Can I place my Exchange hybrid management server in Azure and use Azure Domain Services?

As some might know (although I and others have to repeat this regularly…), if you enable directory synchronization from your on-premises Active Directory (AD) and you migrate all you Exchange mailboxes to Exchange Online you still require an Exchange server to manage mail(box) objects. It is the only supported solution, even though some use third party tooling or ADSIedit. Luckily this managing Exchange server doesn’t require the same amount of resources compared to Exchange serves hosting actual production mailboxes. In

Read more

Checking security protocols and ciphers on your Exchange servers

Microsoft states that Exchange 2010 and 2013 are secure out of the box. With this they mean that every traffic coming in and out of Exchange is one way or another encrypted. Whether this is web traffic or specific for SMTP. Even IMAP and POP are enabled with mandatory encryption (although the services are disabled by default). However the past few months we’ve had reports that specific encryption protocols and ciphers (algorithms used for encryption and decryption) used aren’t considered safe

Read more

Using your browser to check Exchange 2013 protocol health

Sometimes you’re not at work and you suspect there is something wrong with your Exchange 2013 servers and you can’t access your environment remotely for whatever reason. Well, in some cases you can check this with just a browser. For each Exchange protocol, there is an URL you can use to check the health. The format would be: https://<External FQDN>/<protocol>/healthcheck.htm If the specific protocol is working correctly, the Exchange server will respond with: 200 OK SERVER.CONTOSO.LOCAL The server.contoso.local would be the

Read more

Tool Tip: RBAC Manager R2 for Exchange

This week I had a session at a customer to customize the default RBAC roles, for instance removing the mobile device remote wipe feature from Recipient Management. Customizing RBAC roles is in most cases not something that is a frequent task, so it can take a while to familiarize and re-familiarize with the concept and all cmdlets. But if your organization does not fit in the default roles, you will have to dig into it. However, I came across a

Read more

Do not update your Office Web Apps Server with automatic updates

Although it is not exactly required to deploy with Exchange Server 2013, Office Web Apps Server (OWAS or also referred to as WAC server) provides a more user friendly experience instead of the standard Web Preview. For Lync Server 2013 it’s a requirement if you want to be able to present PowerPoint files in a conference. And well, for SharePoint Server it’s just a given. So, it’s not an uncommon server to encounter when you work with these products. However

Read more

Mail address sieve and Exchange

During a discussion about fighting spam, a coworker mentioned an interesting Gmail feature. As that service doesn’t provide aliasses, you can’t have a specific mail address alias for your internet services. Some use a different email address for each service they sign up for, a practice which is understandable with some services that (sometimes illegally) opt-in bulk mailings or more nefarious mailings. Whenever a specific alias receives unwanted mails, you can see where it came from and take direct action

Read more

Managing Mailbox quota’s: databases with different settings?

So, a while back I discussed an on-premises Exchange design for a customer. When discussing database distribution in an Exchange 2013 Database Availability Group (DAG), the topic of mailbox quota’s came along. They insisted on having different Database (DB) level quota’s and move mailboxes to other databases when the user requires more storage space. It’s a tactic I have seen before, especially during Exchange 2003 (Enterprise edition) and Exchange 2007. I can understand why organization adopt this practice, it’s easy

Read more

Exchange RBAC might be more granular than you think

Most Exchange admins probably know (or should know )  the permission model since Exchange 2010 is Role Based Access Control, RBAC for short. With it, you can regulate quite granularly what admins and end-user are able to do, without the hassles of Access Control Lists (ACLs). However, it recently became clear that it might be more granular than you think. You can allow only certain types of PowerShell Cmdlets, have only change rights on a certain Organizational Unit (OU)or types

Read more

Blocking the Windows 8 Mail app in Exchange 2010 & 2013

I think I might start a new tradition: every time a major/important OS or update is released, I try find out how to block it from Exchange . Now, I know the Mail app has been around for some time now. If you recollect, I did some research on how Exchange ActiveSync (EAS) within the Mail app works in general and how it implements security settings in Windows 8. But especially since Windows 8.1 RT has been released yesterday with

Read more

Blocking iOS 7 in Exchange 2010 & 2013 (updated)

Now that iOS 7 available, it might be interesting to know how to block this version. In the past there were some issues with the Exchange ActiveSync implementation in specific iOS DeviceOS versions (read this and this). Please note that I did not encountered or heard of any ActiveSync issues with iOS 7, but it might be prudent to be prepared. But first we have to find out which DeviceOS versions are already present, or how they are presented to

Read more
1 2 3 4