Format MessageTraceDetail in Exchange Online

Over the last weeks, I had to perform more than usual message traces in Exchange Online. For more details how to run such traces, Tony recently updated his article:

Exchange Online Message Traces are Different to On-Premises Searches (

However, the details you want to look at are not really formatted in a readable format.

Continue reading

Check for ApplicationAccessPolicy

Maybe you are aware that you can scope application registered in Azure AD and configured with OAuth 2.0 application permissions. It is well documented here Limiting application permissions to specific Exchange Online mailboxes – Microsoft Graph | Microsoft Docs and finally also Exchange Web Services (EWS) is supported.

However, I think it is important to perform regular checks in your tenant whether policies exists or not.

Continue reading

Maintain MAPI permissions recursive

I strongly believe that many of you already run into this scenario:

“Hey, can you help me and grant access to all my folders in my mailbox to this one person?”

When it starts like this, in most cases this user has folders, where the total number is for sure more than 2 digits.

Continue reading

When OOF makes you hit EXO limits and you’re blocked from receiving emails

I recently came across something you might also run into at this time of the year or when a company wide announcement needs to be made via e-mail and the sender is in Exchange Online:

A person sent some season’s greetings, which results into being blocked by EXO as a limit was reached (you can find more about these limits here). My first thought was something like sending e.g.: 10.000 messages per day or too many recipients, but it turned out to be something different.

Continue reading

When AAD, EXO and MS Teams creating a mess

I’m dealing with these issues already for a long time. But meanwhile, after a couple of support cases, the fog seems to lifting.

When you don’t have the following setup, you can stop reading:

  • create accounts for partners in your on-premises Active Directory (AD)
  • sync these accounts to Azure Active Directory (AAD)
  • Exchange RecipientType is MailUser
  • you assign one of the following licenses:
    • Customer Lockbox (in combination with SPO)
    • Microsoft 365 Advanced Auditing

For the others, feel free continue reading. It might open your eyes for some issues your facing.

Continue reading

ApplicationAccessPolicy for EWS

I’m really excited about the fact that Microsoft fulfilled the ask for supporting Exchange Web Services (EWS) protocol in ApplicationAccessPolicy as announced here:

Unfortunately Microsoft seems to make it harder for you to add EWS permission full_access_as_app to your app.

Continue reading

Update delegate collection challenge

A few days ago, I was approached by some Executive Support colleagues. The had to handle a lot of mail items in shared mailboxes. One issue the came across, was the fact that they had to move items and delete folders, but couldn’t as the folders contained private items.

Note: Don’t get me started about the use case “Private Items”! It doesn’t gives you any security value as it’s only honored by a few clients!

Well, back to the topic…I’m aware of this behavior and there is also a KB article about this topic:

“Cannot copy this folder because it may contain private items” error in Outlook

Since the shared mailbox is in M365 and the fasted way with least effort was to add the permissions for this user using Add-MailboxFolderPermission and make use of parameter -SharingPermissionFlags.

That’s what I thought and then run into this…

Continue reading

The future of Exchange Online automation with EXOv2

I know that this topic is really a topic with gets high attention.At the moment there is nothing available in Microsoft Graph, which would make it possible to manage objects in Exchange Online.

The few things, which exists, are more for end-user (e.g.: accessing their e-mails, calendar or tasks) and for auditing and reporting (e.g.: Security API). Nothing available for managing a mailbox permissions or attributes. Not even like simple CustomAttribute1-15.

Now Microsoft released a new Exchange Online PowerShell module: EXOv2.

Continue reading

Microsoft Graph, Exchange Online and the lack of proper logging

Microsoft Graph is gaining more and more attention by developers. Also due to the fact of deprecation of Basic Authentication (please read more about this here!), many are shifting to the new protocol.

I welcome this change, but what I just came across is something I don’t like:

A colleague opened a ticket and complained about something is modifying his calendar items. So far, I saw this an easy task and used my Get-CalendarItems script, but I had to learn not everything is logged, when Microsoft Graph is used…

Update August, 12 2020

I got word that the multi-geo issue will be addressed. No ETA as of now. But at least for calendar items a fix is currently rolling out. Now the used AppID is logged:

The only drawback: Looks like every component team is doing their own thing. That’s why we don’t see proper entries on the item in the Sent Items folder.

Continue reading

EXO V2 module, earlier .NET versions and pesky TLS1.0/1.1

It’s been a while that the new module for managing Exchange Online using PowerShell.If not yet aware, please check out how to Use the Exchange Online PowerShell V2 module.

It’s not perfect (yet!), but huge improvements and Microsoft is working hard to get the module improved.

On my transition to the new module, I was made aware of connectivity issues by some colleagues:

New-ExoPSSession : An error occurred while sending the request..
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\0.3582.0\ExchangeOnlineManagement.psm1:401 char:30…

PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro …

But the issue existed ONLY when using the parameter -Credential

Continue reading