One of the gotchas you may encounter when migrating mailboxes to Exchange Online is none registered Accepted Domains in Exchange Online. For example you may encounter the below error;
ERROR: Migration Permanent Exception: You can’t use the domain because it’s not an accepted domain for your organization –> You can’t use the domain because it’s not an accepted domain for your organization.
This maybe due to an email alias on a particular mailbox or all your organisation mailboxes due to an Email Address Policy. When migration to Exchange Online on you need to register all your accepted domains and remove any that may cause you the above issue.
In my case, I had domain.com registered with EXO but not extension.domain.com, as the alias was a legacy address you could be removed from the mailbox either using the Exchange Management Console or my favourite utility PowerShell.
Please ensure that Azure Active Directory has synchronize this change to your mailbox
Data Loss Prevention has now been included into Microsoft but being a Skype for Business consultant have you ever configured DLP? Probably not.
So this post will look how it is configured from Start to Finish so let’s start with the standard prerequisites;
Office 365 Global Administrator Account
Launch Microsoft 365 Admin Center –> Select Security from under Admin Center
Click “More resources” and Open for Office 365 Security and Compliance Center
Click Data Loss Prevention –> Click Policy –> Click Create a policy
For the purpose of this post I will be creating a policy for covering UK National Insurance Numbers / Passport Numbers. DLP has a list of generic policies or you can configure a custom policy
Select –> Privacy –> Select UK Personally Identifiable Information (PII) Data –> Click Next
At this stage you can select if you want to configure this policy for Exchange email, Microsoft Teams chat and channel messages, OneDrive and SharePoint Documents or specify a subset of services.
Select your required option –> Select Next
Example of specifying a subset of services, at this stage you can also Include/Excludes Groups, Accounts and Sites.
Select Find content that contains
For this post, I am looking for PII data that is being shared outside my organisation.
Using the default options here but you can configure option to send incident report to a Distribution List or individuals. Select Next
Select “I’d like to test it out first” or Yes, turn it on right away. This is depending if your organisation is ready for the big switch on. The tenant being used in this post is a test tenant will small amount of users.
Review your configured settings –> Select Create
Testing – DLP for Micorsoft Teams
So like with all things Microsoft, we have to wait for replication to take place before we can really start testing DLP. Please dont expect your change to work straight away as its needs to work its way through the big Microsoft cloud.
So its safe to say DLP is now working within my tenant.
When working with Exchange there may be a requirement to create a PowerShell script using PowerShell ISE. Even if you run ISE on a Exchange Server you are unable to get the Exchange cmdlet in ISE, so the workaround for this is to use the following command;
If you are trying to add the Exchange cmdlets to your client machine you will need to Install the Exchange Management Tools from the Exchange installation media
The command to import the Exchange modules is different for each version – please use the appropriate command below:
In this “Notes from the Field” post we will look at a common Skype for Business error which you may encounter when installing a Skype for Business Front End for the first time.
As you can see from the image below we have encountered an error during the the deployment wizard when installing a Skype for Business Front End for the first time on a newly built Windows 2012 R2 Server.
After downloading KB298200and attempting to install the required Windows Update the following error occurs;