It’s a good thing to enable multi-factor authentication (MFA) for Office 365 administrators. For web based management portals this is not a problem, just enter your username and password, wait for the text message to arrive, enter it in the additional dialog box and you’re in.
For PowerShell this has been more difficult, but MFA for PowerShell is available as well for some time now. When you login to the Exchange Admin Center and select hybrid in the navigation pane you can configure a hybrid environment (first option) or install and configure the Exchange Online PowerShell MFA module.
Click on the second configure button, and in the pop-up box that appears click Open to start the installation of the PowerShell module:
Continue reading Exchange Online PowerShell multi factor authentication (MFA)
In my previous blogpost, I’ve discussed the prerequisites for moving from Exchange 2010 to Office 365 when using Directory Synchronization (using Azure AD Connect). In this blogpost I’ll discuss how to create an Exchange 2010 hybrid environment.
Exchange 2010 Hybrid
Now that Directory Synchronization is in place using Azure AD Connect we can focus on connecting the on-premises Exchange environment to Exchange Online, this a called an Exchange Hybrid Configuration.
Hybrid configurations can consist of Exchange 2010, Exchange 2013 or Exchange 2016 or a combination of versions, so it is possible to have an Exchange 2010 and Exchange 2013 coexistence scenario on-premises, and connect this to Exchange Online. However, when using multiple versions of Exchange in a Hybrid configuration there’s always add complexity, and when configured incorrectly you can get unexpected results. Therefore, I typically recommend using only one version, so if you’re running Exchange 2010 on-premises, there’s no need to add an Exchange 2013 or Exchange 2016 server to your configuration, just as a ‘hybrid server’. Despite what other people tell you, there’s no need to add a newer version, and Exchange 2010 Hybrid is fully supported by Microsoft. Better is to create an Exchange 2010 hybrid environment, and when the mailboxes (or most the mailboxes) are moved to Office 365 upgrade your existing Exchange 2010 environment to Exchange 2016. But that might be an interesting topic for a future blog post .
Basically, we will create the following configuration (again, there is no Exchange 2016 server installed in the existing organization):
Figure 14. Exchange 2010 hybrid configuration.
Continue reading Moving from Exchange 2010 to Office 365 Part II
There are a lot of articles on the Internet on how to create a hybrid environment, where Exchange 2016 is connected to Office 365. Now that’s fine, but when you’re running Exchange 2016 you most like are NOT going to move to Office 365 anytime soon I guess. If you are running Exchange 2010 chances are that you will move to Office 365 (soon), but there aren’t that much articles about moving from Exchange 2010 to Office 365. And a lot of the articles available don’t have the right approach I’m afraid, and will result in you (the customer) having to pay way too much money to your system integrator.
In this article, I’ll try to outline the recommended approach when moving from Exchange 2010 to Office 365 in a hybrid scenario. With Azure AD Connect for synchronization purposes. Cliffhanger: I’m not going to install Exchange 2016 into the existing Exchange 2010 environment
Existing Exchange environment
Our organization is called Inframan and they have their own on-premises Exchange 2010 environment which they have been running for 5 years now without too much issues. There are internal Outlook clients using Outlook 2010 and higher, and there are external clients using Outlook Anywhere. There are also mobile clients using ActiveSync to connect to their Mailboxes. Of course, there is Outlook Web Access, but POP3 and IMAP4 are not used.
Figure 1. Overview of the Inframan Exchange 2010 environment.
Continue reading Moving from Exchange 2010 to Office 365
By default automatic forwarding and automatic replies of email messages is turned on in Exchange Online (Office 365). You can turn this of in the Exchange Admin Center of Exchange Online (https://outlook.office.com/ecp).
Logon using your tenant administrator, select mail flow in the navigation menu and select the remote domains tab.
Open the Default remote domain and deselect the Allow automatic replies and Allow automatic forwarding checkboxes under Automatic replies.
When you click Save automatic forwarding and automatic replies will be turned off in your Office 365 tenant. Please be aware that it can take some time before the settings becomes active (I think due to replication issue).
This is one of the most requested features in an Exchange hybrid scenario (i.e. Exchange Online combined with Exchange on-premises) and as of early February 2016 it is finally officially supported: Cross premises Full Access Permissions.
This means that if you have a manager’s Mailbox on-premises, and an assistant Mailbox in Exchange Online, the assistant can open the manager’s Mailbox. This works both ways, so if the manager’s Mailbox is in Exchange Online and the assistant’s Mailbox is in Exchange on-premises the results are the same.
There are some caveats however:
- This only works when Full Access permissions are granted, and this is achieved using the Exchange Admin Center or Exchange Management Shell in Exchange Online.
- Send-As, Receive-As and Send-on-behalf-of permissions are not supported cross-premises.
- Your Outlook 2013 should be patched with at least the November 2015 update.
- The first time users open a Mailbox in the other organization they might see a credentials pop-up
The people picker in in the EAC in Exchange Online supports adding Mail-Enabled Users (MEU) and regular Mailboxes, so you can use EAC in Exchange Online to add cross-premises permissions. The EAC in Exchange 2013/2016 on-premises only supports adding Mailboxes, so the online version of EAC need to be used.
More information can be found on the following Microsoft articles: