Improved External Email Tagging in Office 365

August 25, 2022 Brad Wyatt Comments 0 Comment

With the rise of Phishing emails, a popular method to help your users not get phished is to append warnings to emails that either originate outside the organization or if they originate outside the organization and the display name matches that of a internal user. I myself have posted a blog on how to do this and get around the mail flow limitations.

A problem with this method however, is since it prepends a message or warning to the email, users can no longer view previews of the emails either in outlook or on mobile because all they will see is the warning message. A possible solution that I have rolled out several times is to prepend a warning unicode character (⚠️) to the message. The warning symbol was approved as part of Unicode 4.0 in 2003 and added to emoji 1.0 in 2015. As long as the receiving end … Continue...

Office 365 Anti-Impersonation Email Banner with PowerShell & Azure for Large Enterprises – No More Mailbox Limit

June 30, 2020 Brad Wyatt Comments 4 comments

The Problem

E-mail spoofing/impersonation is a huge threat to many companies today. A very common approach by scammers is to send your users an email using the display name of a real person within your company. Many users will glance at the email and see the display name and be none the wiser. A popular defense against this is to tag all external emails with a banner, letting the user know that the email came from an external source. The biggest problem with this method is that it tags all emails, which over the course of a few months, could be thousands of emails for a single user, causing them to begin to ignore the banner altogether.

So I like to create mail flow rules in Exchange to only append a banner if the email originates from an external source, and the display name of the sender matches a display … Continue...

Office 365 Email Address Policies with Azure Automation

November 20, 2019 Brad Wyatt Comments 3 comments

Email address policies (EAP) define the rules that create email addresses for recipients. By setting up policies you can guarantee your users will have certain email address that follow the rules you have set in place. Unfortunately, in Office 365 Exchange Online there are no email address policies you can set for your users. In a larger organization where multiple people may be creating and editing users in Exchange Online, it’s possible that not all your users are following the address scheme you or your company has implemented. In this article I will leverage PowerShell and Azure RunBooks to make sure all of my users adhere to my companies EAP.

Setting up the Azure Automation Resources

In the next section I will go over what Azure resources we will be creating and what each one is responsible for. You can skip ahead to the configuration script below which will create … Continue...

Auto License Office 365 Migration Users Prior to Completing the Migration

April 6, 2018 Brad Wyatt Comments 1 comment

When doing a migration to Office 365, one of the final steps prior to “flipping” the user in the migration batches, is to make sure to properly license them so once they flip they get an Exchange Online mailbox. One of the issues you will come across is you will have more users in Office 365 than you are migrating. This is very common because some users may not need Exchange services but may need other Office 365 offerings such as OneDrive, SharePoint, etc. This also happens when you use ADConnect to sync on-premise Active Directory users to Office 365 and again, not everyone will be needing an Exchange mailbox. However, prior to completing your migration batch jobs is all the users in the batches must have a proper license for Exchange.

Instead of going through user objects one by one, I created a script that will do the following:… Continue...

Get Friendly License Name for all Users in Office 365 Using PowerShell

March 19, 2018 Brad Wyatt Comments 41 comments

When you want to look up a users license in Office 365 using PowerShell you are presented with a unfriendly Sku. Sometimes the Sku and the actual license name are similar but sometime it’s hard to distinguish the name from the Sku.

Using a hash table we can convert the Sku to its friendly name an have PowerShell do a lookup.

The script will first lookup all users that are currently licensed so it does not attempt to look up a null value. It will then go through each licensed user, take all of their licenses and put it in an array, do a lookup on each license they have and export the user’s Display Name and friendly license name to a CSV file. It will append the results to the CSV so it does not overwrite the file.

Single Tenant:

The results will display the user and their friendly … Continue...

Create Bulk Office 365 Compliance Searches with PowerShell

March 18, 2018 Brad Wyatt Comments 0 Comment

Recently I wanted to find a way to get PowerShell to create compliance searches that followed keyword queries and search conditions. This means I could have multiple values in one search query. For example, “TO brad wyatt AND FROM [email protected]”. This query would search for e-mails sent to Brad which only from [email protected]. To get PowerShell to do this I decided to create a Hash Table that would have the queries listed in the table.

After it would create each compliance search it would then wait for the search to gather all of the results and then export the amount of items it found to a csv file. Each Compliance Search would append its results to the same file so in the end I would have a CSV file containing all of the Compliance Searches and the objects it found for each one.

To keep from having the Compliance Search … Continue...

The Lazy Administrator

Finding ways to do the most work with the least effort possible

Exchange