Friday, October 31, 2014

Yet another new iOS issue with Exchange ActiveSync !!!

Recently we had iOS 8.X released to the market and all new Apple devices are now getting updated with this version and unlike iOS7 which had only limited impact to Exchange ActiveSync, now this new version is causing a wave of issues similar to iOS6.

Meeting invites are again affected by this new issue and raising an critical alarm in the environment and I believe its now affecting major part of the customers and mostly with Exchange Online. And my users are also among the affected ones and we were unable to provide a proper fix to them at the moment, because the workaround provided to address this issue is fine at one instance, but it may not be suitable for all the customers and mainly very large Enterprise customers.

Microsoft team and Apple are now aware on this issue and started to update customers with their current update and we may get a fix soon. Microsoft stated that soon this new issue will be updated to their Knowledge base article.

Current issues with Microsoft Exchange ActiveSync and third-party devices 

More information is well documented and available in the below Office 365 Community forum post and you can watch out this discussion for further more updates.

Access here :  Your meeting was found to be out of date and has been automatically updated

*Add-on Read: iOS 8 ActiveSync problem causes out-of-date meetings - Tony Redmond's Exchange Unwashed Blog  


Microsoft team finally acknowledged this issue and published the below Knowledge base article with the root cause and workaround.

Review here:  Known calendaring issues with iOS 8.x devices

Stay tuned for more updates...

Thursday, October 30, 2014

Office 365 Performance Management

Office 365 Performance Management is a crucial topic, every Consultant and Administrator who work with Office 365 should have strong insight and possess good knowledge on this topic.

Microsoft team published an excellent write-up regarding the new resources available to know more on this topic addressing the key requirement for a successful Office 365 deployment and Administration.

Access the below Office Blog post to know more.

Review here: Tune and optimize performance of your Office 365 connection

The Key resources as referenced in the blog post includes,

Network Planning and Performance Tuning - TechNet

Access here: Network planning and performance tuning for Office 365

Office 365 Performance Management - Microsoft Virtual Academy Course 

 Topics Covered

  • Office 365 Performance Management Course Introduction
  • Office 365 Datacenters and Network
  • Planning for Office 365 Internet Capacity – Exchange Online
  • Planning for Office 365 Internet Capacity – Lync Online
  • Planning for Office 365 Internet Capacity – SharePoint Online
  • The Baselining Model for Internet Capacity Planning
  • Best Practices & Real Customer Projects Planning Internet Capacity
  • Planning for Office 365 Firewalls Whitelisting
  • Performance Troubleshooting Process and Tools Used
  • Performance Troubleshooting Tests
  • Troubleshooting SharePoint Online Customizations

Access the recorded course here: Office 365 Performance Management

Review the below Excellent Blog post from Paul Collinge MSFT to Optimise Network Performance for Office 365

Top 10 Tips for Optimising & Troubleshooting your Office 365 Network Connectivity 


Access the latest Blog post from Paul Collinge MSFT on Office 365 Connectivity Guidance

Key topics covered,
  • Optimized connectivity to Microsoft’s global network
  • Localized network egress as close to the user as possible
  • Unhindered access to the endpoints required
  • Local DNS resolution


Take a look at the below Microsoft Ignite session to know how to Troubleshoot Office 365 Network performance

Access here: Overcome network performance blockers for Office 365 Deployments

Also I have covered various vital contents under my Office 365 section.

Stay tuned for more updates...

Exchange Server 2013 Management Pack Update released !!!

Microsoft team released a new update to the Exchange Server 2013 Management Pack to address key customer feedback about getting additional information into System Center Operations Manager to allow users to better understand the health and performance of the Exchange environment.

Review the Official Blog post below to know more on the update and download the latest version for better environment monitoring.

Access here: Exchange Server 2013 Management Pack Update

Wednesday, October 29, 2014

Disable Support for SSL 3.0 to Avoid POODLE Attack !!!

Believe everyone is aware about the latest POODLE (Padding Oracle on Downgraded Legacy Encryption) vulnerability that affects clients that are using SSL 3.0, this is considered bit more dangerous that Heartbleed bug that raised the alarm recently and most of the Organizations already started to disable SSL 3.0 support on their clients and applications. And today Microsoft team published an update to this issue in terms of Office 365 to notify customers with the newly available workaround to disable SSL3.0 support from IE Browser clients that connect to the service along with the deadline.

Extract from the Official Post: 

Starting on December 1, 2014, Office 365 will begin disabling support for SSL 3.0. This means that from December 1, 2014, all client/browser combinations will need to utilize TLS 1.0 or higher to connect to Office 365 services without issues. This may require certain client/browser combinations to be updated.

Although analysis of connections to Microsoft online services shows very few customers still use SSL 3.0, we are providing customers with advance notice of this change so they can update their impacted clients prior to us disabling SSL 3.0

A new Fix it was released today to disable SSL 3.0 support from IE browser and also we have reference to the updated Security advisory article "Microsoft Security Advisory 3009008" that outlines more on this vulnerability and steps to utilize GPO settings to get this change implemented Organization wide.

Review the Official Blog post here: Protecting you against the SSL 3.0 vulnerability

Also refer the latest ZDNet post covering some more discussion on the topic and also it explains how other browser clients are responding to this vulnerability

Google has said that it will remove SSL 3.0 support from all their client products over the next few months. The next version of Firefox (due November 25) will disable SSL 3.0 completely. In the meantime, Mozilla has created an SSL Version Control add-on to allow users to disable the feature.

Review here : Microsoft releases anti-POODLE Fix It

*Microsoft team is discontinuing the support for SSL 3.0 with Azure Storage by February 2015.

Microsoft Disabling SSL 3.0 in Azure Storage Next Month

Tuesday, October 28, 2014

Built-in Mobile device management now Available for Office 365 !!!

As a great innovation today Microsoft team made an Official announcement in TechEd Europe 2014 event that soon Office 365 customers will have Built-in Mobile device management features included within the service

As stated in the Official Announcement  these features are set to roll out in the first quarter of 2015. Microsoft team recommends customer to use Windows Intune for advanced Mobile Device management features, Also suggests to have both in place for better experience based on customer's requirement .

Review the Official Announcement here: Introducing built-in mobile device management for Office 365

Directly access the Garage Series demo here: Announcing mobile device management for Office 365

*Additionally, Check out my earlier post to know how to use Microsoft Enterprise Mobility Suite with Office 365

Access here: Mobile Device Management for Office 365

* A great add-on read on this topic is available below from eweek magazine.

Microsoft Enterprise Mobility Suite Cozies Up to Office

Mobile Device Management for Office 365

In today's IT world Mobility plays a major role and with the advent of BYOD now we see people use mobile devices to access corporate data from any corner of the world and Organizations that provide this feature to their users are relaying on strong Mobile Device Management system. Microsoft team recently released their Enterprise Mobility Suite that address this MDM need for the customers and also entered the market as a strong competitor among  the existing solution and established itself as a leading  MDM solution adopted world wide.

Office 365 customers are now worldwide and as with every other customer Mobility plays a vital part for all these customers and this becomes quite crucial as their data is available in Microsoft Cloud, with the availability of EMS we can integrate it with Office 365 and create a strong MDM solution.

To get to know how to use Enterprise Mobility Suite (EMS) with Office 365 and its benefits,  Microsoft team provided us with the Microsoft Virtual Academy Course covering all aspects on this topic

Course Topics

  • Expanding Office 365 with Enterprise Mobility Suite: (01) Course Introduction
  • Expanding Office 365 with Enterprise Mobility Suite: (02) Get More Information About Your Users
  • Expanding Office 365 with Enterprise Mobility Suite: (03) Make Your Users Safer
  • Expanding Office 365 with Enterprise Mobility Suite: (04) Ease Your Management Overhead
  • Expanding Office 365 with Enterprise Mobility Suite: (05) Get More Information About Cloud Apps
  • Expanding Office 365 with Enterprise Mobility Suite: (06) Get Control of Cloud Apps
  • Expanding Office 365 with Enterprise Mobility Suite: (07) Protect Your Customers Files Wherever They Are
  • Expanding Office 365 with Enterprise Mobility Suite: (08) Give Your Users A Reason To Be Managed

Access the complete course here: Expanding Office 365 with Enterprise Mobility Suite

TechEd Europe 2014 has begun...

TechEd Europe 2014 has now begun and we have various sessions between all these days 28-31 OCT 2014. TechEd opening Keynote is presented by Microsoft's Jason Zander, Corporate Vice President, Microsoft Azure and Joe Belfiore, Corporate Vice President of PC, Tablet and Phone, Operating Systems Group, various significant enhancements and new innovations are being announced now.

You can watch the Live streaming here: LiveTechEd Europe 2014

Follow the Official Twitter account for live updates : @teched_europe

*Take a look at the new announcements made to Office 365 in terms of Security and Compliance in today's event.

Review here:  Office 365—Our latest innovations in security and compliance

*Check out more on today's announcements from the below WindowsITPro post

Microsoft Launches TechEd Europe with Wave of Announcements - Paul Thurrot 

*TechED Europe 2014 videos are now getting posted in Channel9.

Access here : TechEd Europe 2014 Videos

*You can utilize the below script provided by MVP Peter Schmidt to download the videos and slides at one go.

Access the Script here: Download All Videos and Slides from TechEd 2014 Europe

We can expect more great things in the next upcoming days. stay tuned...

Monday, October 27, 2014

Unlimited OneDrive Storage is coming to all Office 365 Subscribers !!!

Today is a great day for Office 365 Customers as Microsoft team now made an announcement that now all Office 365 customers will get unlimited OneDrive storage at no additional cost and they started their roll-out from today and soon all Office 365 customers will have this benefit.

Review this Official "The OneDrive Blog" post for more details: OneDrive delivers unlimited cloud storage to Office 365 subscribers

Also recently we had an another update for OneDrive, where we can Upload file size up to 10 GB and 1 TB of Storage space but now we have this unlimited storage, this all shows that Microsoft is now making the move to make Cloud a better place for storage and also enhance Office 365 adoption.

Tuesday, October 21, 2014

Recover Deleted Mailbox in Office 365

Recovering deleted mailboxes are not new for us as Exchange Admins but this becomes quite tedious when we are managing an Exchange Hybrid Environment with Federated Identity.

Recovering mailbox in a traditional On premises Environment or a fully hosted Exchange Online Environment are straight forward with few easy steps. Refer the below articles to know this in detail.

Exchange On premises : Connect or restore a deleted mailbox

Exchange Online : Delete or Restore User Mailboxes in Exchange Online

This blog post is written to cover few important and complex mailbox recovery scenario with Office 365 and we begin with recovering deleted mailbox in cloud in a Exchange Hybrid deployment with federated identity.

Exchange hybrid deployment with Federated Identity, this involves both ADFS and Directory synchronization. In this setup, AD account associated On premises is a key component, unlike the above scenarios, if this object is deleted its impossible for us to set things as before. We can still recover the mailbox contents alone in Cloud though the On premises AD account is deleted as the associated Office 365 account still remains in deleted users for 30 days and the mailbox will be available in soft deleted mailboxes for the next 30 days. Even if the Object in Office 365 is deleted post 30 days retention, we still have possible ways to get the mailbox recovered to a new cloud only mailbox from Removed mailboxes which I will explain in the later part of this article.

To clarify my above statement lets do some quick discussion on this topic, In a DirSync environment objects are Synchronized from On premises to cloud and the Source of Authority is On premises for managing the objects and when we enable Federated Identity the Identity management is moved to On premises via ADFS and provides a true SSO experience for users when accessing Office 365.

On the Technical background every AD object is unique with an Object GUID we call this as an Source Anchor and the same is synchronized to Cloud and gets set as the Immutable ID for the associated MSOL object in Office 365, this is the binding parameter that ensures that these two identities are tied up to each other to achieve a true SSO.

When you are using DirSync, Objects are Synchronized from On premises to Azure and the changes that are enforced on these objects are synchronized periodically, The default interval is 3 hrs. and still you can customize this to your needs and also force DirSync on demand. With this being said, when an Object is removed from On premises the same is removed in Azure and if we want to restore the deleted object by chance and wanted to set things as before, then we need to restore the deleted object only from On premises AD and then perform some tweaks on the recovered object and Sync it back to Azure.

Example of a DirSync object in Admin portal

More information on the above said point is updated in this Microsoft knowledge base article with the workaround which is the key for this article.

Review here: How to troubleshoot deleted user accounts in Office 365

Refer Resolution 3: Recover a user account that was deleted because the on-premises user object was deleted from the on-premises Active Directory schema Section.

Following the steps outlined is an straight forward process where we can recover the deleted object from AD Recycle bin if we have Windows Server 2008 R2 and Later Functional levels and if we don't have AD Recycle bin or your Functional level is below the required criteria then we can utilize the AdRestore tool to perform the recovery of the deleted AD object from Tombstone. Authoritative Restore is also an option but this is not recommended.

In addition to the above methods, we have one more reliable method of recovering the object from tombstone using LDP.exe as I don't have AD recycle bin available in my environment I am utilizing this method to recover the object and this is method is not shown in the knowledge base article.

Instructions to use LDP.exe and performing the recovery is already covered excellently in this below article

Restore Deleted Objects in Active Directory Database Using Tombstone Reanimation (LDP.EXE) 

In addition to the above recovery steps, we do have one important note to consider, when you expand the deleted item container it will list only few objects based on the Maxpagesize settings in the environment and to over come this you can perform a search on the Tool using the below filter and then follow the recovery process.

During the search use the Filter “(samAccountName=?)” Where ? Refers to the deleted account samaccountName which will normally be the alias of the account.

Search options are explained in detail here:

As stated in the knowledge base article once the object is recovered from Tombstone it will be made available as a stripped object without any vital attributes set on the object and the most important part is it will be recovered with the same Object GUID as before which is required for us to rebind this object to the MSOL object.

Once the object is recovered we need to re-add the User Principal Name and the necessary Attributes to the AD account and re-enable it for exchange as before and then execute the DirSync, once this is done this recovered object will get in sync with the Cloud object available in the deleted users list and that will get enabled and moved to Active users with the Mailbox intact as before.

*One more important tweak you need to make is to set the On premises Remote Mailbox object Exchange GUID matching the Exchange Online Mailbox GUID, this is done to make the Hybrid mailbox moves possible as this is mandate for the accounts to be in sync when we move mailboxes from Cloud to On premises.

Detailed behavior is explained in this Community Post : Exchange Hybrid Deployment – Moving Cloud-Based Mailboxes to the On-Premises Organization

Once everything is set we can access the Mailbox as before with our On premises credentials and experience the true SSO.

This completes the recovery process for our scenario.

*As stated earlier in the blog post it is still possible for us to recover the mailbox without restoring the AD object On premises this is done to recover the mailbox contents and it will not assist us in bringing the original setup back as with the above formal process and this is still a good solution if we just want to get the mailbox contents from the deleted mailbox.

Recovering soft deleted Mailbox directly in cloud

Navigate to Exchange Admin center and click on (…) and select deleted mailboxes and it will list the soft deleted mailboxes with the deleted date.

Now click on the mailbox that you want to restore and select Restore button and when you do this you will be prompted to enter the details, ensure that you fill in the Display Name and choose the logon name suffix as "" update the password and finish the recovery process.

Once this is done the Mailbox is recovered in cloud and you can access the mailbox by granting yourself Full Access to it and export the mailbox contents to a PST.

Also you can recover the mailbox from Soft deleted mailboxes using Undo-SoftDeletedMailbox cmdlet and then follow the PST process.

We can follow the above process as long as the mailbox is available under soft deleted mailboxes which is 30 days from the date of deletion.

*If you have enabled Litigation hold or In Place hold on the mailbox before deletion the contents are preserved as the mailbox will be moved to Inactive Mailboxes.

Review here: Manage inactive mailboxes in Exchange Online

Recovery Method with a New AD object

*We still have option to recover the mailbox post this 30 days retention date from Removed mailboxes which will occur once the MSOL object is deleted and the associated mailbox is moved from Soft deleted mailboxes to hard deleted mailboxes  ( Removed / Orphan Mailboxes).

We can check for this mailbox using Get-RemovedMailbox Cmd let in Exchange Online and make a note of the GUID and reconnect it to a new Cloud only account as shown in the below blog post and recover the contents.

Review here: Recovering a deleted mailbox in Microsoft Office 365

Once the AD object On premises is deleted you can delete the corresponding MSOL object in Office 365 permanently with the -RemovefromRecyclebin cmdlet and once this is done the Mailbox is hard deleted and moved to Removed mailboxes and then you can very well follow the above process and bring it back to life with a new Cloud only account as a first step.

*Once the mailbox is mapped to the new cloud only account it behaves like a mailbox provisioned fully in cloud that will not contain an ImmutableID which is the key for our recovery.

*Add the necessary SMTP address of your federated domain and make it primary if its not set correct.

 *Next, we will create a new AD object and the set the object as before with the necessary attributes and Primary SMTP (We can create a Remote Mailbox object On premises). Now we can force Dirsync or wait for the DirSync schedule run. We are all good now to utilize the SMTP matching feature (Soft Match) to bind the On Premises AD object to the MSOL object which sets the new AD object's Object GUID as the immutable ID in MSOL and then the mailbox is functional as before with SSO.

Review the SMTP Matching knowledge base here:

*If you get any NDR for the old emails you can utilize the below knowledge base article and re-construct the X500 address and add it to the account On premises which will DirSync to cloud and make things work as before.

Review here:

This completes this recovery method.


This method is also a reliable method but not a recommended method by Microsoft, Also unfortunately this is not working in my Hybrid deployment with DirSync where the Mailbox is getting moved to soft deleted mailboxes instead of Removed mailboxes even though I force fully remove the MSOL object from Office 365.

This same behavior is experienced by Microsoft team and found this works well for fully hosted scenario and not for Hybrid deployment with DirSync and still I am awaiting for a possible solution and update here soon.


After working with Microsoft team we identified the workaround, where this could possible be a Sync issue between MSODS and Exchange Online which is not moving the mailbox from soft deleted mailboxes to hard deleted ( Removed Mailboxes) once MSOL object is removed.

To fix this we recovered the mailbox available under soft deleted mailboxes using Undo-SoftDeletedMailbox cmdlet , which recovered the mailbox with the note to assign the License before the grace period expires which will remove the mailbox if not done.

We waited for the grace period to expire and then the mailbox was successfully moved to the hard deleted mailboxes and available under Removed Mailboxes.

Once this is done we are all set to follow the instructions provided above under "Recovery Method with a New AD object " method for successful recovery.


You can additionally prevent accidental deletions in Azure when using Dirsync by following the instructions provided in the below Blog post.

DirSync: How To Avoid Syncing Accidental Deletes To The Cloud Directory

Believe this post is quite useful for readers to recover mailboxes in a Hybrid environment with federated identity and also other possible mailbox recovery scenarios with Office 365.


Microsoft team is making some significant changes to the Mailbox recovery with Office 365 by discontinuing method of recovering the mailbox using hard delete option, since this impacts other service related access with Office 365 and suggests us with a new supported method to be followed henceforth via the below EHLO Blog post.


Why Is This a Benefit?

Previously, if you could not recover both the user and the mailbox, you would have to perform an unsupported process of hard-deleting a mailbox. This process was unreliable and sometimes caused a ripple effect on other services such as SharePoint and Lync. If the process failed, you were left with very limited options, and ultimately had to call support.

Below are the steps stated in the article for recovery

What Do I Need To Do To Take Advantage of This New Option?

All you need to do is create a new user with a mailbox and merge the data. The way you create the user with a new mailbox will depend on if you use DirSync or the Microsoft Online Portal to create users.

1. Create the user and Mailbox.

Using DirSync:

Create the user and remote mailbox from the on-premises Exchange management tools.
Force a directory synchronization.

Not Using DirSync:

Log into

Create and license the user.

2. Run the cmdlet to merge the accounts. This is done from PowerShell connected to Exchange Online.

A) Connect PowerShell to Exchange Online. To do this, see

B) Run the following Command and retrieve the GUID for the soft-deleted mailbox that you want to restore: Get-Mailbox -SoftDeletedMailbox

C) Run a cmdlet similar to the following to restore the mailbox: New-MailboxRestoreRequest -SourceMailbox <GUID from Step 2B> -TargetMailbox <GUID from Step 1>

NOTE 1:  If the mailbox source and/or target is an archive, use the following switches (-SourceIsArchive and/or -TargetIsArchive)

NOTE 2: The value in Step 2C calls for the account GUIDs, but they can take other values such as an SMTP address or a UPN. The reason we recommend using GUIDs is to reduce the chances that there will be any confusion or conflict between the source and destination.

Access the complete post here to know more: A better way to recover a mailbox


Microsoft team recently published a new guidance article on this topic below,

Common mailbox recovery scenarios for hybrid environments


Microsoft Exchange Online Team recently announced the availability of new Mailbox Recovery Troubleshooter that would guide you to the best possible Recovery option , when restoring a deleted user mailbox in EXO.

Access the Troubleshooter here:

Official Blog post here: Introducing the Mailbox Recovery Troubleshooter


Access the latest Blog posts on this topic in an Exchange Hybrid environment.

Recover soft-deleted mailboxes in an Exchange Hybrid scenario

How to restore an inactive mailbox for a federated user in an Exchange Hybrid deployment

As an add-on read review the detailed guidance from Microsoft to know how to remove a former employee from Office 365

Stay tuned for latest updates...

Microsoft Cloud Briefing On demand Webcast

Microsoft is now making a great revolution in the field of Cloud Computing and to add to this, yesterday at an event in San Francisco, Microsoft CEO Satya Nadella explained how Microsoft is using their Cloud based Services like Microsoft Azure, Office 365 and Microsoft Dynamics and providing Industry's  Complete Cloud solution for every business, every industry and every geography.

Microsoft announced several enhancements to its hyper-scale, enterprise-grade, hybrid cloud platform, including the new Azure G-series of virtual machines and Premium Storage; the general availability of the Microsoft Cloud Platform System, powered by Dell; partnerships with Cloudera Inc. and CoreOS; and a new Azure Marketplace.

Review this Official News Center Source blog post to know more : Microsoft delivers the industry’s complete cloud

This great event is now available as an On demand Webcast, Spend some time to watch this to know how Microsoft is planning to re-architect the current IT by taking full advantage of their Cloud Computing.

Watch here: On-demand webcast: Microsoft Cloud Briefing

Monday, October 20, 2014

Exchange Online Mailbox Usage Report

Analyzing Mailbox Usage in an Exchange On premises / Exchange Online Environment is quite vital to know the amount of Mailbox usage of each user inside the Organization.  

To generate the Usage report we rely on two important Exchange Cmd lets Get-Mailbox and Get-MailboxStatistics both contain different data and when combined together provides us the complete Mailbox Usage report where we have the current Mailbox usage and the set Quota on the mailbox comparing both give us the actual usage statistics.

I have written a PowerShell Script that gets this report generated, it can be used for both Exchange Onpremises and Exchange Online and once the task is done it sends the report in an E-mail to the Administrator.  This report can be scheduled to run weekly to identify the Mailbox Usage inside the environment.

This report also includes Mailbox last logon date to identify whether the mailbox is a stale mailbox or not. This report provides us the best method to identify users above the mailbox size limit and assist to perform clean-up inside the environment for effective mailbox management.

Download the script from Script Center here: Exchange Online Mailbox Usage Report

Lync Online client devices report now Available

Microsoft team recently released the new Lync Online client devices report to know what type of client devices used to connect to Lync Online Service. Per the Official Announcement the metrics in this report are available through PowerShell Cmdlet: Get-CsClientDeviceReport, RESTFul WebService API: CsClientDeviceMonthly as well as a graphical report in Office 365 admin center for client devices.

Review the Official Announcement here : Announcing the Lync Online client devices report

Already we have Lync Online Usage report available which assists us in tracking the usage in our environment at ease.

Review my earlier blog post here :  New Lync Usage Reports - O365

Now this new devices report is a great add-on to the Lync Online reporting.

Add-on Read:

*Along with this we do have Usage Reports available for the type of Browsers and Operating System used to connect to Office 365 in the Admin Center and we need to utilize the scripts provided in the MSDN article to obtain the report generated for an extended period of time.

Review this Office Blog post to know more on this : Simpler configuration and monitoring for Office 365 admins

Review the MSDN article here:  View browser or operating system usage reports for Office 365

*Also review View and download reports about service usage in Office 365

Wednesday, October 15, 2014

Are you Planning for SharePoint 2013 ?

SharePoint Server 2013 adoption is increasing day by day and Organizations using Legacy version of SharePoint platforms are migrating to 2013 and some are making the move to SharePoint Online both fully hosted and Hybrid model. If you are one among these Organizations planning for the SharePoint Server 2013 adoption then you need to first review the below excellent TechNet article available with all vital resources under a single window making your Learning much easier and provides you adequate resources to design and build a successful SharePoint 2013 Environment.

Access here: Plan for SharePoint 2013

I am writing this whereto post to point you to this vital resource to begin your design and deployment journey with SharePoint Server 2013.

Increasing Mailbox Deleted Items Retention in Exchange Online

Exchange Online has a default deleted items retention period for 14 days where the items are preserved in the dumpster and available for recovery, We may come across a business requirement where we need to increase this limit.

If this is an On premises Exchange Environment we can configure this value at Mailbox Database level Org wide and set all the users to UseDatabaseRetentionDefaults  when it comes to Exchange Online this is not possible and to address this requirement Microsoft has provided us a possible way to increase the retention period from 14 days to 30 days and higher than this is not possible by design.

To know more on this refer the below Microsoft knowledge Base article

Earlier this article was not updated to include the -UseDatabaseRetentionDefaults $False switch, When I worked on this requirement for my environment where few of my users were not set with the new retention limit though the new retention limit shell executed without errors for these users. Post working with Microsoft support team we were able to identify the above value is set to True on the affected users and caused this trouble which is quite unexpected and later used this switch to resolve the issue and successfully applied the new retention limit.

Utilize this below PowerShell script to get this set for all your users in Exchange Online and since this value is set by default when a new user is provisioned for Exchange Online you can utilize the other script to set a scheduled task that checks and sets this value everyday.

Script to set new retention limit

##Set new Retention Limit
$mailboxes = Get-Mailbox -Resultsize Unlimited | select Alias 
#Loop through each mailbox 
foreach ($mailbox in $mailboxes) { 
Set-Mailbox  -Identity $mailbox.Alias -SingleItemRecoveryEnabled $True -RetainDeletedItemsFor 30 -UseDatabaseRetentionDefaults $False

Script to Schedule to set New retention limit periodically

##Set new Retention Limit
$mailboxes = Get-Mailbox | where{$_.RetainDeletedItemsFor -eq 14} | select Alias 
#Loop through each mailbox 
foreach ($mailbox in $mailboxes) { 
Set-Mailbox  -Identity $mailbox.Alias -SingleItemRecoveryEnabled $True -RetainDeletedItemsFor 30 -UseDatabaseRetentionDefaults $False

I was happy to see this article updated to include this new switch as I suggested which makes things work well as desired and wanted to share this post so that you can utilize this updated article when you have a similar requirement in your environment in the mere future


Microsoft team did a recent enhancement to Exchange Online by extending the retention period of deleted items.

Review the Official blog post here : Extended email retention for deleted items in Office 365

Working with Lync Online Conferencing Policy

Conferencing Policies are not a new topic for Lync Administrators and I am writing this post today with reference to my recent experience with Lync Online which is quite different than On premises and share few updates that will assist you when you come across such similar requirement in mere future.

When it comes to On premises Lync Environment you have major control on everything and you can mold the configuration according to you needs, customize polices that suites your business requirement and perform updates on the fly as needed over time. But when it comes to Lync Online you have limited control on this behavior and need to align your requirement with what is available rather than what is required in most of the scenarios in comparison with On premises.

Lets get in to our topic, Lync Conferencing policies play a vital role on an individual Lync access deciding what the user can do with his Lync access during an Online meeting and provides you a flexible way of managing required access granted to a set of users as desired. To know more on this, begin by reading the below TechNet post.

Conferencing policies in Lync Server 2013

Now lets begin our discussion, I have a business requirement where I am planning to disable App\Desktop Sharing feature in the Lync client for all my Users expect few VIP users hosted with Lync Online as a part of Office 365 Enterprise plan.

Performing this is quite easy in a traditional Lync On premises environment where I can create a customized Conferencing policy and apply this to respective users in the environment, refer the below Nexthop article explaining this in detail.

An In-Depth Guide to Conferencing Policy Settings

In the above article select the EnableAppDesktopSharing topic to know more on the desired configuration for my requirement.

When it comes to Lync Online we wont be able to make such changes as with Lync On premises environment. We cannot create any customized Lync Conferencing policies nor we can edit the existing policies by design.

As updated in the below TechNet article we cannot create customized policies with Lync Online and we need to utilize the pre-created policies and decide which one suites our requirement and assign that to our users.

Using Windows PowerShell to Manage Lync Online

First we need to connect to Lync Online PowerShell to get this report generated and perform all our tasks, refer my earlier blog post below to know how to connect to Lync Online and the  available cmdlets for our usage.

Windows PowerShell Module for Lync Online Available now !

So in total we have 224 different conferencing policies available with Lync Online and not all of these policies can be applied to a user and we need to use the "–ApplicableTo" parameter specifying the username to find out the policies that can be applied to the user as shown below

We can very well export the policies to a text file and then we need to do some manual Excel work to sort the report generated and do some digging over each options to decide the one that suites our requirement.

In our scenario, I want the EnableAppDesktopSharing to be None which disables the App/Desktop sharing and out of the list I selected the BposSIMPOnlyNoRec as the best candidate which suites my requirement. By default with Lync Online when a new user is provisioned for Lync the default Conferencing policy applied will be "BposSAllModality" which makes this App/Desktop sharing possible as the parameter is set to Desktop instead of None.

Its not possible for us to change the default policy assignment when the account is provisioned, instead we have access to modify this Conferencing policy assignment from one to another using Grant-CsConferencingPolicy cmd let.

So with the above steps we were able to change the Policy as desired for a single user, As I said earlier I am planning to do this for my entire Organization excluding few VIP users.  I wrote a small PowerShell script that will get this done and did a small tweak performed before executing the script.

First I will update the Conferencing Policy of all the VIP users to something Other than "BposSAllModality" policy that contains similar configuration equivalent to this policy without causing any impact to their experience,  for which I am utilizing  policy BposSAllModalityMinVideoBW and performed the change successfully, Next I will execute the script.


Get-CsOnlineUser | Where-Object {($_.ConferencingPolicy -ne "BposSIMPOnlyNoRec") -and ($_.ConferencingPolicy -ne "BposSAllModalityMinVideoBW")} | Select-Object UserPrincipalName | ForEach-Object{Grant-CsConferencingPolicy -PolicyName Tag:BposSIMPOnlyNoRec -Identity $_.UserPrincipalName}

Once this script is executed, this will modify all the users assigned with the default policy excluding the VIP users set with the other Policy and also skip users who are already assigned with this new policy and apply it to the rest of the users in the tenant. This completes my current requirement. You can safely ignore the warning it triggers during the execution.

Below screenshots shows the difference once the new policy is assigned to the user.

Also I want this task to be repetitive as users are provisioned for Lync Online everyday and by design we cannot change the default conferencing policy assignment while provisioning as discussed earlier, to achieve this I will schedule this script to run as a Scheduled task everyday and complete my requirement.

A monthly report can be generated to validate the Conferencing policy assignment status to confirm how things are working and take action if any discrepancy found on time.

Hope this article is helpful for readers to know the limitations in Lync Online with regard to Conferencing policies and provides step by step instructions to change the policy as desired.

Friday, October 10, 2014

New MVA Course - Using PowerShell for Active Directory

Automation is now everywhere and most of the tasks are now getting automated which saves time and cost, Thanks to Windows Powershell which makes all these possible with respect to our Windows Environment and related technologies in day to day life.

Its now time for us to know some deep dive stuff on managing Active Directory using PowerShell through the new upcoming Microsoft Virtual Academy course scheduled this month 29 Oct 2014 8:00am–12:00pm PDT, presented by our renowned experts Ashley McGlone MSFT and Jason Helmick MVP. Get ready to know more on managing your Active Directory through Powershell  and clear all your queries through the Q&A session on this live event.

Register here:  Using PowerShell for Active Directory

Wednesday, October 01, 2014

Windows 10 is Coming...

Microsoft team is all set to release the next version of Windows product to the market next year 2015, this time there were so much rumors existed on how Microsoft is going to name the product, whether it will be named as Windows 9 following its predecessor Windows 8 or will the name be changed to something that will reflect Microsoft new device strategy and to break this all yesterday they announced the next Windows version will be called as Windows 10.

Many Technical experts and consumers started to comment on this new name choice as Microsoft skipped version 9 and moved straight to 10. Today Oct 1st 2014 Microsoft team is releasing the Technical preview of the product and you can register yourself  through Windows Insider program for experiencing the product. By mid-late of 2015 we can expect the product to reach its General Availability and this time I believe the GA announcement will be a huge event than ever.

More new exiting features will be made available with Windows 10 and one good thing is they are bringing back the Start Menu, review the below Official Announcement post to know more.

Review here: Announcing Windows 10

Download the below Windows Technical Preview Quick Guide to know more.

Download here: Windows Technical Preview Quick Guide

Review the below excellent blog post from Paul Thurrott as an add-on read.

Complete Guide to the Windows Technical Preview  


Microsoft team on January 21, 2015 released the most awaited Technical Preview of Windows 10 with some new Exciting features with real time demo, more is yet to come in the future days before the product reaches GA.

Review the below post to know more: The next generation of Windows: Windows 10

Follow @windowsblog for current updates...