Your MX record pointed to Exchange Online Protection and you observed that lot email bounced back which was send to an invalid recipient in your organization; you find a solution to stop this, what you will do?
The Directory Based Edge Blocking (DBEB) feature in Exchange Online and Exchange Online Protection (EOP) lets you reject messages for invalid recipients. DBEB lets admins add mail-enabled recipients to Office 365 (Azure AD) and block all messages sent to email addresses that aren’t present in Office 365.
Changing the accepted domain as Authoritative in Exchange Online enable the Directory Based Edge Blocking (DBEB) feature.
What are Accepted Domains and Remote Domains in Exchange Online?
Accepted Domains and Remote Domains are same as On-Premise Exchange. When we add a domain as accepted domain, then the user with that domain can send and receive email.
There are two types of Accepted Domains, Authoritative and Internal Relay. Authoritative option means that email is delivered to email addresses that are listed for recipients in Office 365 for this domain. Emails for unknown recipients are rejected. Internal Relay means that recipients for this domain can be in Office 365 or your own email servers. Email is delivered to known recipients in Office 365 or is relayed to your own email server if Office 365 does not know the recipients.
Remote Domain control the types and the format of messages that your users send to domains outside of your Exchange domain. Here are some of those reasons:
- Restrict users from forwarding emails to other domains.
- Reject automatic messages, such as non-delivery reports and out-of-office replies.
- Send out-of-office replies as those received by people inside your organization.
- Your users frequently send email to a company that supports limited email formats, and you would like to make sure all emails sent to that organization are sent in a format that they can read.
What are the recipients that are supported in Exchange Online? How to convert a Shared mailbox to User Mailbox?
As like Exchange On-Premise, Exchange Online Supports Users Mailbox, Shared Mailbox, Distribution Group, Mail enabled security group, dynamic distribution group, mail contacts, mail users, Room Mailbox and Equipment Mailbox. We can select the Mailbox in Exchange Online Admin center and we will see an option to convert to Shared Mailbox.
What is clutter?
Clutter is a feature in Office 365 designed to help users focus on the most important messages in their Inbox by moving lower priority messages into a new Clutter folder.
You have a requirement for a set of users to view only a set of recipient address in Address Book. How you will achieve it?
We can create Address book policies to achieve this. Address book policies (ABPs) allow you to segment users into specific groups to provide customized views of your organization’s global address list (GAL). When creating an ABP, you assign a GAL, an offline address book (OAB), a room list, and one or more address lists to the policy. You can then assign the ABP to mailbox users, providing them with access to a customized GAL in Outlook and Outlook Web App. It is same like GAL segmentation to have multiple GAL in On-Premise Exchange.
This Content Is Only For Subscribers
What are the supported Exchange Online Clients? Questions may be asked each protocols individually.
Exchange Online Supports below clients.
MAPI over HTTP – Outlook client now connect Exchange Online using MAPI over HTTP and not RPC over TCP (formerly known as Outlook Anywhere)
OWA – Outlook on the web is a web-based version of the Outlook email program that is used with Exchange Online. It enables users to access their email, calendar, and contacts through a web browser from wherever they connect to the Internet
Outlook for Mac – Exchange Online supports Microsoft Outlook for Mac, which provides email, calendar, an address book, a task list, and a note list
Outlook for iOS, Android, and Windows Phone – Exchange Online works with Outlook apps available for iOS, Android, and Windows Phone. On any of these devices, use the app store to find the Outlook app
Exchange Active Sync – Exchange Online supports the Microsoft Exchange ActiveSync protocol, which synchronizes mailbox data between mobile devices and Exchange Online, so users can access their email, calendar, contacts, and tasks on the go.
POP/IMAP – Exchange Online supports mailbox access through both POP3 and IMAP4 protocols. POP and IMAP access requires encryption-using SSL. POP is enabled by default for all users. Users can view their POP and IMAP connection settings in Outlook on the web
EWS – Applications developed using Exchange Web Services (EWS) or the EWS Managed API let administrators access data stored with Exchange Online from applications that are running on-premises, in Azure, or in other hosted services.
Blackberry Devices – Office 365 email is available on BlackBerry devices via Exchange ActiveSync
What is Exchange Online Protection and what are the features?
Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations.
- Anti-SPAM Protection
- Anti-Malware Protection
- Transport Rules
- 99.99 SLA
- Mail Routing
- Geo Redundant
What is Autodiscover service and how it works?
Microsoft Exchange Autodiscover service in Exchange helps the Autodiscover capable outlook clients to configure outlook profile easily by providing minimal input. Users know their user name and password information, by providing those information, other information to configure outlook profile can be retried from Exchange using Autodiscover Service. Autodiscover automatically configures user profile for outlook and mobile devices.
Outlook 2007 and later clients supports Autodiscover to connect Exchange 2007 and above.
How Autodiscover works?
Information that are required to configure the outlook profile will be retrieved from Exchange in a XML format and outlook use that information to connect to different services to function properly.
How Autodiscover works when connecting from Internal network?
Note: To locate Autodiscover service, outlook uses LDAP query to Service Connection Point object first (Internal clients) and if it fails it uses DNS query (external clients).
1. Once user enters the credential (email address and password, where email address considered as a user name), outlook authenticated with AD and queries for Service Connection Point objects to find the Autodiscover Service in Client access server to which it has to contact to get the Autodiscover information in xml format.
SCP object will be created when Exchange client access server installed and new SCP will be created when new CAS servers are installed, SCP will be updated with the servicebindinginformation FQDN of client access server name in the form of https://cas01.learnexchangeserver.com/autodiscover/autodiscover.xml and keyword that tells to which site this CAS server belongs.
2. Once the client authenticated to active directory,
- a. The Autodiscover service information will be obtained from SCP object, for any reason it that fails
- b. Outlook will try the predefined URL like https://autodiscover.learnexchangeserver.com/autodiscover/autodiscover.xml by using DNS
- c. If the above fails, outlook will try the HTTP redirect method, it is same predefined URL, instead of https, http will be used
- d. If the above fails, SRV record lookup will be used which is the last lookup method and if that fails outlook auto configuration will fail.
3. Autodiscover Service in CAS server contacts AD to get the URL and the configured Exchange Services details
4. Autodiscover Service returns a HTTPS response with XML file that includes connection settings and URLS for available Exchange features
5. Outlook client uses that information to connect to Exchange.
How Autodiscover works when connecting from Internet.?
If the Client Machine is not AD domain joined,
- Outlook first tries to locate the Autodiscover service by looking up the SCP object in Active Directory. Since the client is in internet, it will not be able to contact Active Directory,
- Outlook Client will try to locate the Autodiscover service by DNS queury. For DNS query, outlook uses the right side of the email address, that is, learnexchangeserver.com (domain name first), and check the DNS for two predefined URLs. For example
https://learnexchangeserver.com/autodiscover/autodiscover.xml
https://autodiscover.learnexchangeserver.com/autodiscover/autodiscover.xml
Note: Need to create a DNS record in Internet to connect to your Client Access Server to make it work.
- Autodiscover Service in CAS server contacts AD to get the URL and the configured Exchange Services details
- Autodiscover Service returns a HTTPS response with XML file that includes connection settings and URLS for available Exchange features
- Outlook client uses that information to connect to Exchange.
When outlook clients connect to Autodiscover Service?
Outlook and Exchange Active Sync on mobile device uses Autodiscover for configuring and maintaining server settings for client
Outlook clients automatically connect to the Autodiscover service in the following conditions:
- When outlook client starts, both opening for the first time and every time it starts
- Every 60 minutes once
- Any time that the client’s connection to an Exchange Server fails
What is Access Token and Refresh Token?
When a user successfully authenticates with Office 365 (Azure AD), they are issued both an Access Token and a Refresh Token.
- The Access Token is very short-lived (valid for around 1 hour).
- The Refresh Token is longer-lived – in some cases the token may be valid for up to 90 days if It is frequently use and the user hasn’t changed their password
The Access token is what is used to actually gain access to Resources such as Exchange or SharePoint Online. When the Access token expires, the Office client will present the Refresh token to Azure AD and request a new Access Token to use with the resource. The default lifetime for a Refresh Token is 14 days (expires 14 days after issue if not “used”). Features such as Conditional Access Policies may force users to sign-in again even though the Refresh Token is still valid. Once the Refresh token expires, users will need to sign-in again.
What is an Alternate Login ID?
Alternate Login ID is a feature of Azure AD that allows certain customers (that are synchronizing their directories with Office 365) to use a different value than their on-prem UPN.
What is a soft deleted mailbox and hard deleted mailbox?
A soft-deleted user mailbox is a mailbox that is deleted in the following cases:
- The user mailbox’s associated Azure active directory user account is soft deleted (the Azure active directory user object is out of scope or in the recycle bin container).
- The user mailbox’s associated Azure active directory user account is hard deleted but the Exchange Online mailbox is in a litigation hold or eDiscovery hold.
- The user mailbox’s associated Azure active directory user account has been purged within the last 30 days; which is the retention length Exchange Online will keep the mailbox in a soft deleted state before it is permanently purged and unrecoverable.
- A hard-deleted user mailbox is a mailbox that has been deleted in the following cases:
- The user mailbox has been soft-deleted for more than 30 days, and the associated Azure active directory user has been hard-deleted. All mailbox content such as emails, contacts and files will be permanently deleted.
- The user mailbox’s associated Azure active directory user account has been hard-deleted in the Azure active directory. The user mailbox is now soft-deleted in Exchange Online and stays in the soft deleted state for 30 days. If in the 30 days time period a new Azure active directory user is synchronized from the original on-premises recipient account with the same ExchangeGuid or ArchiveGuid, and that new account is licensed for Exchange Online, this will result in a hard deletion of the original user mailbox. All mailbox content such as emails, contacts and files will be permanently deleted.
- The soft deleted mailbox has been deleted using the Remove-Mailbox -PermanentlyDelete cmdlet in Exchange Management Shell.
How to recover a deleted mailbox in Office 365 / Exchange Online?
Soft deleted mailboxes will be available for 30 days. If the mailbox available in soft deleted state, then we can restore the mailbox.
