiedGroupRecipients -EnabledEmailAddressTemplates “SMTP:@contoso.com” -Priority 1

For the group configuration settings, use the Azure AD preview module. After connecting to Azure AD, use this code to confirm there is a template for group settings:

Connect-AzureAD -Credential $UserCredential

$Template = Get-AzureADDirectorySettingTemplate | Where {$_.DisplayName -eq “Group.Unified”}

$Setting = $Template.CreateDirectorySetting()

Next, define the group settings based on the configuration defined in the table and apply it:

# Configure the URL for our guidelines

$Settings[“UsageGuidelinesUrl”] = “https://contoso.sharepoint.com/usage”

# Disable group creation except for the Line Managers group

$Settings[“EnableGroupCreation”] = $False

$Settings[“GroupCreationAllowedGroupId”] = (Get-AzureADGroup -SearchString “Line Managers”).ObjectID

# Create our list of classifications

$Settings[“ClassificationList”] = “Low Risk,Medium Risk,High Risk”

# Apply the settings

New-AzureADDirectorySetting -DirectorySetting $Settings

Verify those settings with the following command:

(Get-AzureADDirectorySetting -All $true).Values

Office 365 Groups configuration
Use PowerShell to check the settings for Office 365 Groups.

With those adjustments in place, the new Office 365 Groups creation process changes, as shown below.

Office 365 Groups plan
A new plan shows the configuration settings defined by the Office 365 administrator.

Now, new Groups will have appropriate email addresses assigned — existing groups remain unchanged.

Office 365 Groups email
With a configuration in place for Office 365 Groups, the proper email address gets produced automatically.

Add boundaries and reduce complications

It’s important for administrators to employ Office 365 group limits. This practice prevents unchecked access to resources in the collaboration platform, which maintains order and avoids problems with redundancy and wasted resources.

Change key settings to put basic governance in place to steer users toward usage guidelines for Office 365 Groups. This helps the administrator ensure the groups are created correctly and can be managed properly as adoption grows.

The top Exchange and Office 365 tutorials of 2017

Even in the era of Slack and Skype, email remains the key communication linchpin for business. But where companies use email is changing.

In July 2017, Microsoft said, for the first time, its cloud-based Office 365 collaboration platform brought in more revenue than traditional Office licensing. In October 2017, Microsoft said it had 120 million commercial subscribers using its cloud service.

This trend toward the cloud is reflected by the heavy presence of Office 365 tutorials in this compilation of the most popular tips of 2017 on SearchExchange. More businesses are interested in moving from a legacy on-premises server system to the cloud — or at least a new version of Exchange.

The following top-rated Office 365 tutorials range from why a business would use an Office 365 hybrid setup to why a backup policy is essential in Office 365.

5. Don’t wait to make an Office 365 backup policy

Microsoft does not have a built-in backup offering for Office 365, so admins have to create a policy to make sure the business doesn’t lose its data.

Admins should work down a checklist to ensure email is protected if problems arise:

  • Create specific plans for retention and archives.
  • See if there are regulations for data retention.
  • Test backup procedures in Office 365 backup providers, such as Veeam and Backupify.
  • Add alerts for Office 365 backups.

4. What it takes to convert distribution groups into Office 365 Groups

Before the business moves from its on-premises email system to Office 365, admins must look at what’s involved to turn distribution groups into Office 365 Groups. The latter is a collaborative service that gives access to shared resources, such as a mailbox, calendar, document library, team site and planner.

Microsoft provides conversion scripts to ease the switch, but they might not work in every instance. Many of our Office 365 tutorials cover these types of migration issues. This tip explains some of the other obstacles administrators encounter with Office 365 Groups and ways around them.

3. Considerations before a switch to Office 365

While Office 365 has the perk of lifting some work off IT’s shoulders, it does have some downsides. A move to the cloud means the business will lose some control over the service. For example, if Office 365 goes down, there isn’t much an admin can do if it’s a problem on Microsoft’s end.

Businesses also need to keep a careful eye on what exactly they need from licensing, or they could end up paying far more than they should. And while it’s tempting to immediately adopt every new feature that rolls out of Redmond, Wash., the organization should plan ahead to determine training for both the end user and IT department to be sure the company gets the most out of the platform.

2. When a hybrid deployment is the right choice

A clean break from a legacy on-premises version of Exchange Server to the cloud sounds ideal, but it’s not always possible due to regulations and technical issues. In those instances, a hybrid deployment can offer some benefits of the cloud, while some mailboxes remain in the data center. Many of our Office 365 tutorials assist businesses that require a hybrid model to contend with certain requirements, such as the need to keep certain applications on premises.

1. A closer look at Exchange 2016 hardware

While Microsoft gives hardware requirements for Exchange Server 2016, its guidelines don’t always mesh with reality. For example, Microsoft says companies can install Exchange Server 2016 on a 30 GB system partition. But to support the OS and updates, businesses need at least 100 GB for the system partition.

A change from an older version of Exchange to Exchange 2016 might ease the burden on the storage system, but increase demands on the CPU. This tip explains some of the adjustments that might be required before an upgrade.