Recent Discussions
Using iOS Build Numbers in Exchange ActiveSync Device Access Rules
A change made in late 2024 allows Microsoft 365 tenants to use IOS build numbers in Exchange ActiveSync device access rules. Apparently, the idea is that tenants can insist that people use iOS devices with very specific build numbers (like iOS 18.3.1 22D72) before the devices can synchronize with Exchange Online mailboxes. You never know when you might need the feature (or so they say). https://office365itpros.com/2025/03/06/device-access-rule-ios-build/
Unable to Add Exchange 2019 Email Account (Ionos) to Outlook (New) on Windows 11
Hello everyone, unfortunately, I am unable to add my Ionos (Exchange 2019) email account to the Outlook Windows app. On Windows 10, it was still possible to manually configure an Outlook account, which worked fine. However, on Windows 11, this option is no longer available, and I can’t revert to the previous version of Outlook either. When I try to add the account by selecting Microsoft 365 - Office 365, Exchange and entering my email address, I always get the error message: We couldn't find a work or school account with that email address. I have already contacted Ionos, but they couldn’t solve the issue either. They mentioned that Microsoft doesn’t allow setting up an Exchange account this way, even though the option is listed in the selection menu. Does anyone know how to fix that? Thank you very much!
Exchange Online (hybrid vs. cloud conundrum)
Im not sure how to proceed with a deployment of Exchange Online. I have an on-prem forest with two sub domains. Years ago, this was a shared exchange on-prem org. Sub domain A.contoso.local migrated to gmail. Sub domain B.contoso.local migrated to hybrid exchange online. Now, years later, A.contoso.local wants to migrate from gmail to exchange online cloud, not hybrid. A.contoso.local user attributes are a mess, there are some users with a targetAddress of SMTP:user@A.contoso.local, some with proxyAddresses of SMTP:user@A.contoso.local, smtp:useralias@A.contoso.local, some have various msExch* attributes, while some have one or none of those attributes. All users have their mail attribute set appropriately. Entra ID Connect has been syncing for years but only recently has a license for Exchange online been provisioned, initially for just a few users. Those users mailboxes were created automatically as a result of assigning the license. Where thigs start getting weird is with Contacts in the Exchange online admin portal. Only some of the entra users show up there, maybe only 2/3's of them, they show as ContactType = MailUser. Actual Contacts sync fine from on-prem to Contacts. Contacts show up fine in the GAL too. Also strange that when the on-prem users proxyAddresses attributes change, they are not updating in EntraID. Sync works fine on other attributes otherwise. We arent quite ready to migrate the gmail users to exchange online, first we are rolling out Teams. We want to get the Contacts \ GAL working correctly so that people in Teams can use it as the source of truth. But like mentioned, only 2/3 of the users are there in the GAL. Even then, none of them show up in the Teams People app unless you search for them explicitly. No, they arent flagged as excluded from the addressbook. Considering we eventually want to be Cloud, not hybrid, do we need to clean up any of the old msExch* attributes? Manually manage them? Why arent those attributes syncing properly through entra id connect sync? Why dont GAL users show up in Teams unless searched explicelty? Why dont Contacts show up at all in teams when they show fine in the GAL in Outlook online just fine? Sorry, lots of questions I know. Hopefully someone can help clarify any of this.
554 5.3.4 Content conversion limit(s) exceeded
Could not send mail from PowerBI to local mailbox using SMTP receive connector. There is EventID DELIVERFAIL: "STOREDRV.Deliver.Exception:ConversionFailedException; Failed to process message due to a permanent exception with message The content conversion limit has been exceeded. ConversionFailedException: The content conversion limit has been exceeded. [Stage: PromoteCreateReplay]'" in Transport log. How/where could I check/set the content conversion limit? Is there some other log, where I can find detailed information about this? Message size is 1.3MB, maximum message size in connector is 20MB Exchange 2019 CU 14 Thanks.
How to repair a corrupted Public Folder (on-prem)
Hello guys, Hope all is well. In our Exchange 2019 environment we use Public Folders extensively. Everything seems ok except one of folders that looks corrupted. I can execute commands Get-PublicFolder / Set-PublicFolder against it, I can get its items statistics (Get-PublicFolderItemStatistics) and have access to items through Outlook. But commands Get-PublicFolderStatistics, Get-PublicFolderClientPermission return the same error: The security principal specified is already on the permission set. + CategoryInfo : NotSpecified: (:) [Get-PublicFolderStatistics], CorruptDataException + FullyQualifiedErrorId : [Server=E7,RequestId=b2f89187-878f-4cab-b05f-fcdaa7d82c0d,TimeStamp=2/17/2025 3:19:42 PM] [FailureCategory=Cmdlet-CorruptDataException] B960021F,Microsoft.Exchange.Manag ement.MapiTasks.GetPublicFolderStatistics I tried to repair the corresponding public folder mailbox (New-MailboxRepairRequest) but none of my requests found errors. I moved the public folder content to a different public folder mailbox, no success. Any ideas how to fix the issue? My guess is that ACL list of the public folder is corrupted. Regards, Dmitry HorushinSearch-UnifiedAuditlogs For Mailbox - Problems
Introduction Like many, I have been faced with an audit search problem on mailboxes. I finally found a solution by searching deeply into the web. In this post I will provide you with Microsoft's documentation, I have tested everything, and it finally works. I also have comments to Microsoft, directly to the product group (with a case Microsoft) but also by the technet article feedback feature. Technical Content We assume that you have all necessary permissions and role to run audit logs search. For Regular mailboxes: if you have no results via GUI, It is possible that in the time interval there is no result. It may happen that the audit is blocked on the mailbox despite the fact that the feature is active. You may use the command Search-UnifiedAuditLog with the following parameters: UsersIds : email address Operations : event to be search (Exchange Mailbox Activites) Search-UnifiedAuditLog -UserIds <MailboxIdentity> -Operations MoveToDeletedItems, SoftDelete, HardDelete -StartDate "01/01/2025" -EndDate "15/01/2025" Unfortunately, no results appear with powershell. Here, you can find the documentation that describe the symptom and how to resolve it. Even when [mailbox auditing on by default](https://learn.microsoft.com/en-us/purview/audit-mailboxes) is turned on for your organization, you might notice that mailbox audit events for some users aren't found in audit log searches by using the Microsoft Purview portal or the compliance portal, the **Search-UnifiedAuditLog** cmdlet, or the Office 365 Management Activity API. The reason for this is that mailbox audit events is returned only for users with E5 licenses when you use one of the previous methods to search the unified audit log. You must run the following command within Exchange Online : Set-Mailbox -Identity <MailboxIdentity> -AuditEnabled $false And then : Set-Mailbox -Identity <MailboxIdentity> -AuditEnabled $true Now you can search within the GUI or with powershell and you will have some results. For Shared Mailboxes: To search audit logs for a SharedMailbox, you must use the following command, with the parameter *FreeText.* Search-UnifiedAuditLog -StartDate "08/01/2025" -EndDate "11/01/2025" -FreeText (Get-Mailbox -identity <MailboxIdentity>).ExchangeGuid -Operations MoveToDeletedItems` Here you can find the article that describes the FreeText parameters, and also decscribes that GUI is not working for SharedMailboxes. Also, using the **User** dropdown list in the audit log search tool or the **Search-UnifiedAuditLog -UserIds** won't return results for activities performed in a shared mailbox. If there are no results and you are sure that there should be, then the same manipulation as described above will have to be done. Disable and then reactivate the audit on the mailbox: Set-Mailbox -Identity <SharedMailboxIdentity> -AuditEnabled:$false Set-Mailbox -Identity <SharedMailboxIdentity> -AuditEnabled:$true Run again the Search-UnifiedAuditLog command. Now you will find results. Conclusion I assume that the "Users" text box in the interface corresponds to the parameter "UserIds" in the cmdlet. And there is no match for the "FreeText" parameter. You can find other articles in my GitHub about Purview https://github.com/trisdev75/MicrosoftPurviewUsing Exchange High Volume Email with Azure Automation
This article covers how to use HVE with Azure Automation to send email. HVE is Exchange Online’s High Volume Email solution for internal communications. In the discussion, we cover how to retrieve credentials from Azure Key Vault, how to retrieve data from a web page, and how to bring everything together in a message submitted to HVE. https://office365itpros.com/2025/01/29/use-hve-with-azure-automation/How to Configure CBA for ActiveSync on exchange 2019 on premise??
Hi all, I was setting up CBA for active sync and owa on exchange on premise 2019 following this guide https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/configure-certificate-based-auth?view=exchserver-2019 It was a struggle, but after I increased uploadReadAheadSize value to 49152 for owa, ecp and activesync, I started getting error on browser “too many redirects, try clearing cookies”. Clearing cookies didn’t help (private windows also didn’t help), but then I installed another browser (chrome), and owa started working accepting certificates. The browser that I was experimenting with before (edge) still not working for owa, I guess something needs to be cleaned. I understand it is not specifically edge problem, but the fact that edge has cashed some data (since I did all testings on it) that doesn’t allow to connect. I was able to connect to owa with edge on another computer, which was not used before. After I got owa to work on PC, I installed user certificate on iphone, and owa works there with certificate too (great!! one problem solved). However, for some reason active sync still doesn’t work with certificate required on the same iphone. I assume iphone should use same certificate it uses for owa (which works), so certificate is not the problem. Without requiring client certificate it also works, so permissions/policies shouldn’t be the problem. I’m getting error codes 403 7 64 and 403 7 5. Does anybody have any suggestions???DatabaseCopyActivationDisabledAndMoveNow issue
Hey all, Some info first: Two Exchange 2019 CU14 in a DAG on Server 2022 Two mailbox databases I just installed the latest SU on the second server and when it came time to move the Active databases back I got this error: Server "exchange1" is enabled for DatabaseCopyActivationDisabledAndMoveNow. Moving databases to such servers may be ineffective because the system will automatically attempt to move again as soon as a healthy copy is detected. I thought I had already set that back to False so I checked: Get-MailboxServer Exchange1 | Format-List DatabaseCopyActivationDisabledAndMoveNow DatabaseCopyActivationDisabledAndMoveNow : False I ran the command again to set it to False just in case, but I still get the same error when trying to move the databases. The databases show as Healthy on Exchange1, and Exchange is functioning fine otherwise. I cannot see anything obvious in the event logs. Does anyone know what the issue might be? thanks Justin EDIT: Bah! Nevermind, it took over a half hour but I was just able to move the databases back, and everything appears fine.February Deadline Looms for Legacy Exchange Tokens Used by Outlook Add-Ins
A February 2025 deadline looms for Outlook classic add-ins that use legacy Exchange tokens for authentication. Add-ins must switch to nested app authentication (NAA) to have continued access to Exchange mailboxes and other objects. The upgrade is easy enough if the ISV that developed the original add-in is still in business. Things get a lot more complicated when they're not, or you have no idea who developed an add-in. https://office365itpros.com/2024/12/11/legacy-exchange-tokens-deadline/
Exchange Availability service
I'm looking for clarification about the configuration on cross forest availability services explained in the followin article Configure the Availability service for cross-forest topologies | Microsoft Learn We have two forests with an exchange org on each of them. Forest A --- AD companyA.local ---SMTP companyA.com Forest B --- AD companyB.local ---SMTP companyB.com There's a bidirectional trusts between the two forests they need to be able to share the user's free/busy information between the two forest and the article seems to be what we need. It mentions to complete two steps Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "<Remote Forest Domain>\Exchange servers" Add-AvailabilityAddressSpace -Forestname ContosoForest.com -AccessMethod PerUserFB -UseServiceAccount $true given our setup am I correct if I do the following ? IN FOREST A Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "companyB\Exchange servers" Add-AvailabilityAddressSpace -Forestname CompanyB.com -AccessMethod PerUserFB -UseServiceAccount $true IN FOREST B Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "companyA\Exchange servers" Add-AvailabilityAddressSpace -Forestname CompanyA.com -AccessMethod PerUserFB -UseServiceAccount $true ThanksMicrosoft Details Progress Towards a More Secure Exchange Online
In a November 18 post, Microsoft describes some Exchange Online security updates that are due to land between now and 2026. Some of the news is a restatement of previously announced information, like the deprecation of EWS in October 2026. New information includes some information about feature caps that the Graph APIs cannot close when EWS goes away. And then there’s a hint about the demise of public folders (again!) https://office365itpros.com/2024/11/19/exchange-online-security-updates/Distribution list Export all group members option missing
Similar thread : https://learn.microsoft.com/en-us/answers/questions/2119623/distribution-list-export-all-group-members-option Distribution list Export all group members option missing from enterpsie tenants and only available in lab test tenantDMarc/DKIM Issues
I have enabled DKIM in Microsoft 365, and according to Microsoft 365 Defender page, it is enabled and valid for my Exchange domains. I have created a TXT _dmarc record: v=DMARC1; p=quarantine; pct=100; rua=mailto:email address removed for privacy reasons; ruf=email address removed for privacy reasons Yet I keep receiving problem reports like the one below. How can I fix this? <feedback xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <version>1.0</version> <report_metadata> <org_name>Enterprise Outlook</org_name> <email>email address removed for privacy reasons</email> <report_id>640f326a62f640e4815e84e6f0020d9c</report_id> <date_range> <begin>1730764800</begin> <end>1730851200</end> </date_range> </report_metadata> <policy_published> <domain>z.com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>none</p> <sp>none</sp> <pct>100</pct> <fo>0</fo> </policy_published> <record> <row> <source_ip>40.107.96.92</source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>fail</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <envelope_to>b.n</envelope_to> <envelope_from>z.com</envelope_from> <header_from>z.com</header_from> </identifiers> <auth_results> <dkim> <domain>onmicrosoft.com</domain> <selector>-onmicrosoft-com</selector> <result>fail</result> </dkim> <spf> <domain>z.com</domain> <scope>mfrom</scope> <result>none</result> </spf> </auth_results> </record> </feedback>
华纳国际联电话+微【70411382】
1. 单击图表结构 PC旁边的备注分别为:IP地址、子网掩码、默认网关 按照分别的配置好PC0、PC1、PC2的网络设置 #一个网络不仅仅可以有一台电脑,如果加了一台电脑又要配置不同的IP,很可能是该机型真正的3话会乱;这里是为了其他的划分用254作为网关最后一位。 交换机配置 Switch>en //进入特权模式 Switch#conf t //进入网络配置模式 输入配置命令,每行一个。以CNTL/Z结尾。 Switch(config)#vlan 10 //创建VLAN10 Switch(config-vlan)#vlan 20 //创建VLAN20 Switch(config-vlan)#vlan 30 //创建VLAN30 Switch(config-vlan)#int ran f0/1-6 //进入f0/1-6(6个接口) Switch(config-if-range)#sw mo ac //设置为access(访问)模式 Switch(config-if-range)#int f0/1 //进入f0/1 Switch(config-if)#sw av 10 //将接口划分到VLAN 10 Switch(config-if)#int f0/2 //进入f0/2 Switch(config-if)#sw av 20 //将接口划分到VLAN 20 Switch(config-if)#int f0/3 //进入f0/3 Switch(config-if)#sw av 30 //将接口划分到VLAN 30 Switch(config-if)#int g0/1 //进入g0/1 Switch(config-if)#sw mo tr //设置为TRUNK(中继)模式 2. 点击图复制拓扑结构 更多细节分别配置好正确的3台PC的IP地址、子网掩码、默认网关 检查同一VLAN下的相似性 3.添加用户,使所有网络都可以相互通信 其他思科 DNALast Exchange Server Shutdown. Exchange Management Shell attempts to connect to old Server
We have migrated all mailboxes to Exchange Online and felt we were in a position to shutdown the last on-prem 2016 Exchange Server. We followed the instructions in the following article to shutdown the last Exchange Server and manage recipients using the Exchange 2019 Management tools. https://learn.microsoft.com/en-us/exchange/manage-hybrid-exchange-recipients-with-management-tools When we open the Exchange Management Shell on the server running the new management tools it attempts to connect to the old Exchange Server. What do we need to do so the Exchange Management Tools stops connecting to the old exchange?Username change is not reflecting in Teams channel while adding him to channel
Hello all, Recently we changed name of one of our users and that change reflected everywhere well but for the user's manager when they try to add this user to a Teams channel, they are getting the old name. I had checked the users name in AD, Azure AD, M365 admin center, Exchange admin center Everywhere it seems to be updated but the user is reporting he is still seeing the old name for him only while adding this user to teams channel. Please suggest me what I need to check.How to remove personal retention tags from all users mailboxes programmatically
My customer is using MRM and has been for a long time in office 365. Recently they noticed that employees were putting personal tags on some items, this is against their policy. The way to prevent users from using personal tags is documented here. Users can use all personal retention tags regardless of retention policy in Exchange Online - Microsoft Support Once that is complete, they'd like to remove any personal tags on email items or folders in all user mailboxes. I am told you need an EWS script to do this. Does anyone have an examples script?
Recent Blogs
- We’re introducing new tenant-level outbound email limits (also known as the Tenant External Recipient Rate Limit or TERRL).Feb 24, 2025
- We are announcing a change in behavior of the EWSEnabled tenant-wide switch in Exchange Online.Feb 20, 2025
