Exchange Online (EN) | Microsoft 365 Evangelists

Exchange Online (EN)PowerShell (EN)Security

Exchange Online PowerShell with Multifactor (updated)

Posted on April 23, 2018March 15, 2021by Andreas

PowerShell is great.

MFA is great (and secure).

Exchange Online is great.

We all know that. So everybody could think combining these 3 great factors will be a very great experience when you start an Exchange Online remote session with an MFA-secured account? Haha. This is the most annoying connection in PowerShell. Microsoft what did you smoke when you programmed that?

You want to know what I talk about? Then read this article carefully:

Connect to Exchange Online PowerShell using multi-factor authentication

Let me summarize the article.. You have to:

open a web browser
sign in to the O365 admin center using your MFA secured account
(or directly to Exchange Online if you know the URL)
go to the “hybrid” configuration
download an AddIn
Install it
use it in PowerShell

Yeah. During the last weeks I often had the problem that the addin cannot be loaded with this error (no matter which browser I use: IE, Edge, FF; Chrome, Opera):

ExchO2

The error talks about browser and application security zones. I will continue investigating this but for now I am still looking for the solution.

So there must be another (easier?) way. I found out 2 ways which I want to explain to you:

Option 1: Manually loading the Exchange Online MFA module from the Assembly Cache

Everything downloaded must be saved somewhere temporarily. Following the instructions on this site and some tests figured out that it works well:

http://blog.zomputer.hu/content/exchange-online-powershell-toebbfaktoros-azonositassal-mfa

The only thing you have to do in advance is to download this module one time on your computer. With other words: follow the instructions from MS I’ve mentioned above. Or get the DLL maybe from another computer.

Option 2: Find a good module with PowershellGet

You can find more information about PowershellGet here:

Install PowerShellGet on your computer

Make PowershellGet a trusted repository

Now you can find the available modules by using this command:

Find-Module *Exchange* | Select Name,Description | Format-Table -Wrap

The module “ExchangOnlineShell” supports MFA. So give it a try:

Install-Module ExchangeOnlineShell

Get-Command -Module ExchangeOnlineShell

The first command is for the installation, the second one to see the implemented commands. You see a command named “Connect-EOShell”. Issuing it opens the typical MFA prompt:

Connect-EOShell

For those of you that don’t like “download and run” unknown software because of security reasons: The module is installed to the path “C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineShell\2.0.2”. Here you can have a look at the script which are executed by the command. And as you can see, the script delivered script is containing the necessary DLL for the Exchange Online session 🙂

Option 3 (the one you should prefer): Use ExoV2

ExoV2 is the newest PowerShell module for connecting to Exchange Online and available via PSGallery. You can easily install it:

Install-Module ExchangeOnlineManagement

… more about ExoV2 coming soon in another separete post.

Exchange Online (EN)on-premises (EN)

Use PowerShell to fill Exchange Mailbox(es) with data

Posted on November 17, 2017March 15, 2021by Andreas

Sometimes you have the need to fill up an Exchange Mailbox up to a certain level, e.g. to test migration speeds. In this post you find a tiny script which can do that for you. All you need is a folder with many files in it and a limit which you want to reach for your mailbox.

[CmdletBinding()]
param( 
 [Parameter(Mandatory=$true)][String]$Recipient, 
 [Parameter(Mandatory=$true)][Int32]$SizeInMB, 
 [Parameter(Mandatory=$true)][String]$FilesFolder, 
 [Parameter(Mandatory=$true)][String]$O365Sender
)
$ErrorActionPreference = 'SilentlyContinue'

[Double]$totalsize = 0
[Double]$attsize = 0
$pw = Read-Host ("Please enter the password for " + $O365Sender) -AsSecureString | ConvertFrom-Securestring
$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $O365Sender, ($pw | ConvertTo-SecureString)
#$files = Get-ChildItem -Path $FilesFolder -Exclude "*.mp4" -Recurse
$files = Get-ChildItem -Path $FilesFolder -include "*.pptx" -Recurse
$mailcount = 1
while ($totalsize -lt $SizeInMB)
{ 
 $attachment = $files[(Get-Random -Minimum 0 -Maximum ($files.Count - 1))].FullName 
 $attsize = ((Get-Item $attachment).Length / 1000000) 
 $totalsize += $attsize 
 Write-Host ("Sending mail number " + $mailcount.ToString() + "; total size: " + $totalsize.ToString()) 
 Send-MailMessage -From $O365Sender -to $Recipient -Attachments $attachment -SmtpServer smtp.office365.com -Credential $creds -UseSsl -Subject ("Mail number " + $mailcount.ToString() + " via PowerShell script") -port 587 -body "<br><h1>Hallo</h1><br><br>Dies ist eine automatische Mail<br><br>Regards,<br>Your PowerShell Bot" -BodyAsHtml  
 $mailcount++
}

As you see, the script is designed to send mails from an Office 365 Exchange Online Mailbox. It is using the SMTP client submission of Exchange Online. So you are limited to 30 messages per minute (by Nov 17th 2017, this limit may change any time).

The parameters of the script:

$recipient: The smtp address of the mailbox which should be filled.
$SizeInMB: The amount of data which will be sent. The script counts how many MBs are sent and will stop when it reaches the limit. It doesn’t check the actual mailox size so the result maybe lower because of single instance store technologies or similar.
$FilesFolder: The folder with data for the email attachments. The script will pick a random pptx-file from this folder and send it via email. If you’d like other file types than pptx, just change the search filter. I’ve decided for pptx files because they are often large and I have tons of them. If you need tons of files, try the Ignite downloader.
$O365Sender: The sign in name of the mailbox from where you want to send the emails.

With some small adjustements you can use the script also with an on-premises mailbox as a sender. Happy mailbox filling 🙂

Feel free to download the script from my GitHub Page: PowerShell-ExchangeOnline GitHub Repository

Exchange Online (EN)PowerShell (EN)

Create multiple hybrid migration batches with PowerShell

Posted on July 5, 2017March 15, 2021by Andreas

Sometimes in Exchange Online migration projects you have the demand to make not few big batches but many small ones. In the end this means you have many CSV files which you want to use for bulk creation of migration batches.

You can either create them by using the GUI (which is not really fun when you have more than 10 CSV files) or by using this tiny PowerShell command. You have to replace the highlighted values with your own ones:

Get-ChildItem *.csv  | Foreach-Object{ New-MigrationBatch -Name ($_.Name -replace ".csv","") -TargetDeliveryDomain "TENANTNAME.mail.onmicrosoft.com" -AutoStart -AllowUnknownColumnsInCsv $true -NotificationEmails "" -CSVData ([System.IO.File]::ReadAllBytes( $_.FullName)) -BadItemLimit 99999 -LargeItemLimit 99999 -AllowIncrementalSyncs $true -SourceEndpoint "NAME OF YOUR HYBRID ENDPOINT"}

This command searches for all CSV files in the current folder and creates a migration batch for each CSV file with the following attributes:

The name of the batch will be the file name of the CSV file without the file extension
The batch will start automatically but has to be completed manually
The notification emails will be sent to the email you provide here
The CSV files may have any column, but the column “EmailAddress” must be present
The batches will perform incremental syncs
the LargeItemLimit and BadItemLimit are very high to ensure the mailboxes will not skip because of items that can’t be migrated
The hybrid endpoint of your organization will be taken for the move

Of course you may adjust this command depending on your needs, e.g. Auto Completion or a lower BadItemLimit.

In my case there was a limit of 100 migration batches. The Exchange Online Service Description doesn’t mention this limit, but be aware of the fact that this may hit you as well.

Happy migrating 🙂

Exchange Online (EN)

Disable OWA attachment download

Posted on April 28, 2017March 15, 2021by Andreas

Some companies’ security policies recommend that it must be ensured that no company data will be saved on “non-company” devices. A first step to achieve that is to disable attachment download. To do this, you can just remove the checkbox in ECP:

You can also create a new OWA policy and specify the following:

If you are more the PowerShell Guy:

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -DirectFileAccessOnPublicComputersEnabled $false -DirectFileAccessOnPrivateComputersEnabled $false

The result is that the attachments cannot be downloded any more:

The cool thing is that viewing attachments in Office Online is still possible.

There are more features which can be disabled to gain more security which will be discussed in separate articles.