The best way to learn about Exchange Server is to get hands-on with the product. And the best way to get hands-on without risking a production environment is to build your own test lab.
In case you were caught up in the spectacle surrounding "Back to the Future" day this week, here's what you may have missed in the Exchange and Office 365 world:
Yesterday, Microsoft issued its monthly security bulletin. This time around, the bulletin also includes a fix for a vulnerability that affects only Exchange 2013 environments.
Anyone who runs an on-premises Exchange environment today would be forgiven for wondering how long their job will last, at least in its current shape. The sales pressure from Microsoft and other vendors to influence CIOs to consider moving workloads to cloud platforms increases all the time and the inevitable fear is that jobs disappear once work is transitioned.
The situation for an Exchange administrator is pretty straightforward. The company can stay with on-premises Exchange for the immediate future as Microsoft’s support policy means that Exchange 2013 will remain in extended support until 2022 while Exchange 2016, due for release in late 2015, will be supported until 2025. The same support window applies for hybrid deployments where some workload stays on-premises and some runs in the cloud. On the other hand, the company might decide to go "all in" and embrace the cloud by moving to Office 365 or another hosted Exchange solution.
Many already realize the overarching benefits of Exchange virtualization, but may have lingering questions regarding deployment, cost, complexity, configuration, support, third party applications, and more. Recently, ENow board member and Microsoft Exchange MVP Tony Redmond authored a white paper titled “Virtualizing Exchange 2013 – the right way” the document deconstructed the arguments for and against Exchange virtualization and presented recommendations and best practices for a level-headed deployment.
To read Tony’s white paper: Please visit VEEAM: (Requires form fill for download)
In short, virtualization is not for all companies. Every organization has unique needs that must account for the pros and cons of this cloud-based strategy. Cutting through the marketing claims, do you have the right personnel who understand virtual environments and have the right experience (like understanding hypervisors) required to support and maintain virtualization? Tony puts it this way:
“What is true is that any decision to use virtualization for any application should be well-founded and based on real data. Deciding to virtualize on a whim is seldom a good idea.”
- Premise-to-Cloud Exchange Migration Puts Pressure on Everyone
- Hybrid deployment offers better control, more options, less stress
“Cut-over” Even the word itself sounds abrupt. The pressure of preparing all of your data, especially your critical Exchange email data, and then trying to move all of it all at once without creating disruption for users is neither a trivial project nor a welcome prospect.
With many companies moving to the Exchange Online component of Office 365, email migration becomes a primary concern. Many are choosing to begin with a hybrid deployment in which some mailboxes are moved online while others remain on the company’s existing Exchange server.
Brad Anderson, corporate vice president, Windows Server & System Center, says that the hybrid approach can accommodate the way any organization grows, organizes and operates “in any setting, under any circumstances.” A key reason for going hybrid is that “this approach helps organizations avoid placing all of their eggs in one basket. Having all of your data in a single place makes you vulnerable to the occasional outage, and it also puts you at the mercy of your access to a particular physical or virtual location."
For others, the reason for starting with a hybrid deployment is simpler. The less you have to move at one time, the less the risk of error or data loss. Migrating groups of mailboxes on a scheduled basis over a period of time also dramatically reduces the likelihood of introducing disruption for the users. It also gives administrators more time to more closely examine email content that may be better moved off to archive and take advantage of the migration as an opportunity to reduce the overall size of their Exchange message store.
The MEC 2014 conference was amazing and brought together email administrators from around the world to talk about Microsoft Exchange. The conference started with a keynote where they announced the introduction of OWA for Android. This offering provides Android users another option for their daily needs and provides an alternative to ActiveSync. OWA for iPhone was already previously available.
(MEC 2014 T-shirt by ENow)
Other keynote insights on the future direction of Exchange and Office were:
Exchange 2010 Public Folders allow your administrators the ability to grant specific users the ability to send mail on behalf of a mail-enabled public folder.
Before we look at the Manage Send As issue, let’s take a look at how an Exchange or Security administrator would adjust the mail-enabled Public Folder Send As Permissions.
How to Manage the Public Folder Send As Permissions
- Open the Exchange Management Console
- Click the + to the left of Microsoft Exchange On-Premises
- Click the Tool Box
- Double-click Public folder Management Console
- Select the public folder that you would like to adjust the Send As Permissions on
- On the right-hand side of the screen choose Manage Send As Permission
Understanding the details of user mailbox access is very important to knowing what is going on within an Exchange environment. Being able to proactively audit mailbox access has become critical to the technology world we live in today due to the constant threat of security vulnerabilities. Environmental threats can come from inside or outside of our organizations.
So, what kind of information can you obtain if you are auditing user mailboxes?
When auditing is enabled, Exchange Administrators will know when a mailbox owner, delegate or administrator mailbox login has occurred, and what actions were taken while the user was logged in. This includes:
Whether a mailbox folder was accessed
If a message was permanently deleted or just sent to the deleted items folder
If an email was sent based upon the Send As permission
If an email was sent using Send On Behalf permission
Whether an email was moved to another folder
If the message properties were updated
Have you ever needed to change your Default Role Assignment Policy in Exchange 2010 through Exchange Management Shell? An example of when you might want to do this is to prevent users from creating organizationally visible distribution lists through Outlook Web App. Recently I realized that there may be a problem with the Set-RoleAssignmentPolicy command that can be used to set your users default role assignment policy. Here is what was experienced.
Set Exchange users to the Default Role Assignment Policy
As you can see by double-clicking on the image below the following powershell command was run and indicated that all users were set with the Default Role Assignment Policy.
Set-RoleAssignmentPolicy "Default Role Assignment Policy" –IsDefault
My next step was to remove my unused role assignment policy through Exchange Management Shell.
Remove-RoleAssignmentPolicy “Policy Name Here”