Posts Tagged ‘365’

Recently a user tried to send an email from 365 to 365 user  ( external not internet ) and got the following bounce back  

Generating server: SYYP282MB0848.AUSP282.PROD.OUTLOOK.COM

Remote Server returned ‘450 4.5.0 Unable to proxy recipient (6a40c324-f14c-4772-8173-153f28bd5a97,c668bfef-4e9a-4374-9709-f7cc3ab2e31e)’

A look at the headers showed it never left 365! The email was resent and did not bounce back , there must of been an internal 365 issue

GD Star Rating
loading...
GD Star Rating
loading...

Recently cut over a domain from an old 365 tenant to a new one, upon trying to add the email account to outlook was visit with the error

 

The old account had been enrolled in Intune here

Removing the old account here , I tried to enroll the new account however I got an enrollment message pop up , this something happens due to old enrollment data getting stuck

Delete ( or clear as much as you can from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments ) then try again

 

 

What fixed it

  • Sign out of the Account in Office
  • De-Register the Machine from AAD (Settings -> Work and School Accounts)
  • Delete all of the AAD certificates in the User’s Personal Certificate Store
  • Reboot

Note if you try and sign in to Office at this point, you will get a modern auth prompt but never get asked for a password

  • Re-Register the Machine with AAD
  • Re-License Office
  • Outlook and Autodiscover tests will now work

 

GD Star Rating
loading...
GD Star Rating
loading...

After enabling Mimecast for Inbound routing , Threat Protection Re-Writes the URLs for Safety. When this is enabled with the following 365 Spam Check : Image links to remote sites

Which : Messages that contain <Img> HTML tag links to remote sites (for example, using http) are marked as spam.

All Inbound emails with Images with Hyperlinks get marked as Spam by Office365. Make sure this is turned off!

GD Star Rating
loading...
GD Star Rating
loading...

https://docs.microsoft.com/en-us/microsoft-365/admin/misc/become-the-admin?view=o365-worldwide

Had to go through this process for a customer, because their VLSC account was setup at some stage in the past using [email protected] VLSC account as a work or school account, the domain  was already registered against an unmanaged Azure AD directory, so we couldn’t set them up to use Teams. It’s a straight forward process just follow the article.

To find out if a domain is part of an unmanaged Azure AD directory, you can follow https://docs.microsoft.com/en-us/power-platform/admin/powerapps-gdpr-dsr-guide-systemlogs#determining-tenant-type as specified in the article.

 

GD Star Rating
loading...
GD Star Rating
loading...

 

The autodiscover process checks a few records , one of these is the root domain A record, and once you have an SSL certificate on your Web Server under cPanel, it intercepts the Autodiscover request cPanel believes it is hosting the email, and directs that to itself to its email servertrying to be helpful ( Instead of your Exchange server or 365 ) .

The email users are not setup on your cpanek, so no matter what you try, you will not be able to setup the user’s Outlook profile. This is the error I was getting in Outlook 2016. The error will be different for other versions of Outlook or if you are setting up the profile from Control Panel, but essentially it will not let you complete the profile setup.

 

The fix is quite simple, you just need to change the setting in cPanel or WHM (also owned by cPanel) from the default setting of “Local Mail Exchanger” to “Remote Mail Exchanger” and that’s it.

GD Star Rating
loading...
GD Star Rating
loading...

Phase

What’s involved

Prerequisites

Verify that you have the required licenses and permissions

Verify that your directory includes data for segmenting users

Enable scoped directory search for Microsoft Teams

Make sure audit logging is turned on

Remove Address book policies

Provide admin consent for Microsoft Teams using PowerShell.

Part 1: Segment UAT users

Define UAT users and groups for IB segments

Identify which attributes to use for UAT segments

Define UAT segments for IB policies

Part 2: Define UAT IB policies

Define UAT IB Policies

Part 3: Apply UAT IB policies

Set UAT IB policies to active status

Monitor and Test UAT IB policy

Troubleshoot UAT IB policy if needed

Part 4: Segment PROD users

Define PROD users and groups for IB segments

Identify which attributes to use for PROD segments

Define PROD segments for IB policies

Part 5: Define PROD IB policies

Define PROD IB Policies

Part 6: Apply PROD IB policies

Set PROD IB policies to active status

Monitor and Test PROD IB policy

Troubleshoot PROD IB policy if needed

 

 

Verify that you have the required licenses and permissions

Microsoft 365 E5/A5

Office 365 E5/A5

Office 365 Advanced Compliance

Microsoft 365 Compliance E5/A5

Microsoft 365 Insider Risk Management

Targeted users for IB must have an EXO license

 

 

Remove an address book policy in Exchange Online | Microsoft Docs

 

 

Turn audit log seaTurn audit log search on or off – Microsoft 365 Compliance | Microsoft Docs

rch on or off – Microsoft 365 Compliance | Microsoft Docs

 

 

Admin consent for information barriers in Microsoft Teams – When your IB policies are in place, they can remove non-IB compliance users from Groups (i.e. Teams channels, which are based on groups). This configuration helps ensure your organization remains compliant with policies and regulations. Use the following procedure to enable information barrier policies to work as expected in Microsoft Teams.

 

Run the following PowerShell cmdlets:

Connect-AzAccount -Tenant “<yourtenantdomain.com>”  //for example: Connect-AzAccount -Tenant “Contoso.onmicrosoft.com”

$appId=”bcf62038-e005-436d-b970-2a472f8c1982″

$sp=Get-AzADServicePrincipal -ServicePrincipalName $appId

if ($sp -eq $null) { New-AzADServicePrincipal -ApplicationId $appId }

Start-Process  “https://login.microsoftonline.com/common/adminconsent?client_id=$appId”

 

UAT Block policies will be deployed

<insert policy names here>

<insert policy names here>

<insert policy names here>

<insert policy names here>

<insert policy names here>

<insert policy names here>

 

UAT Segments

Company Names will be used to define segments

<insert segment names here>

<insert segment names here>

<insert segment names here>

<insert segment names here>

<insert segment names here>

<insert segment names here>

 

 

Define information barrier policies – Microsoft 365 Compliance | Microsoft Docs

UAT Security Groups will be used for scoping of users so the UAT IB policy will use MemberOf attribute

<insert security group names here>

<insert security group names here>

 

 

PROD Block policies will be deployed

<insert policy names here>

<insert policy names here>

<insert policy names here>

<insert policy names here>

<insert policy names here>

<insert policy names here>

 

 

PROD Segments

Company Names will be used to define segments

<insert segment names here>

<insert segment names here>

<insert segment names here>

<insert segment names here>

<insert segment names here>

<insert segment names here>

 

 

Define information barrier policies – Microsoft 365 Compliance | Microsoft Docs

PROD Security Groups will be used for scoping of users so the PROD IB policy will use MemberOf attribute

 

<insert security group names here>

<insert security group names here>

 

GD Star Rating
loading...
GD Star Rating
loading...