Category Archives: Office 365

Configure Exchange Online to reject emails that fail DMARC validation with organizations having policy of reject

DMARC, Office 365, Security October 8, 2019 Comments: 6

By default Office 365 DMARC validation for internet emails that fails for policy P=Reject will make the email to land in junk folder of the recipient mailbox. Microsoft 365 will treat DMARC policies of quarantine and reject in the same way, which means that if the sender’s DMARC policy is set to reject or quarantine, the emails that fail DMARC will be sent to the junk folder of the recipient mailbox which is by design as of now and can be found in the Microsoft Article.

Microsoft believes that the main agenda of doing this is to ensure that any legitimate emails which misses in DMARC alignment shouldn’t be lost and its better either to quarantine them or to get them delivered recipient’s junk mail folder. There are few cases wherein few organizations would still need the DMARC policy to be stringent due to their security regulations.

Microsoft validates DMARC and overrides the failure with a header value for a domain whose DMARC TXT record has a policy of p=reject oreject. Instead of deleting or rejecting the message, Office 365 marks the message as spam.

To test it further we are publishing SPF, DKIM and DMARC record for the domain ezcloudinfo.com as below:

Continue reading

Readiness and steps to Configure Direct Routing in Microsoft Teams

Microsoft Teams, Office 365, PSTN October 2, 2019 Comments: 2

Earlier to enable enterprise voice with calling plan on skype for business online we would need to install cloud connector locally on a virtual machines as a separate appliance which requires complex configuration for integrating with the certified session border controllers.

Now Microsoft have made it easier to configure them with direct routing where we do not need to deploy the cloud connector agent locally in the on-premise systems.

When paired with Microsoft Calling plans or direct routing with local ISP calling plan, they provide a full enterprise experience for office 365 users in Teams on a global scale. With Direct Routing we can Connect Existing Telephony Infrastructure to MS teams with the help of  local session border controllers. A SIP connection is created between the cloud call controllers and our local session border controllers.

In this article we will look at the options , readiness and steps  to Enable users for Direct Routing from the Microsoft office 365 perspective.

Readiness for Direct Routing:

Decide on Session Border Controller (Self or hosted SBC):

Session border controller connects Teams call to PSTN next hop or to the configured sip trunk with the local ISP. Here we have two options either to have own session border controllers on premise or to have this functionality hosted to a managed service provider who will host the session border controller for your organization to perform the SIP proxy and the PSTN routing for Microsoft Teams.

Make sure to select the supported session border controllers by Microsoft to configure direct routing in Microsoft Teams.

Figure out licenses based on deployment: Decide on media bypass Configuration

We need to figure out licenses on Microsoft office 365 to utilize the full enterprise functionality of Microsoft Teams.

Option1: Full Microsoft License

In this case no direct routing is required unless there is coexistence required with existing telephony system because we will be having the full calling plan with Microsoft and will utilize the Microsoft call controller, PSTN, Media controllers and Media processor.

Continue reading

Script to offboard resigned employee in a hybrid environment

Office 365, Scripts September 21, 2019 1 Comment

The below script can be used in off-boarding below tasks for a resigned employees as a bulk operation.

This script will help in below actions for Exchange online and AD tasks to be removed in a Exchange hybrid environment:

  1. Convert exchange online mailbox to shared Mailbox.
  2. Disable the Mailbox protocols – OWA,ActiveSync, POP, IMAP, MAPI & OWA for devices.
  3. Hide the user from GAL.
  4. Remove the user from respective licenses E3,E5,EMS E3 & EMS E5 Licenses.
  5. Cancel all the calendar future meetings.
  6. Remove the user account from all groups.
  7. Set the account expiry of the AD account.
  8. Remove the IP Phone Attribute.
  9. Remove the manager field.
  10. Set out of office.
Continue reading

Microsoft Teams – Side load 3rd party & custom built apps in Microsoft Teams pane

Microsoft Teams, Office 365 August 19, 2019 Leave a comment

With all the more new improvements in Microsoft Teams,we have more alternatives to modify the end user client choices from the application perspective to get access to the most frequently used applications from Microsoft Teams.

The Custom built in-house applications can be effectively side-stacked in Microsoft Teams which makes the end users to adequately use these applications.

To start utilizing these options login to Office 365 admin portal and verify if the teams side loading options are migrated to Teams admin portal.

Once logged in navigate to settings – services & addins – search for Microsoft Teams – And see if external apps in turned on.

In below case in this tenant these configurations have been migrated to Microsoft Teams admin portal and hence these settings are greyed out. This will be the case for almost every office 365 tenants.

Continue reading

SharePoint Online – Enable External collaboration through B2B extranet Sites

Collaboration, Office 365 July 12, 2019 Leave a comment

On every business operations its crucial to sanction external partners,vendors to collaborate on their quotidian operations. Withal there are cases wherein only business to business collaboration like sharing between two organization is required and remains a vital factor to their business.

To felicitate a classical external collaboration site it was always bit challenging for administrators from SharePoint on premise workloads. Extensive orchestrating is required in terms of provisioning hardware or VM resource, security hardening and getting the access on the firewalls etc..,

With Office 365 B2B there are much more easier ways to roll out this feature to business with no additional server provisioning, no certificate requirement and simple administration. This magnificently reduces the traditional deployment costs. By default we get secure sharing, seamless collaboration and we have much detailed governance and audit reporting.

Continue reading

Office 365- Configure one drive for business file retention policy

Office 365, One Drive for Business April 3, 2019 Leave a comment

Its always better to configure retention for office 365 work loads in order to ensure that the data is available as per the company legal requirements. Usually we pay more attention to Email data and retention policies are applied to all mailboxes, however we might miss out to configure the retention on other work loads.

In this article we will be focusing on the options available to retain the data in one drive for business personal files of an office 365 users.

Essentially we see there are 2 level retention policies available for one drive for business. We will be looking at how to configure them and grant the permission for a delegated assignee when required to access the retained data for a terminated employee.

Continue reading

Teams Upgrade- Important points to consider before teams only toggle mode

Microsoft Teams, Office 365 March 5, 2019 Leave a comment

Microsoft is investing and focusing on Teams for the Collaboration platform, Skype for Business have become volatile. We can see every day new features and enhancements are coming on the way for Microsoft Teams. Moreover, Microsoft have provided all the requirements and materials available for transition from Skype for Business to Microsoft Teams. This makes much simpler for any customers to completely move to teams only mode.

On a comparison of the road map improvements in Microsoft Teams the features have been enhanced and loads of new functionalities are being added very often. Currently the default configuration of all the tenants will be on Island mode which will make the users to communicate on both Microsoft Teams and Skype for Business. This might create more confusion for the end users to choose which platform to communicate for their daily activities since they are provided with couple of options.

Continue reading

Delegate resetting azure MFA for helpdesk through azure automation run book and Microsoft Flow

Automation, Azure, Microsoft Flow, Office 365 February 1, 2019 Leave a comment

When a user with MFA enabled loses his mobile phone then he wouldn’t be able to login to new devices or in the old devices where the token life time have expired. 

Currently in this scenario the user have to report to help desk team. Unfortunately only the global admins can perform  the force reset of MFA account for the user to reset his Strongauthenticationmethods value to null to clear the  old lost device.  

There is a work around which can be used until we get a delegated RBAC role for performing this action. With Azure Automation account, creating a flow, integrating with flow and delegating this action to helpdesk admins will reduce the load on global admins performing this action. 

Continue reading

Configure access panel in Azure Active directory

Azure, Office 365 January 22, 2019 Comments: 7

We can enable and provide self service application access to end users.If an organization is using Office 365 applications and the user is licensed for them, then the Office 365 applications will appear on the user’s Access Panel.Microsoft and third-party applications configured with Federation-based SSO can be added into this access panel.

We can create multiple groups example like HR,Marketing and required apps both internal corporate apps and social media apps can be published.

In order to logon access panel we must be authenticated using organizational account in Azure AD.We can be authenticated to azure AD directly or federated authentication and consume this service.

For organizations that have deployed Office 365, applications assigned to users through Azure AD will also appear in the Office 365 portal 

Continue reading

Configure Azure AD Terms of Use functionality within conditional access in Microsoft Intune

Intune, MDM, Office 365 January 12, 2019 Leave a comment

The Azure AD terms of use functionality have been recently upgraded. In this article we will have a look at configuring the Azure Azure AD terms of use functionality for Microsoft Intune while enrolling the devices.

Navigate to Terms of use at https://aka.ms/catou

Search for Conditional Access – Terms of Use – Click on terms of use – Select New Terms

Create a new terms of use. Here we have an option to upload our own company terms of use PDF. There is an option to choose the language format for the terms of use.

Continue reading
%d bloggers like this: