Exchange Online message tracing differs from its on-premises equivalent. In this article, we explain the basics of how to trace the path of a message through the Exchange Online transport system, and offer some tips and tricks along the way.
The complexities of Office 365 tenants only increases the complexities of creating an Office 365 migration plan. To generate an initial assessment for a tenant, I created a PowerShell script to report the most important information that influences migration planning.
PowerShell uses a concept called pipelining to combine two or more cmdlets to perform a cohesive task. The PowerShell pipeline combines singularly useful cmdlets together to process data. Used intelligently, the pipeline is a great way to process data through a series of steps to automate common administrative operations. Mastering the pipeline, or at least becoming comfortable with pipelining cmdlets, is an essential skill for anyone using PowerShell to manage Microsoft 365 tenants.
The Microsoft Graph operates on a least permission model, which means that developers are forced to ask for permissions for the actions they wish to perform. This is a very different approach to the way traditional PowerShell modules work, so it's an area to focus on when converting scripts which use cmdlets from the Azure AD and MSOL modules to the Microsoft Graph PowerShell SDK. In this article, we look at four ways to find out what permissions are needed to perform different actions and explain how the Graph use the permissions.
Exchange Server on-premises organizations need somewhere to test scenarios for updating, testing configurations, and running occasional “what-if” testing. This article provides guidance on notable alternatives for delivering suitable Exchange 2019 lab environments - without breaking the bank.
Exchange Online boasts a set of mailbox permissions that allow delegate access to some (or all) content. In this article, we describe how to notify mailbox owners when administrators assign new permissions over their mailbox. Naturally, the notification is via email, but there are some twists along the way.
It's common to find a requirement to create new Microsoft 365 accounts with PowerShell. We're at a point of transition when the old method of using the Azure AD module will switch to the Microsoft Graph PowerShell SDK or Graph API queries. In this article, we explain how to create new accounts and assign licenses with both the Azure AD module and the Microsoft Graph PowerShell SDK.
Microsoft has announced a six month extension for support of the Azure AD Graph API. The new deadline is the end of 2022, which gives Microsoft 365 tenants some extra time to convert PowerShell scripts which use the Azure AD and MSOL modules. The original deadline for retirement of the Azure AD license management cmdlets remains at June 30, 2022.
The Microsoft Graph PowerShell SDK is a good way to execute Microsoft Graph API queries from PowerShell scripts. In this article, we explain how to use cmdlets from the SDK with a Azure Automation runbook. The example we use is a script to send a welcome email to new employees.
As many organizations adapt legacy scripts to use app authentication instead of traditional service account credentials, security can be compromised if certain risks are overlooked. While app secrets can be great for testing code, there’s a reason they have an enforced expiry date - the longer a secret exists in production, the higher the risk it will become compromised. The methods described in this article will help build a good foundation for app authentication while keeping security top of mind when creating or updating automation scripts.
Attack Simulations are Microsoft’s foray into a crowded field of competitors who provide a service that trains users to recognize dangerous email with simulated Phishing or malware-infested messages. Microsoft has continually added features and functionality since they released Attack Simulations, including additional simulation types, different payloads, custom payloads, customizable training and more. The most recent upgrades are RBAC permissions and end user notifications. These two additions to Attack Simulation Training are a great incentive to deploy and adopt this functionality, as End User communications are the key enhancement that make this feature worthwhile for an organization.
33 Comments
Azure Automation runbooks can run Exchange Online PowerShell code on sandbox machines. Is this a good way of getting work done? In this article, we examine how to create an Azure automation account, a RunAs account, and some runbooks for PowerShell code to run against Exchange Online and other Microsoft 365 data.
