Author: Carlos A Lopez (Twitter: @CLopezDC)

Microsoft Ignite 2019 – Exchange Online Announcements

Carlos A Lopez (Twitter: @CLopezDC) Exchange, Exchange Online, Ignite , , ,

I had the opportunity to attend the Microsoft Ignite conference In Orlando Florida last week. I had an amazing time connecting with old friends and making new ones too. I enjoyed talking with other attendees, Microsoft staff and MVPs, and vendors about the value and impact of Microsoft365, Azure and other Microsoft’s services in our daily life.

Coming from an Exchange/Messaging background, it was a little difficult to realize that the Microsoft Exchange product has reached its maturity level and the focus has been diverted into other directions, especially Azure and Security. However, the Microsoft Exchange Team managed to put several amazing breakout sessions with very important announcement that will bring benefits to the end-users and administrators.

Exchange Online Email Enhancements for End Users

  • Support for Plus Addressing

Now you can have addresses such as carlos+otherusers@m365talks.com

  • Send from proxy address (alias)

The ability to send from an SMTP proxy address (alias) and having the that address be preserved in the recipient’s FROM and REPLY TO is one of those enhancements. (Pretty cool feature)

  • Message Recall in Exchange Online

This one is the best feature released. The current Message Recall feature is client-based, and only Outlook for Windows supports it today. The sender needs to use Outlook to recall a message, and the recipient needs to use Outlook for the recall to work. But thanks to M365 that host millions of Mailboxes, Microsoft is now able to implement a cloud-based message recall in the Office 365 datacenters that will recall the message directly from Office 365 mailboxes. It won’t matter which email client the recipient uses to sync with their Office 365 mailbox.

  • Reply-All Storm Protection

For an organization in Office 365, Microsoft will identify what looks like might be a Reply-All storm conversation. Then a temporarily block will be enabled on anyone from replying to all members of the conversation, sending a bounce message (NDR) back to anyone who tries. So, when Exchange Online detects what looks like it might be a Reply-All storm, anyone who subsequently attempts to reply to everyone will get an NDR back instead.

 

Some of the announcement about email enhancements for Admins

  • Modern Exchange Admin Center (EAC) Portal

Updated to look like all other Office365 admin portals

  • Customizable Recipient Limits

The setting can be found in EAC > Recipients > Mailboxes > Mailbox Features > Mail Flow, and once made available in the first part of 2020, admins will be able to customize the Recipient Limit from 1 to 1000 for individual mailboxes.

Example: Set-Mailbox clopez@m365talks.com -RecipientLimits 20
  • Securing SMTP Auth Submissions

Organizations required to use MFA, Conditional Access, Sign-in risk policies, and modern authentication have challenges with compliance especially with printers, scanners, or SMTP relays that does not support modern authentication. To help reduce the potential for exploiting the less secure SMTP authenticated submission protocol, last year the Exchange Team introduced the ability to disable SMTP authenticated submission for both your organization and for individual mailboxes via Remote PowerShell cmdlets.

Ensure all critical admin roles have a separate account for administrative tasks (Best Practice 10/10)

Carlos A Lopez (Twitter: @CLopezDC) Office365

Ensure all critical admin roles have a separate account for administrative tasks in order to avoid phishing and other attacks to compromise administrative privileges. Create a separate admin account that’s assigned the privileges needed to perform the administrative tasks. Block the use of these administrative accounts for daily productivity tools like Microsoft Office 365 email or arbitrary web browsing.

Define at least two emergency access accounts. (Best Practice 9/10)

Carlos A Lopez (Twitter: @CLopezDC) Office365

Emergency access accounts help organizations restrict privileged access in an existing cloud environment. These accounts are highly privileged and are not assigned to specific individuals. Emergency access accounts are limited to scenarios where normal administrative accounts can’t be used. Organizations must limit the emergency account’s usage to only the necessary amount of time. it is important that you prevent being inadvertently locked out of your cloud tenant because you can’t sign in or activate an existing individual user’s account as an administrator. You can mitigate the impact of inadvertent lack of administrative access by creating two or more emergency access accounts in your tenant.

Emergency access accounts are limited to emergency or ‘break glass’ scenarios where normal administrative accounts cannot be used. Organizations must maintain a goal of restricting the emergency account’s usage to only the times when it is absolutely necessary.

Evaluate the accounts that are assigned or eligible for the global admin role. If you don’t see any cloud-only accounts by using the *.onmicrosoft.com domain (intended for emergency access), create them. Consider excluding one account from the MFA and the other from Conditional Access.