Exchange Server

Outlook users are more than aware of the problems involved in message recall, a feature that’s only available in Outlook desktop and has a nasty habit of not working. The reasons why the feature fails are well known, but soon might be addressed by a new Exchange Online implementation that promises to work for all clients and across Office 365. Time will tell if careers and love can be rescued by the new message recall.

A recent Microsoft post contained the news that Exchange Online uses Windows Server Core. That might be news to some, but not to anyone who’s been following the advice of the Exchange product group. Exchange Online doesn’t use virtual servers, follows a preferred architecture, wants to reduce the potential attack surface, and extract as much CPU as possible out of its servers. All good reasons why Windows Server Core helps.

In a surprising but welcome announcement, Microsoft moved the end of extended support for Exchange 2010 to October 2020. This version of Exchange was the most technology-rich and significant in the product’s history, which might be the reason why so many organizations still depend on Exchange 2010 for email. Better options exist, and Exchange Online is the natural place to go… if your network and applications allow the move.

Microsoft has updated the vererable Get-MailboxStatistics cmdlet in Exchange Online PowerShell to return a bunch of new mailbox activity properties. The properties cover different activities like email and calendar, but the problem with the LastLogon property remains and you still need to do some extra work to get accurate last login information for a user.

OWA is the only Outlook client that supports “Likes.” This begs the question how OWA supports likes and where the information about likes is stored. Some probing using easily accessible tools reveals the answer. You might think that the answer only interests Office 365 Trivial Pursuit nerds, but it’s actually of real interest to eDiscovery investigators.

Some people worry that Exchange Online mailboxes could be compromised by ransomeware and people will be forced to pay BitCoin to decrypt their messages. It’s certainly a possibility, but out-of-the-box solutions exist if you’re unlucky enough to be infected. That is, if you’ve done the necessary up-front planning to prepare for the worst to happen.,

Microsoft has started to flag its intention to deprecate the Search-Mailbox cmdlet. It’s probably the right time to remove this cmdlet from Exchange Online because Office 365 compliance searches can serve the same purpose. At least, compliance searches can do most of what Search-Mailbox does faster. Some functionality gaps need to be filled before we can bid adieu to Search-Mailbox, but its time is coming.

A recent report by a security vendor says that 25% of phishing messages get by Exchange Online Protection (EOP) and arrive into Office 365 user mailboxes. This highlights the need to configure EOP properly and run multiple lines of defense. Microsoft would like you to use Office 365 Advanced Threat Protection (ATP) alongside EOP. Offerings from other security vendors are also available. For better protection against phishing, you should consider something like ATP.

Microsoft has moved the venerable EHLO blog maintained by the Exchange product group to the Microsoft Technical Community (MTC) platform. The first post is about the Exchange 2019 sizing calculator. Hopefully the changeover won’t affect the great content published in EHLO over the years. What’s of more concern is the lack of participation in the MTC by Microsoft product engineers and MVPs.

Turla, a Russian cyber-espionage group is reported as being behind an attack on Exchange on-premises servers that uses transport agents to capture and process messages for selected users. It’s an attack vector that hasn’t been seen before and raises the question of how often administrators should review transport agents active on their servers. The important point is that unless your network is compromised, hackers cannot install transport agents on Exchange servers and this attack is more theoretical than practical.