450 4.5.0 Unable to proxy recipient

October 5, 2021Research

Recently a user tried to send an email from 365 to 365 user ( external not internet ) and got the following bounce back

Generating server: SYYP282MB0848.AUSP282.PROD.OUTLOOK.COM

Remote Server returned ‘450 4.5.0 Unable to proxy recipient (6a40c324-f14c-4772-8173-153f28bd5a97,c668bfef-4e9a-4374-9709-f7cc3ab2e31e)’

A look at the headers showed it never left 365! The email was resent and did not bounce back , there must of been an internal 365 issue

GD Star Rating
loading...

No Comments

“we could not verify the identity of the sender” Hybrid 365

August 11, 2021Research

Receiving an email into 365 in a hybrid setup shows the following error

Make sure if you are in Hybrid you add the External IP of your onprem Exchange server during migration to the SPF Record , as this is used by the connector

GD Star Rating
loading...

No Comments

Setting Up Outlook with 365 – something went wrong and outlook couldn’t set up your account. please try again. if the problem continues, contact your email administrator

June 11, 2021Research

Recently cut over a domain from an old 365 tenant to a new one, upon trying to add the email account to outlook was visit with the error

The old account had been enrolled in Intune here

Removing the old account here , I tried to enroll the new account however I got an enrollment message pop up , this something happens due to old enrollment data getting stuck

Delete ( or clear as much as you can from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments ) then try again

What fixed it

Sign out of the Account in Office
De-Register the Machine from AAD (Settings -> Work and School Accounts)
Delete all of the AAD certificates in the User’s Personal Certificate Store
Reboot

Note if you try and sign in to Office at this point, you will get a modern auth prompt but never get asked for a password

Re-Register the Machine with AAD
Re-License Office
Outlook and Autodiscover tests will now work

GD Star Rating
loading...

No Comments

Enforce TLS Communication between 365 Tenant and Mimecast

January 15, 2021Random

Create new Inbound Connector

Add domain of the client you would like to lock down

Tick this

Add Outbound TLS Connector

GD Star Rating
loading...

No Comments

konica minolta from address is not set ( 365 Scan settings )

November 16, 2020Research

Add the from field here

and here

365 Settings

GD Star Rating
loading...

No Comments

Image links to remote sites – Mimecast

June 23, 2020Research

After enabling Mimecast for Inbound routing , Threat Protection Re-Writes the URLs for Safety. When this is enabled with the following 365 Spam Check : Image links to remote sites

Which : Messages that contain <Img> HTML tag links to remote sites (for example, using http) are marked as spam.

All Inbound emails with Images with Hyperlinks get marked as Spam by Office365. Make sure this is turned off!

GD Star Rating
loading...

No Comments

Take ownership of an unmanaged 365 tenancy

April 26, 2020Research

https://docs.microsoft.com/en-us/microsoft-365/admin/misc/become-the-admin?view=o365-worldwide

Had to go through this process for a customer, because their VLSC account was setup at some stage in the past using [email protected] VLSC account as a work or school account, the domain was already registered against an unmanaged Azure AD directory, so we couldn’t set them up to use Teams. It’s a straight forward process just follow the article.

To find out if a domain is part of an unmanaged Azure AD directory, you can follow https://docs.microsoft.com/en-us/power-platform/admin/powerapps-gdpr-dsr-guide-systemlogs#determining-tenant-type as specified in the article.

GD Star Rating
loading...

No Comments

365 Email ; Something went Wrong setup of new email account

April 5, 2020Research

The autodiscover process checks a few records , one of these is the root domain A record, and once you have an SSL certificate on your Web Server under cPanel, it intercepts the Autodiscover request cPanel believes it is hosting the email, and directs that to itself to its email servertrying to be helpful ( Instead of your Exchange server or 365 ) .

The email users are not setup on your cpanek, so no matter what you try, you will not be able to setup the user’s Outlook profile. This is the error I was getting in Outlook 2016. The error will be different for other versions of Outlook or if you are setting up the profile from Control Panel, but essentially it will not let you complete the profile setup.

The fix is quite simple, you just need to change the setting in cPanel or WHM (also owned by cPanel) from the default setting of “Local Mail Exchanger” to “Remote Mail Exchanger” and that’s it.

GD Star Rating
loading...

No Comments

365 Information Barrier

March 25, 2020Research

Phase	What’s involved
Prerequisites	Verify that you have the required licenses and permissions
	Verify that your directory includes data for segmenting users
	Enable scoped directory search for Microsoft Teams
	Make sure audit logging is turned on
	Remove Address book policies
	Provide admin consent for Microsoft Teams using PowerShell.
Part 1: Segment UAT users	Define UAT users and groups for IB segments
	Identify which attributes to use for UAT segments
	Define UAT segments for IB policies
Part 2: Define UAT IB policies	Define UAT IB Policies
Part 3: Apply UAT IB policies	Set UAT IB policies to active status
	Monitor and Test UAT IB policy
	Troubleshoot UAT IB policy if needed
Part 4: Segment PROD users	Define PROD users and groups for IB segments
	Identify which attributes to use for PROD segments
	Define PROD segments for IB policies
Part 5: Define PROD IB policies	Define PROD IB Policies
Part 6: Apply PROD IB policies	Set PROD IB policies to active status
	Monitor and Test PROD IB policy
	Troubleshoot PROD IB policy if needed

Verify that you have the required licenses and permissions

Microsoft 365 E5/A5

Office 365 E5/A5

Office 365 Advanced Compliance

Microsoft 365 Compliance E5/A5

Microsoft 365 Insider Risk Management

Targeted users for IB must have an EXO license

Remove an address book policy in Exchange Online | Microsoft Docs

Turn audit log seaTurn audit log search on or off – Microsoft 365 Compliance | Microsoft Docs

rch on or off – Microsoft 365 Compliance | Microsoft Docs

Admin consent for information barriers in Microsoft Teams – When your IB policies are in place, they can remove non-IB compliance users from Groups (i.e. Teams channels, which are based on groups). This configuration helps ensure your organization remains compliant with policies and regulations. Use the following procedure to enable information barrier policies to work as expected in Microsoft Teams.

Run the following PowerShell cmdlets:

Connect-AzAccount -Tenant “<yourtenantdomain.com>” //for example: Connect-AzAccount -Tenant “Contoso.onmicrosoft.com”

$appId=”bcf62038-e005-436d-b970-2a472f8c1982″

$sp=Get-AzADServicePrincipal -ServicePrincipalName $appId

if ($sp -eq $null) { New-AzADServicePrincipal -ApplicationId $appId }

Start-Process “https://login.microsoftonline.com/common/adminconsent?client_id=$appId”

UAT Block policies will be deployed

UAT Segments

Company Names will be used to define segments

Define information barrier policies – Microsoft 365 Compliance | Microsoft Docs

UAT Security Groups will be used for scoping of users so the UAT IB policy will use MemberOf attribute

PROD Block policies will be deployed