![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
DNS Record
查看要 set 的 DNS record (MX & autodiscover(CNAME))
admin center (https://admin.microsoft.com/)
select "Show all" > Settings > Domains
Click YOUR_DOMAIN > DNS records > Manage DNS
SPF Record: include:spf.protection.outlook.com
Disable MFA
Azure Active Directory (https://aad.portal.azure.com/)
In the Azure Active Directory admin center choose Azure Active Directory > Properties.
At the bottom of the page, choose Manage Security defaults.
Choose Yes to enable security defaults or No to disable security defaults, and then choose Save.
Useful Link
Admin
- https://www.office.com/
- https://aad.portal.azure.com/
- https://admin.microsoft.com/
- https://admin.exchange.microsoft.com/
User
IMAP & SMTP
IMAP(Incoming)
Server: outlook.office365.com
Port: 993
Encryption: SSL/TLS
SMTP(Outgoing)
Server: smtp.office365.com
Port: 587
Encryption: STARTTLS
ExchangeOnline PowerShell
Install
Install-Module ExchangeOnlineManagement
調用 Module
Import-Module ExchangeOnlineManagement
Get-Module
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 2.0.5 ExchangeOnlineManagement {Get-EXOCasMailbox, Get-EXOMailbox, Get-EXOMailboxFolderPe...
...
Login
Connect-ExchangeOnline # 有個 window 彈出來問 Login
Usage
Get-Mailbox -Identity admin | Format-List
Get-mailbox | get-mailboxstatistics | select displayname,ItemCount,totalitemsize | sort ItemCount -Descending
Enable Exchange Online SMTP
[1]
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
[2]
Set-CASMailbox -Identity <MailboxIdentity> -SmtpClientAuthenticationDisabled $false
Get-CASMailbox -Identity <MailboxIdentity> | Format-List SmtpClientAuthenticationDisabled
Office deployment tool (ODT)
O365 Verson
https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date
ODT Doc
https://github.com/MicrosoftDocs/OfficeDocs-DeployOffice/blob/live/DeployOffice/office-deployment-tool-configuration-options.md
Usage
setup.exe /download win7.xml
setup.exe /configure win7.xml
win7.xml
<Configuration>
<Add SourcePath="C:\ODT"
OfficeClientEdition="64"
Channel="SemiAnnual"
Version="16.0.12527.22021" >
<Product ID="O365BusinessRetail">
<Language ID="en-us" />
<Language ID="zh-hk" />
</Product>
</Add>
<Updates Enabled="FALSE" />
<Display Level="None" AcceptEULA="TRUE" />
<Logging Level="Standard" Path="C:\ODT" />
</Configuration>說明
[1]
Win7 要安 ODT Version 16.0.12624.20320 (setup.exe version 16.0.12624.20290)
Adds support for Windows 7-specific end of life Office versions
[2]
<Updates Enabled="FALSE" />
安裝時不檢查更新
Version="16.0.12527.22021"
Version 2002 最後的一個支援版本 (Win7 可安裝它(Office 2016))
<Display Level="None" AcceptEULA="TRUE" />
When installing Office, no user interface is displayed. (只見一個 Dos 框)
[3]
# Win7 成功安裝 O365 的 ODT 版本
officedeploymenttool_12827-XXXXX
O365 Office Version
O365ProPlusRetail # "Microsoft 365 Apps for enterprise"
O365BusinessRetail # "Microsoft 365 Apps for business" Plan (Microsoft 365 Business Standard HK$97@2022)
O365BusinessRetail Price
https://www.microsoft.com/en-WW/microsoft-365/business/compare-all-microsoft-365-business-products?market=hk
License
remove license from a user
When you remove the license, all that user's data is held for 30 days.
After 30 days, all the user's data (except for documents stored on SharePoint Online)
is deleted permanently from Office 365 and can't be recovered.
shared mailbox
When you convert a user's mailbox to a shared mailbox, all of the existing email and calendar is retained.
Only now it's in a shared mailbox where several people will be able to access it instead of one person.
At a later date, you can convert a shared mailbox back to a user (private) mailbox.
* The user mailbox you're converting needs a license assigned to it before you convert it to a shared mailbox.
Otherwise, you won't see the option to convert the mailbox.
https://admin.exchange.microsoft.com/
Recipients > Mailboxes >
Select the user mailbox or a shared mailbox that you want to convert
From the More actions pane, click Convert to regular mailbox or Convert to shared mailbox.
PowerShell
# DisplayName 係 GUI 內顯示的名
New-Mailbox -Shared -Name "AccountTeam1" -DisplayName "Account Team 1" -Alias "AccountTeam" -PrimarySmtpAddress Account@DOMAIN
-Name
The Name parameter specifies the unique name of the mailbox.
-DisplayName
The display name is visible in the Exchange admin center, in address lists, and in Outlook.
If you don't use the DisplayName parameter, the value of the Name parameter is used for the display name.
-Alias
also known as the mail nickname for the recipient
A recipient can have only one Alias value
# Checking
Get-Mailbox -RecipientTypeDetails SharedMailbox
Sync Issue
imapsync log
Err 4/4: - msg INBOX/32470 {42194056} could not append
( Subject:[...], Date:["16-Mar-2021 18:04:27 +0800"], Size:[42194056], Flags:[\Answered \Seen] )
to folder INBOX: Error sending 'APPEND INBOX (\Answered \Seen) "16-Mar-2021 18:04:27 +0800" {42194056}':
128 NO Maximum size of appendable message has been exceededProvider limit
- Gmail message size limit is 35 MB.
- O365 message size limit is 45 MB by default (Max: 150MB)
CLI
Set-mailbox -Identity "[email protected]" -MaxReceiveSize 150mb -MaxSendSize 150mb
GUI
- Step 1. Open Exchange Admin
- Step 2. Open the Recipients Mailbox Properties
- Step 3. Change the Message Size Limit
- Step 4. Change the Maximum Message Size
O365 Bulk Import of Whitelist
* Messages that are identified as malware or high confidence phishing are always quarantined,
regardless of the safe sender list option that you use.
1. 建立 Whitelist - Whitelist_Sender
Exchange admin center -> Mail flow -> Rules > "+Add a rule" > "Bypass spam filtering"
- Name: Whitelist_Sender
-
Action 預設好了(spam confidence level (SCL) = -1)
[要加入的設定] - 加入 "The sender..." > "is this person" > "Check names" (相當於新加)
P.S.
Stop processing more rules
=> Subsequent rules will be ignored
i.e.
move all messages from your manager into a folder
Mail Header
When a message skips spam filtering due to X ,
就會加入 "X-Forefront-Antispam-Report" header
- Mail flow rule: SFV:SKN
- IP Allow List: IPV:CAL
2. Bulk Import
# 一行一Email
$emails = "C:\tmp\emails.txt"
$temp=""
foreach ($content in (get-content $emails)){
$temp+="'" + $content + "'" + ","
}
# 對應建立一個 Whitelist 時的 Name
set-transportrule -Identity Whitelist_Sender -From $tempP.S.
cat tmp.txt | grep @ | sort -u > emails.txt
cat tmp.txt | grep -v @ | sort -u > domains.txt
Checking
Get-TransportRule
Name State Mode Priority Comments ---- ----- ---- -------- -------- Whitelist_Sender Enabled Enforce 0 ...
Get-TransportRule -Identity Whitelist_Sender | Select-Object "From"
From: {a@A, b@b, c@C}
Whitelist with dmarc
Configure the following settings:
Mail flow rule condition: A message header > includes any of these words >
Header name: Authentication-Results > Header value: dmarc=pass or dmarc=bestguesspass.
DMARC uses the following syntax:
dmarc=<pass|fail|bestguesspass|none>
If an email is received that is not authenticated with either SPF or DKIM,
the "dmarc=" results show none just as it always had.
DMARC=BestGuessPass will appear if the message is authenticated and
the matching authenticated domain does not have a DMARC record.
Mail Header(EML)
Authentication-Results: spf=temperror (sender IP is S.S.S.S) smtp.mailfrom=datahunter.org; dkim=none (message not signed) header.d=none;dmarc=temperror action=none header.from=datahunter.org;compauth=pass reason=105
Setup DKIM on Domain
https://security.microsoft.com/dkimv2
Microsoft Defender portal > Policies & rules > Threat policies > Email authentication settings
Click YOUR_DOMAIN
Click "Create DKIM keys"
過程會建立 2 組 DKIM Keys, 要 Verify DNS Setup 好後才可套用
- selector1._domainkey
- selector2._domainkey
Distribution groups & Shared mailboxes
Distribution groups
For sending email notifications to a group of people.
Create a distribution group (list)
Select the app launcher icon and choose Admin.
Team&groups > Active teams & groups
應用: forward email to multiple users
Shared mailboxes
Shared mailboxes are used when multiple people need access to the same mailbox, such as a company information or support email address, reception desk, or other function that might be shared by multiple people.
Shared mailboxes can receive external emails if the administrator has enabled this.
Shared mailboxes include a calendar that can be used for collaboration.
Users with permissions to the group mailbox can send as or send on behalf of the mailbox email address,
if the administrator has given that user permissions to do that.
This is especially useful for help and support mailboxes because users can send emails from "Contoso Support" or "Building A Reception Desk."
It's not possible to migrate a shared mailbox to a Microsoft 365 Group.
Send As & Send on behalf
Send on behalf of permissions
With Send on Behalf permissions, a user may send emails that are marked as, "on behalf of" another user.
This is not the same as Send As permissions, which allow emails to be sent as if they actually came from another user.
Other delegate access permissions that can be granted to a user include the permission to open and manage another user's calendar and email.
OrganizationCustomization
CLI: Enable-OrganizationCustomization
In the Microsoft datacenters, certain objects are consolidated to save space.
you may encounter an error message that tells you to run the Enable-OrganizationCustomization cmdlet.
Note that you are only required to run the Enable-OrganizationCustomization cmdlet once in your Exchange Online organization.
If you attempt to run the cmdlet again, you'll get an error.
Troubleshoot
ie. cannot-set-up-profile-autodiscover
Method 1: Run Microsoft 365 Support and Recovery Assistant
(https://aka.ms/SaRA-OutlookSetupProfile)
Method 2: Upgrade to the latest version of Outlook
Method 3: Make sure that the Autodiscover CNAME record is set up correctly
(https://testconnectivity.microsoft.com/tests/O365Ola/input)
收費
Microsoft 365 Business Basic # 沒有桌面 App (Word, Excel ...)
Microsoft 365 Business Standard # Annual subscription, HKD$97@202210
Microsoft 365 Business Standard (Month to Month) # 一個月合約 HKD$116@202210
Microsoft 365 Apps for business # 沒有 Mailbox(Exchange 365)