When working with Exchange I sometimes come to clients who already have a hybrid exchange configured environment. In many cases this is when the hybrid configuration does not work.To make things easier for myself, I created an overview that eliminates the pain of firewalls and networks.
To help you guys out in these situations i share my ports overview document with you, The document is mentions as a cheat sheet this means that you can adjust it and present it to the customers network team.
There are always some requirements for a Exchange hybrid environment
External IP for a seperate Hybrid flow that resolves to hybrid.domain.nl
You need to be sure that the hybrid server is part of the mail environment
Make sure autodiscover is set the right way
The Exchange server which is used for the Hybrid configuration needs to be in the LAN
Do NOT forget the Exchange online and Exchange online protection URL’s
If you do not have an external IP use the external IP of the autodiscover.
Click here to read other posts for more Exchange related posts.
What is Microsoft Operation Management Suite (OMS)
Oms (Microsoft Operations Management Suite) is Microsoft’s cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. In this case we will use OMS to monitor and sort of “manage” Azure AD connect and Azure AD identities.
Before we start with OMS
Bore we start there are some requirements.
We need a Valid OMS Subscription – OMS has different level of subscriptions. It is depending on the OMS services you use and amount of data you uploaded. Ther is a free version which provides 500mb daily upload and 7-days of data retention.
Direct Connection to Azure AD
Domain Administrator Account in order to install the agent in the domain controllers we need to have Domain Administrator privileges.
Global admin account to perform some actions in Azure AD
By default, AD Assessment solution is enabled. In order to enable AD Replication Status click on the tile from the solution list and then click on Add.
Install OMS Agents
Next step of the configuration is to install monitoring agent in domain controllers and get them connected with OMS.
1. Log in to the domain controller as domain administrator
2. Log in to OMS portal
3. Go to Settings > Connected Sources > Windows Servers > click on Download Windows Agent (64bit). it will download the monitoring agent to the system.
4. Once it is download, double click on the setup and start the installation process.
5. In first windows of the wizard click Next to begin the installation.
6. In next window read and accept the licenses terms.
7. In next window, we can select where it should install. If there is on changes click Next to Continue.
8. In next window, it asks where it will connect to. In our scenario, it will connect to OMS directly.
9. In next window, it asks about OMS Workspace ID and Key. it can be found in OMS portal in Settings > Connected Sources > Windows Servers. if this server is behind proxy server, we also can specify the proxy setting in this window. Once relevant info provided click on Next to continue.
10. In next window, it asks how I need to check agent updates. It is recommended to use windows updates option. Once selection has made, Click Next.
11. In confirmation page, click Install to begin the installation.
12. Follow same steps for other domain controllers.
13. After few minutes, we can see the newly added servers are connected as data source under Settings > Connected Sources > Windows Servers
How to view analyzed Data
After a few minutes, OMS will start to collect data and virtualize the findings. To view this data, log in to OMS portal and click on relevant solution gallery tile in home page. You will find your analysed/ assessed servers there. You also get a quick overview and some recommendations for these servers.
Once click on the tile it brings you to a page where it displays more details about its findings. You will get a nice overview with all the collected data and it even provides you some fixes
How to collect Windows logs for Analysis
Using OMS, we also can collect windows logs and use OMS analyzing capabilities to analyze those. When this enabled, OMS space usage and bandwidth usage on organization end will be higher. In order to collect logs,
1. Log in to OMS portal
2. Go to Settings > Data > Windows Event Logs
3. In the box, you can search for the relevant log file name and add it to the list. We also can select which type of events to extract. Once selection is made click Save.
After few minutes, you can start to see the events under log search option. In their using queries we can filter out the data. Also, we can setup email alerts based on the specific events.
After you create a shared mailboxes, you have to assign permissions to all users who require access to the shared mailbox. Users can’t sign in to the shared mailboxes. They have to sign in to their own mailbox and then open the shared mailbox to which they’ve been assigned permissions.
Here’s how to use PowerShell to create and configure a shared mailbox for the Corporate Printing Services department at Contoso Corporation.
Create a shared mailboxes To create the shared mailbox for Corporate Printing Services, run one of the following commands:
Set-Mailbox info -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB
Create a security group for the users who need access to the shared mailbox In the Exchange Control Panel, create a security group for the staff who need access to the shared mailbox for Corporate Printing Services.
Select My Organization Exchange> Users & Groups > Distribution Groups > New.
Specify a display name, alias, and e-mail address. In this example, we’ll use Info, Companygroup, and Info@yourdomain.com.
Select the Make this group a security group check box.
In the Ownership section, click Add to add an owner, if necessary.
In the Membership section, click Add.
In the Select Members page, select the users you want to add. When you are finished, click OK.
On the New Group page, click Save.
Note After you create a security group, the membership is closed. When membership is closed, only group owners can add members to the security group, or owners have to approve requests to join the group. Additionally, only group owners can remove members from the security group.
Assign the security group the FullAccess permission to access the shared mailbox
To enable members of the Printing Services Staff security group to open the mailbox, read e-mail, and use the calendar, run the following command:
In our last blog i showed you how you can migrate content between site collection. For my test migrated some content from a users OneDrive to a Site collection of the department the user was in.
When i provided him with the information of the location of his content he notified me that he wasn’t able to see any of his content or documents.
So the first thing i thought ok probably the rights. But the thing was that the user created a subsite in his department where i had put his content. This means that the user is Site owner of that site. Then i realized we migrated his data from his OneDrive where only he had access to so i probably had to set the rights on the folders and content i had migrated.
Check permissions with the Sharegate Security and Management feature.
Go to Sharegate and select security. You will see the following options.
Then select Check permissions.
Select the group you want to check
Select your target Site, list or directory
Press View to view the Permissions of that moment.
Set rights to a list or library within a Subsites
To set rights with the Sharegate security an management tool go to security and select add permissions.
Again select the user or group which you would like to give permissions.
Select the Role you want to give the user or Group
Select the target where you want to give permissions
In my case i selected both options
Cascade to children
Cascade to Content
I did this because i have one user who doesn’t have rights on his own migrated folder.
Then press apply to set the permissions that’s it.
This feature i really dummy proof when you want to give easy permissions. Now you don’t have to got to the site, list or library to give permissions.
There are several ways to run projects. The way i explain this is a proof of concept what i recommend for my customers.
First of al you select the site collection where you will manage your projects. I recommend the that you create a new (private) site collection (https://yourtentant.sharepoint.com/sites/Projects). As site collection you choose Publishing Portal.
After you created the site collection you wil be guided back to the site collection overview. It kan take some time untill the site collection is provisioned.
Setting up the project page
When you start setting up your project page. i recommend you give every project a subsite. When you do this every project wil get the following apps.
– Email mailbox (you need to add this app separately)
The engineer or technician can synchronize that one project where he is working on. When he uses this feature he will have all the information he needs to work on this project.
To build a subsite go to the site collection you just made and select the little kamrad and select Content from site.
In this site collection you start with a creating a subsite. This subsite needs to be a project site.
When you start to create project subsites remember you always create the subsites under the Project site collection.
The fun part is that you can really start to collaborate with your team on projects. For example you can create tasks and sync them with you project team. When you do this the tasks of that project site will also be shown in you Outlook. another nice feature is that you can open the Timeline on the SharePoint project site with Microsoft Projects. When you use this you can easily add resources en tasks to the Projects SharePoint site.
If you have any questions please leave a comment bellow!
Creating a mailbox in Office 365 involves signing into your Office 365 account. The following steps assume your organization has already signed up for Office 365 through the MicrosoftOffice 365 Fast Track enrollment website.
4) Fill in the appropriate details for the user being added. See the following example then click on Additional Details.
Adding details for users
5) Fill in the appropriate details for the user being added. See the following example and click Next.
Continuing to add details for users
6) Determine if the user will be an administrator. If yes, choose the administrator type. Here are some detail to assist with the correct selection.
Setting admin level access
Billing Administrator – Helps make purchases, manage Office 365 subscriptions, oversee support tickets and monitor service heath. This role will not be available if Office 365 was not purchased directly through Microsoft.
Global Administrator – Will give access to all administrative features. Note the individual that enrolls Office 365 for your organization will also be a global administrator.
Password Administrator – Applies to those individuals that will need to reset a password, manage service requests, and monitor service health. This is great for a Helpdesk or an organization’s Security Administrators.
Service Administrator – This role is great for managing service requests and monitoring service health. Also note, before this role can be assigned to a user, they much first have admin access to a service such as Exchange Online.
User Management Administrator – Another great option for help desk or security administrator access this role allows them to reset passwords, monitor service health, manage accounts, groups and requests. This role is unable manipulate other administrator accounts or create admins’ roles.
7) For this example we are creating a Global Administrator in the United States. An alternate email address must be specified, then click Next.
Creating a Global Administrator
8) Choose the appropriate licenses the account will need. This link provides better insight into the many licensing options. For this example we will choose all the products available within the Enterprise plan. Click Next after making the selections.
Assigning appropriate licenses
9) Provide an email address to email up to five users the temporary password for this account. The password will also appear on the screen after clicking Create if sending the email is an option that will not be pursued.
Send Results in Email screen
10) Click Create another user if there are more to be created or click Finish if there are not.
4) If this is the first time the user is signing into the account then the password must be changed. Fill in the appropriate information and click Save.
Update Password Screen
5) Once signed in choose Settings from the upper right-hand corner.
6) Next, choose Office 365 Settings.
Choose Office 365 settings
7) If this is the first time that account is being signed into, all of the information about the account should be reviewed. This will be the information that was entered by the account administrator in Step 6 in the “Create a Mailbox” section. Once the information is verified, scroll down and click Save.
8) On the left-hand side of your screen click Software.
Install and manage software
9) On the left-hand side of your screen click Desktop Setup. Please note, this document assumes that the full Outlook Client is already installed.
Select desktop setup
10) Click Setup.
Click set up
11) After you click setup the automatic configuration will start however, when prompted, fill in the password for the account being configured.
12) A setup wizard will startup.
13) In this case we will only choose Microsoft Outlook and uncheck the rest. Click Continue.
Configure desktop applications and install updates
14) Next, Click Finish.
Click Finish to complete process
In this case the Wizard has determined that Manual Configuration will be required. In order to complete these processes, go to the section below which covers how to connect to the full Outlook 2013 Client. Also, if this wizard fails, please see the following troubleshooting document for additional information about the issue being seen.
Connect an Office 365 Mailbox to Microsoft Outlook 2013
This manual configuration can be used if the automatic configuration wizard determines your client requires a manual configuration for Outlook 2010 clients as well.
1) Open the Control Panel on the PC.
2) Double-click on the Mail applet in the Control Panel.
3) Choose Show Profiles.
Select Show Profiles
4) Click the Add button.
Click the Add button
5) Enter a profile name and Click OK.
Enter a profile name
6) Fill in the information for your Office 365 account. Please note, Internet access is required for this to work.
Add new account
7) Once the account and password have been verified the screen will appear as shown below. Click Finish.
8) Open Outlook to start using your Office 365 account.
That’s all there is to it! You are now embarking on a journey to email in the cloud with Microsoft Office 365.