Microsoft Graph, Exchange Online and the lack of proper logging

Posted on by
2

Microsoft Graph is gaining more and more attention by developers. Also due to the fact of deprecation of Basic Authentication (please read more about this here!), many are shifting to the new protocol.

I welcome this change, but what I just came across is something I don’t like:

A colleague opened a ticket and complained about something is modifying his calendar items. So far, I saw this an easy task and used my Get-CalendarItems script, but I had to learn not everything is logged, when Microsoft Graph is used…

Continue reading

EXO V2 module, earlier .NET versions and pesky TLS1.0/1.1

Posted on by
Reply

It’s been a while that the new module for managing Exchange Online using PowerShell.If not yet aware, please check out how to Use the Exchange Online PowerShell V2 module.

It’s not perfect (yet!), but huge improvements and Microsoft is working hard to get the module improved.

On my transition to the new module, I was made aware of connectivity issues by some colleagues:

New-ExoPSSession : An error occurred while sending the request..
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\0.3582.0\ExchangeOnlineManagement.psm1:401 char:30…

PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro …

But the issue existed ONLY when using the parameter -Credential

Continue reading

Decommissioning flaw in Exchange

Posted on by
1

This post is lingering around for a while as I thought it would be fixed some days. Unfortunately it wasn’t fixed as of today, so be aware in case you’re going to decommision your Exchange servers. In particular:

Removing databases.

The need of removing databases can have multiple reasons. In my case it was the next logical step in our journey to Exchange Online.

Continue reading

When path is too long

Posted on by
9

Last weekend I run into an issue, where due to missing disk space availability my server run into back pressure.

Exchange has a feature, which will move the current mail queue file and the respective log files to another folder. This happens when transport service detects an issue with the current queue and is called QueueDatabaseRecoveryAction.

Continue reading

The end is near (for legacy auth)!

Posted on by
3

Microsoft announced first the deprecation of Basic Authentication for Exchange Online and EWS protocol starting Oct. 13, 2020 here.

Note: At this time this affected ONLY the protocol EWS for mailboxes on Exchange Online!

Later it was announced that this also happens for other protocols like Exchange Active Sync (EAS), POP, IMAP and PowerShell at the same time here, in order to improve security.

Looking at the protocols, you might wonder about REST. This was announced for REST API v1.0 shortly after the announcement for EWS here and highlighted again here.

With this, there is no doubt that Basic Authentication is dead for Exchange Online and Microsoft Graph and every vendor should look into alternatives for authentication AND also update their products. There are still way too many products without support of Modern Auth.

The deprecation of Basic Authentication raises a few questions:

  • How can I access mailboxes with my service account?
  • My application needs access to all or only a subset of calendars. How can I securely configure this?
  • I need to Send-As or Send-on-Behalf of recipients’ e-mail addresses. What do I have to configure?

In this post I’m trying to cover some scenarios and try to explain advantages and disadvantages.

Note: This article is ONLY covering OAuth and Exchange Online! I assume you’re using a Bearer token for authentication in your request!

Continue reading

Compliance bug in Exchange Online

Posted on by
Reply

Last week fellow MVP Vasil Michev (his very valuable blog can be found here!) stumbled across a post on Spiceworks, related to compliance feature in Exchange.

After some testing, i was able to reproduce the issue as well. As this is really a severe bug, a SevA case was opened at my companies account.

You can read and get the full details on Tony’s post here.

Note: I’ve tested this in my companies environment with the same Outlook client against Exchange 2016 CU14 and couldn’t reproduce the issue.

Once we have the root cause for this issue, you will be informed. Until then I can only recommend to open a ticket with MS.

Outlook command-line switch:”/cleanrules” (think twice!)

Posted on by
Reply

This post has nothing major, except a warning! I run into this some time ago and thought, this is nothing to write about.

But with the latest regression in Outlook

[INVESTIGATING] The rules on this computer do not match the rules on Microsoft Exchange

I was approached by colleagues as they lost their Outlook rules completely.

Continue reading

Office 365 DLP: Pesky keyword dictionaries

Posted on by
Reply

As part of my role, I’m also working with Office 365 Data loss prevention policies. Creating custom sensitive types is part of this tasks and as I’m always leaning towards using PowerShell for automation, I stumbled across this.

If you follow the current description and examples given for the Cmdlet New-DlpKeywordDictionary, you will create a dictionary, which won’t match and therefore policies will not detect sensitive data as expected.

Continue reading

Office 365 DLP: Credit Card Number issue

Posted on by
Reply

A few weeks ago, I was approached by one of our teams, as they had the need for implementing a Data Loss Prevention policy.

If you are not familiar with, please read more about this feature here.

After a few discussions, I knew what they were looking for and there was nothing complicated. Thus, I was confident this is easy to implement…until we started testing.

Continue reading