Microsoft Ignite 2019 – Exchange Online Announcements

I had the opportunity to attend the Microsoft Ignite conference In Orlando Florida last week. I had an amazing time connecting with old friends and making new ones too. I enjoyed talking with other attendees, Microsoft staff and MVPs, and vendors about the value and impact of Microsoft365, Azure and other Microsoft’s services in our daily life.

Coming from an Exchange/Messaging background, it was a little difficult to realize that the Microsoft Exchange product has reached its maturity level and the focus has been diverted into other directions, especially Azure and Security. However, the Microsoft Exchange Team managed to put several amazing breakout sessions with very important announcement that will bring benefits to the end-users and administrators.

Exchange Online Email Enhancements for End Users

  • Support for Plus Addressing

Now you can have addresses such as

  • Send from proxy address (alias)

The ability to send from an SMTP proxy address (alias) and having the that address be preserved in the recipient’s FROM and REPLY TO is one of those enhancements. (Pretty cool feature)

  • Message Recall in Exchange Online

This one is the best feature released. The current Message Recall feature is client-based, and only Outlook for Windows supports it today. The sender needs to use Outlook to recall a message, and the recipient needs to use Outlook for the recall to work. But thanks to M365 that host millions of Mailboxes, Microsoft is now able to implement a cloud-based message recall in the Office 365 datacenters that will recall the message directly from Office 365 mailboxes. It won’t matter which email client the recipient uses to sync with their Office 365 mailbox.

  • Reply-All Storm Protection

For an organization in Office 365, Microsoft will identify what looks like might be a Reply-All storm conversation. Then a temporarily block will be enabled on anyone from replying to all members of the conversation, sending a bounce message (NDR) back to anyone who tries. So, when Exchange Online detects what looks like it might be a Reply-All storm, anyone who subsequently attempts to reply to everyone will get an NDR back instead.


Some of the announcement about email enhancements for Admins

  • Modern Exchange Admin Center (EAC) Portal

Updated to look like all other Office365 admin portals

  • Customizable Recipient Limits

The setting can be found in EAC > Recipients > Mailboxes > Mailbox Features > Mail Flow, and once made available in the first part of 2020, admins will be able to customize the Recipient Limit from 1 to 1000 for individual mailboxes.

Example: Set-Mailbox -RecipientLimits 20
  • Securing SMTP Auth Submissions

Organizations required to use MFA, Conditional Access, Sign-in risk policies, and modern authentication have challenges with compliance especially with printers, scanners, or SMTP relays that does not support modern authentication. To help reduce the potential for exploiting the less secure SMTP authenticated submission protocol, last year the Exchange Team introduced the ability to disable SMTP authenticated submission for both your organization and for individual mailboxes via Remote PowerShell cmdlets.

Azure Authentication, Identity, and Access Management Best Practices (The Series)

Over the years, I have seen how authentication processes have been evolving into what it is and what we know today. My clients already in the cloud or looking into adopting the cloud are constantly asking me about the “Best Practices” to secure their Microsoft cloud adoption. This is why I have decided to write this blog post series of Microsoft Cloud authentication, Identity and Access Management.

Network firewalls used to be considered the perimeter defense of the network. But with cloud services, that perimeters keep getting more porous, and that perimeter defense can’t be as effective as it was before the explosion of BYOD devices and cloud applications.

Today, enterprises are starting to understand that identity needs to be the primary perimeter for security. This is a shift from the traditional focus on network security. Azure Active Directory (Azure AD) is the Azure solution for identity and access management. Azure AD is a multitenant, cloud-based directory and identity management service from Microsoft. It combines core directory services, application access management, and identity protection into a single solution.

Best Practice

  1. Centralized Identity Management (Best Practice 1/10)
  2. Enable single sign-on for the Microsoft Cloud (Best Practice 2/10)
  3. Enable Conditional Access (Best Practice 3/10)
  4. Enable self-service Password reset with Azure AD Premium (Best Practice 4/10)
  5. Enable Conditional Access for cloud access. (Best Practice 5/10)
  6. Enforce multi-factor verification for users (Best Practice 6/10)
  7. Use role-based access control (Best Practice 7/10)
  8. Turn on Azure AD Privileged Identity Management (Best Practice 8/10)
  9. Define at least two emergency access accounts. (Best Practice 9/10)
  10. Ensure all critical admin roles have a separate account for administrative tasks (Best Practice 10/10)

Exchange Online Backup, permanently deleted items policy

Our customer are always asking us about the best options to backup Exchange Online. Sometimes, there is even a confusing between litigation-hold, archive, journaling, and backup. Let keep in mind that these services are different and should be implemented based on the specific needs. In this post, we will only focus on back up. Basically, what happen after a user completely remove an item (mail, contact, calendar, and tasks) from their mailbox or Outlook and they need restore that item back to the mailbox. The good think is that with the new Exchange 2016 Exchange CU6 now you can restore items to the original folder as mentioned in one of my previous post (June 2017). Natively, Exchange is set for 14 day retention for deleted items. However, you can extend the retention and administrative recovery to 30 days. If you want to support recovering message beyond 30 days, you would need to use a 3rd party service for the backup.

Here are the examples on how to change how long permanently deleted items are kept. (Only available in PowerShell)

Example 1: Set Emily Maier’s mailbox to keep deleted items for 30 days. In Exchange Management Shell, run the following command.

Set-Mailbox -Identity "Emily Maier" -RetainDeletedItemsFor 30

Example 2: Set all user mailboxes in the organization to keep deleted items for 30 days. In Exchange Management Shell, run the following command.

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Set-Mailbox -RetainDeletedItemsFor 30