Category Archives: Exchange Online

Understand how many emails have been sent or received by an Exchange Online Mailbox using Powershell

So had a bit of a weird question today from a colleague, who wanted a quick way to find out how many emails have been sent or received by an individual mailbox.

So Windows PowerShell to the rescue .. First of all you will need the ExchangeOnline module which can be easily installed via the following cmdlet

Install-Module -Name ExchangeOnlineManagement

Type Connect-ExchangeOnline and login using the relevant permissions

Received Message Count

# Receive Messages
$messages = Get-MessageTrace -RecipientAddress -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date)

Sent Message Count

# Sent Messages
$messages1 = Get-MessageTrace -SenderAddress -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date)

You will now get a number of received and sent messages.

The Author – Blogabout.Cloud

Quarantined unmanaged mobile devices are when the devices attempt to connect to Exchange Online

In a scenario where an organization takes security as a top priority configuring device quarantine for unmanaged devices will provide a good insight into your user base as well as how secure your corporate email platform is.

Configuring Exchange Online

Launch Exchange Admin Centre

You will now need to switch to Classic Exchange admin center due to the setting required not being visible in the modern admin center.

Select Mobile and click Edit

Tick Quarantine – Let me decide to block or allow later

Click the Add ( + ) button to add Administrators who will receive notifications when a device in quarantined.

Optional – You can include some text which will be provided to the device that has tried to add their mailbox to their personal un-managed device.

Click Save

Once the policy becomes active, you will see devices become quarantined.

This concludes this post

The Author – Blogabout.Cloud

Azure Active Directory Connect – Exchange Mail Public Folders

Microsoft has included the official release of Exchange Mail Public Folders within the AAD Connect tool. This option enables support for Public Folder by synchronizing a specific set of attributes for Mail-Enabled Public Folders so they represented in Azure AD. This synchronization is required for including the public folders addresses in Directory-Based Edge Blocking.

If you have configured Directory Based Edge Blocking, please visit my post on how it is done.

This new feature from Microsoft doesn’t create actual public folder objects in Exchange Online directory, there is additional sychronization steps via PowerShell that is required if you are using Exchange Online.

You should ensure that “Microsoft.Exchange.System Objects” OU is also selected in OU Filtering, (it is selected by default)

The additional PowerShell are as followed;

Please Note:

If you have Exchange 2010 public folders, see Configure legacy on-premises public folders for a hybrid deployment.

Step 1: Download the scripts

Download the following files from Mail-enabled Public Folders – directory sync script:

  • 1
  • 1

Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

Step 2: Configure directory synchronization

Directory synchronization service doesnt sync all mail-enabled public folders the scripts outlined in step 1 will synchronize these objects across on-premises and Office 365. Any special permissions will need to be recreated as these are currently unsupported by Microsoft. Synchronized mail-enabled public folder will appear as mail contact objects for mail flow purposes. These contacts will not be viewable via Exchange Admin Centre and can only be viewed using Get-MailPublicFolder


In order to recreate the SendAs permissions in the cloud, you will need to use the Add-RecipientPermission cmdlet.

On the Exchange Server, run the following PowerShell command to synchronize mail-enabled publics

Sync-MailPublicFolders.ps1 -Credential (Get-Credential) -CsvSummaryFile:sync_summary.csv


It is always recommended to use the -Whatif parameter to simulate the action before making environmental changes.
Step 3: Configure Exchange Online users to access Exchange Server on-premises public folders

Step 3: Configure Exchange Online users to access Exchange Server on-premises public folders

The final step in this procedure if to configure your Exchange Online organsation to allow access to the Exchange Server Public Folder, this is completed by running the following command in Exchange Online.

Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes Mailbox1,Mailbox2,Mailbox3

The waiting game…

It may take up to 3 hours before the Active Directory synchronization has completed. Once completed, Log on to Outlook for a user who is in Exchange Online and perform the following public folder tests;

View the hierarchy.
Check permissions
Create and delete public folders.
Post content to and delete content from a public folder.


The Author – Blogabout.Cloud

HCW8078 – Migration Endpoint could not be created

Quicktips: Notes from the field

While running the Exchange Hybrod Configuration Wizard I ran in the following issue;

HCW8078 – Migration Endpoint could not be created
The connection to the server ‘’ could not be complete

This issue is a known issue to Microsoft and the resolution is the good old “Have you tried turning it off and on?”

The resolution was to Disable MRSProxyEnabled, this can be easily completed for all servers using;

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $false
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true

This script will need to repeat this process for all your servers where MRSProxy is being used.
Invoke-Command -ComputerName Server1 -ScriptBlock {iisreset /restart}

Once you have completed the below steps you will be able to successful rerun the Hybrid Configuration Wizard without any errors

The Author – Blogabout.Cloud

Exchange Online: You can’t use the domain because it’s not an accepted domain for your organization

One of the gotchas you may encounter when migrating mailboxes to Exchange Online is none registered Accepted Domains in Exchange Online. For example you may encounter the below error;

ERROR: Migration Permanent Exception: You can’t use the domain because it’s not an accepted domain for your organization –> You can’t use the domain because it’s not an accepted domain for your organization.

This maybe due to an email alias on a particular mailbox or all your organisation mailboxes due to an Email Address Policy. When migration to Exchange Online on you need to register all your accepted domains and remove any that may cause you the above issue.

In my case, I had registered with EXO but not, as the alias was a legacy address you could be removed from the mailbox either using the Exchange Management Console or my favourite utility PowerShell.

Please ensure that Azure Active Directory has synchronize this change to your mailbox

Set-Mailbox <identity> -EmailAddresses @{remove=”<E-mail address>”}


The Author – Blogabout.Cloud

Configuring Outbound Delivery Routing from Office 365 to Mimecast

When working with customer environments it is very possible a 3rd party appliance maybe involved and for the purpose of this post I will be directly looking at Mimecast to see how its configured to work with Office 365.


  • An Office 365 administrator logon with permission to create a send connector.
  • Your internal domains must already be registered with us.
  • A Mimecast administrator logon with at view permission to the Gateway | Accepted Email menu item.

Mimecast recommend that if you are switching MX records, this task must be completed 3 days before changing the MX record to point at Mimecast. The reason for this allows Mimecast to build your Auto Allow list, based on recipients your users send messages to.

This has a positive impact on inbound email delivery speed, because many senders will already be known and consequently not be subject to our greylisting security feature.

Updating the SPF Record for your Domain(s)

You must have an SPF record for the domain(s) registered with Office 365. When implementing Mimecast with Office 365, this record must be updated in the DNS zone for the relevant domain to include the following:

  • Remove: v=spf1 –all
  • Replace with or add:  v=spf1 ~all

Important Note: If your outbound email is temporarily coexisting with Mimecast, you can leave the v=spf1 –all SPF record. However, it must be removed once all your outbound email is routed through Mimecast.

Configuring Outbound Routing

Important Note: Mimecast has known issue with browsers that are not Internet Explorer and its recommend this process is completed using Internet Explorer only. All other browsers tested have issues.

Recommendation: Disable or remove any other Outbound Send Connectors. Failure to do this means your outbound email still uses these and isn’t routed through us.

Any send connectors used for other purposes (e.g archiving) may still be enabled. If in doubt, consult Mimecast Support.Any send connectors used for other purposes (login archiving) may login be enabled. If in doubt, consult Mimecast Support.

Adding the Office 365 Tenant Domain as an Internal Domain

Your Office 365 tenant domain must be added to the list of internal domains available in the Mimecast Administration Console. See the Configuring Internal Domain / Subdomains page for full details. This enables us to recognize certain auto response messages, where the sender address is not a normal internal domain. This is typically in the format Contact the Mimecast Support team if you have queries regarding this step.

Contact the Mimecast Support team if you have queries regarding this step.

Verifying Your Configuration

Once this step is complete, Office 365 must be added to your authorized outbounds as an umbrella account. View the Maintaining Authorized Outbound Addresses page for more information.

To verify that Office 365 is successfully routing email outbound via us:

  1. Log on to the Offic 365 Administration Console.
  2. Select Admin | Exchange
Exchange Admin Centre

Select Mail Flow | Connectors
Create a Connector

Mail Flow | Connectors

Select Office 365 – From Field
Select Partner organization – To Field

Mail Flow Scenari

Enter Name for Connector
Enter Description for Connector – Optional
Ensure “Turn it on” is ticked

Select “Only when email messages are sent to these domains”
Press the ( + )

Type the value * which will allow all outbound email to Mimecast

Press Next

Select “Route email through these smart hosts”
Press the ( + )

Now, depending on your location you will need to use the Smart Host address from the table

RegionOffice 365 Account Hostnames
Europe (Excluding Germany)
Europe (Excluding Germany)

As shown below

Smart Host for Mimecast

Press Next

Select “Always use Transport Layer Security (TLS) to secure this connection (recommended)”
Select “Issued by a trusted certificate authority (CA)

Before pressing next please ensure that you confirm all your configured settings
Press Next

Press the ( + ) this will allow you to validate the connector

Enter an external email to send the test email

Click Validate

If everything is ok and configured correctly you should see a success message

Press save !!! and your all done


Recommendation: Disable or remove any other Outbound Send Connectors, if this is not completed it may cause email to fail as it won’t be routed through Mimecast

But if doing the above seems a bit boring, there’s always PowerShell 🙂

new-outboundconnector -name ConnectorName -smarthosts SmartHostAddress1,SmartHostAddress2 -tlssettings certificatevalidation -recipientdomains * -routeallmessagesviaonpremises $false -connectortype Partner -usemxrecord $false -whatif

or download my script for all Mimecast regions

Set-O365MimecastConnector (1296 downloads)

Add your Office 365 domain as an internal domain in Mimecast

The Office 365 domain(s) must be added to the list of internal domain available in the Mimecast Administration console, if this action is missed. Mimecast are unable to recognise auto response message where the send address maybe Mimecast have a section about this on their website, please follow the link below.
Configuring Internal Domain / Subdomains 

Verify your configuration

To verify that Office 365 is successfully routing email outbound via us:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar button.
  3. Select the Message Center | Accepted Messages menu item.

See the Message Center: Accepted Messages page for full details.

You should see messages from your organization’s internal users to external recipients. If you don’t see messages shortly after they’re sent, this indicates a configuration problem on your Office 365 send connector. Double check your configuration. Use the Office 365 Message Trace Tool in the Mail Flow | Message Trace menu of the Exchange Admin Center to help identify the issue.

Important Note: Once this step is complete, Office 365 must be added to your authorized outbounds as an umbrella account. View the Maintaining Authorized Outbound Addresses page for more information.

The Author – Blogabout.Cloud

MS-200: Planning and Configuring a Messaging Platform – Study Guide

Planning on taking the MS-200 Exam but don’t know where to start with your studying? Well do not fear I am in the same boat and looking for the best way to study the required elements to pass MS-200. I have started building a list of all the elements which might be covered in the exam and will continue to update this page until all the things we need know are covered.

Image result for studying stress

If you have any suggestions, please leave a comment below.

Manage Modern Messaging Infrastructure (45-50%)

Manage Mail Flow Topology (35-40%)

Manage Recipient and Devices (15-20%)


The Author – Blogabout.Cloud

Counting Exchange/Exchange Online Mailboxes with a specified SMTP Domain

When working with large organisations that have multiple SMTP Domains, you may run into a requirement where you need to know. How many mailboxes have as their PrimarySMTPAddress or have listed as their EmailAddress.

Using the below PowerShell snippet you can find out exactly

# Primary SMTP Address
get-mailbox -resultsize unlimited | where {$_.primarysmtpaddress -like "*"} | Measure-Object

# Email Address
get-mailbox -resultsize unlimited | where {$_.emailaddress -like "*"} | Measure-Object


The Author – Blogabout.Cloud

Bulk Enable Exchange Online Archiving – PowerShell Script

This script enables the Online Archiving Mailbox for users in Exchange Online. The script will generate the log and error outputs by checking if the users exists in Exchange Online based on the information provided in the csv file.

The script needs to be run from the On-prem Exchange environment.

Example of script block, this demonstrates the actions taken within the script to check the csv file row by row and output if sucessful or not.

Foreach ($row in $csv)
if (get-remotemailbox -identity $row.mailboxemail)
get-remotemailbox -identity $row.mailboxemail | enable-remotemailbox -archive
Add-Content -Path $logfilepath -Value ('{0} SUCCESS: Mailbox {1} enabled for Archive' -f (Get-Date), $row.mailboxemail)
else {
$outputfiles |%{ Add-Content -Path $_ -Value ('{0} ERROR: Mailbox {1} not enabled for Archive {2}' -f (Get-Date), $row.mailboxemail, $_.exception.message)}

Example of csv file used; please note the heading mailboxemail is very important as the script checks for this heading.

To view if an Online archive has been activated in the Mailbox, run the following cmdlets.

It is very easy to enable Online Archiving and verify afterwards if it has been enabled.

Download this script

Enable-RemoteMailbox -Archive (923 downloads)


Author – Blogabout.Cloud