by Steve Galloway | Mar 24, 2015
Powershell provides highly scalable management utilities for managing bulk data and code deployment in single and simultaneous multiple server sessions.
To access the principle Powershell portal, see http://powershell.office.com/
To access the library, see https://gallery.technet.microsoft.com/office365
For security reasons, scripts are often “remote signed” which means that unless the author is “trusted”, you can review scripts in notepad, but the scripts cannot be executed. This is a security feature to prevent unwanted code being accidentally executed on machines. One way to make a script usable is to use the <unblock-file -verbose> command in Powershell 3.0 and higher to unlock scripts. Be sure to check code before adopting.
For help with scripting problems, visit the Powershell Community at:
http://pwershell.org
by Steve Galloway | Jan 14, 2015
Exchange Kiosk is a bolt-on for Office 365 Enterprise licenses. Exchange Kiosk suits mobile users who do not use permanent workstation services but need mobile access to email, and optionally Sharepoint. The service does not include Office applications, and although Kiosk connects to tablets and mobile phones with ActiveSync, workstation and laptop access via Outlook uses POP3 settings.
The service is a useful way to reduce licensing costs for small businesses who have a PC at home, but need enough licenses to provide two or three independant licenses. In this case, Kiosk can be added to an Office 365 tenancy, whereas Hosted Exchange licenses require their own tenancies.
Exchange Kiosk is not available to Small Business Premium or domestic Office 365 licenses. Kiosk is designed for Active Directory, and is only available to Enterprise licenses (E1, E3, etc.). These screenshots display Kiosk POP3 settings for Outlook:
by Steve Galloway | Jan 7, 2015
Delegated administrators do not usually have access to clients’ Office 365 front ends like Sharepoint and OneDrive. This is in keeping with conventional network administrator server room working practices. However, OneDrive and Sharepoint are collaborative tools, and clients may want delegated administrators to have access to OneDrive folders and Sharepoint libraries or lists.
Provided that Sharepoint permissions are established to share content to external users, site owners can invite delegated administrators to share OneDrive Folders, and when Sharepoint libraries are similarly shared, delegated administrators can add a link to their Sharepoint “Sites” home page which attaches to a tile. This is an alternative to saving the Sharepoint site in brower favourites, and is a more secure solution.
To add a site/tile to your Sharepoint home page:
1. Make a note of the target site that has already been shared to you. The url may be available in the invitation sent by the ite owner, or you can copy the url when you visit the target site by following through an invitation from your browser navigation bar.
2. Login to your instance of OWA, and go to Sites.
3. Above the tiles on the left margin of your browser on your Sites home page, you should see a link called “MANAGE the promoted sites below”. Click the link open.
4. Where a new tile appears, click “add a new site”, and complete the fields with the target site url and any customization you need. Tile images default to 150×150, and the tile size can be changed using css.
by Steve Galloway | Dec 30, 2014
If you have full privileges to a shared mailbox that appears in an Exchange address book, you can use Outlook Web App or a desktop version of Outlook (for example, Outlook 2013), to open that mailbox.
Shared mailboxes allow a group of people to monitor and send email from a public email alias, like info@contoso.com or contact@contoso.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user. You can also use the shared mailbox as a shared team calendar.
The admin for your organization has to create the shared mailbox and add you to the group of users before you can use it.
Display a shared mailbox using OWA
Use this method to monitor email from your primary mailbox and the shared mailbox at the same time. After you complete this task, each time you open Outlook Web App, the shared mailbox and its folders will display in the left navigation in Outlook Web App.
- Sign in to your account in Outlook Web App.
- Right-click your primary mailbox in the Folder pane, and then click Add shared folder.
- In the Add shared folder dialog box, type the name of the shared mailbox, select the name, and then click Add.
The shared mailbox displays in your Folder list in OWA. The shared mailbox will appear there each time you access OWA. You can expand or collapse the shared mailbox folders like you can your with your primary mailbox. You can remove the shared mailbox if you no longer want to view the shared mailbox in your folder list. To remove it, right click the shared mailbox, and then click Delete.
Display a shared mailbox in standalone mode
Use this method if you want to view and manage email for a shared mailbox in a its own browser window, rather than rendering the shared mailbox folder in OWA’s navigation tree.
- Sign in to your account in Outlook Web App.
- In the Navigation bar on the top of the Outlook Web App screen, click on your name. A drop-down list will appear.
- Click Open another mailbox.
- Type the email address of the other mailbox that you want to open. Another Outlook Web App session will open in a different window allowing access to the other mailbox.
Tip If you mistype the email address of the mailbox, a second window will open up stating that the webpage can’t be found. Try retyping the email address again.
Note also that shared mailboxes also attach to a calendar function. A shared calendar is established when administrators create a shared mailbox so that group members have mutual access and privileges to a shared calendar.
by Steve Galloway | Dec 25, 2014
cmdlts: get, set, new, enable, disable
Recipients:
get-msluser
new-msoluser -lastname test -firstname userxx – …just copy from example
Then assign license:
get-msolaccountsku list licenses
set-msol -uselicense -userprinciplename insert email address etc -addlicenses etc | set (and then set the license..)
so, get mailbox user, then pipe it to whatever:
get-mailbox whoever | set-mailbox -prohibit…
get-distributiongroup
Resource mailboxes established in Exchange
new-mailbox -room
new-mailbox -shared
get-mailbox whoever | add-mailboxpremission -user admin -accessrights fullaccess
mail contact is just a contact
mail user doesn;t have a mailbox but does have permissions
new-mailcontact -externalemailaddress
new-mailuser….. which would have to include passwords etc
PUBLIC FOLDER
want to use recurse and pipe it to whatever – better than EAC
Mail Flow:
get-help [cmdlt] -example
get-accepted-domain
-accepted-domain
Azure cmdlts start with MSOL
get-MSOLdomain
new-MSOLdomain fabrikam.com or contoso
get-MSOLdomainverificationDns
set=MSOLdomain -name fabrikan.com -isdefault
get-transportrule
get-transportruleeradicate
get-transportruleactions
get-help new-transportrule -examples
new-transportrule -name “test rule” -FromsScope notinorganisation -sentto “admin@whoever.com -prependsubject “for Admin”
get-messagetrace -senderaddress admin@… -startdate (NB not more than 30 days -enddate (whatever)
get-messagetrackingreport
Outlook web app policies
get-CasMailbox [id]
get-CasMailbox | fl
Sort the policy
get-owamailboxpolicy
set-owamailboxpolicy “testPolic” -allowofflineOn none
get-mobiledevicepolicy
set-mobiledevicepolicy
Assign policy to user
clear-mobiledevice
get-mobiledevice -mailbox
get-mailbox | %{get-mobiledevice -mailbox %.name.name}
Sharing apps
Powershell best for getting detail on apps.
get-app
get-app messageheaderanalyzer | fl *
new-app (usually url)
Role Based Acces Control – RBAC
If you are doing something with RBAC, you need to run:
enable-organizationcustomization
Configuring
get-rolegroup
add-rolegroupmember
get-managementrole
new-rolegroup -name “Address List Admin” -roles “Address Lists” -members admin
get-rolegroup to see address list group added to groups
get-managementroleentry “Address Lists\*”
GAL segmentation:
address list
GAL list
Room List
Offline address list
create address list:
get-help new-addresslist -examples
See address books in technet Exchange Online – good for showing how GAL segmentation works
Configuring Data Loss Prevention DLP
get-dlppolicy
get-dlppolicytemplates
new-dlppolicy -name “US Patriot Act Policy” -Template “U.S. Pattriot Act”
get-dlppolicy
set-dlp-policy “US Patriot Act Policy” Mode Enforce
get-transportrule
Establishing Retention Policies
To create a retention policy:
get-retentionpolicytag
new-retentionpolicy “sales Retention Policy” -Retentionpolicylinks “Inbox-Sales”
set-mailbox alexd -retentionpolicy “Sales Retention Policy”
Notes about Journaling
get-help new-journalrule -examples
get-journalrule
Using eDiscovery
default role group
get-rolegroup
get-rolegroupmember
“Discovery Management”
add-rolegroupmember -identity “Discovery Management” -Member testuser
get-help *search*
get-help new-mailboxsearch -example
get-mailboxsearch lists searches in progress
start-mailboxsearch (check out help on this
****Woah – how to remotely delete email****
search-mailbox “Subject:Hey” -delete (except you need RBAC rights for it)
Audit Reporting
get-adminauditlogconfig (use to disable admin logs if you need)
set-adminauditlogconfig
get-help *audit*
search -adminauditlog (use help to find what)
Exchange Online Protection EOP
get-help *malware*
get-malwarefilterpolicy | fl
Connection filter lists?
get-help *connection*
get-hostedconnectionlists
CONTENT FILTER
get-hosted and then try tabbing
QUARANTINE
get-help quarantine*
get-help *report*
