Office 365

由 datahunter 在五, 15/04/2022 - 00:07 發表

最後更新: 2024-08-27

DNS Record

查看要 set 的 DNS record (MX & autodiscover(CNAME))

admin center (https://admin.microsoft.com/)

select "Show all" > Settings > Domains

Click YOUR_DOMAIN > DNS records > Manage DNS

SPF Record: include:spf.protection.outlook.com

Disable MFA

Azure Active Directory (https://aad.portal.azure.com/)

In the Azure Active Directory admin center choose Azure Active Directory > Properties.

At the bottom of the page, choose Manage Security defaults.

Choose Yes to enable security defaults or No to disable security defaults, and then choose Save.

Useful Link

Admin

User

https://outlook.live.com/

IMAP & SMTP

IMAP(Incoming)

Server: outlook.office365.com
Port: 993
Encryption: SSL/TLS

SMTP(Outgoing)

Server: smtp.office365.com
Port: 587
Encryption: STARTTLS

ExchangeOnline PowerShell

Install

Install-Module ExchangeOnlineManagement

調用 Module

Import-Module ExchangeOnlineManagement

Get-Module

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.0.5      ExchangeOnlineManagement            {Get-EXOCasMailbox, Get-EXOMailbox, Get-EXOMailboxFolderPe...
...

Connect-ExchangeOnline # 有個 window 彈出來問 Login

Usage

Get-Mailbox -Identity admin | Format-List

Get-mailbox | get-mailboxstatistics | select displayname,ItemCount,totalitemsize | sort ItemCount -Descending

Enable Exchange Online SMTP

[1]

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled

[2]

Set-CASMailbox -Identity <MailboxIdentity> -SmtpClientAuthenticationDisabled $false

Get-CASMailbox -Identity <MailboxIdentity> | Format-List SmtpClientAuthenticationDisabled

Office deployment tool (ODT)

O365 Verson

https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date

ODT Doc

https://github.com/MicrosoftDocs/OfficeDocs-DeployOffice/blob/live/DeployOffice/office-deployment-tool-configuration-options.md

Usage

setup.exe /download win7.xml

setup.exe /configure win7.xml

win7.xml

<Configuration>
  <Add SourcePath="C:\ODT"
      OfficeClientEdition="64"
      Channel="SemiAnnual"
      Version="16.0.12527.22021" >
    <Product ID="O365BusinessRetail">
      <Language ID="en-us" />
      <Language ID="zh-hk" />
    </Product>
  </Add>
  <Updates Enabled="FALSE" />
  <Display Level="None" AcceptEULA="TRUE" />
  <Logging Level="Standard" Path="C:\ODT" />
</Configuration>

說明

[1]

Win7 要安 ODT Version 16.0.12624.20320 (setup.exe version 16.0.12624.20290)

Adds support for Windows 7-specific end of life Office versions

[2]

<Updates Enabled="FALSE" />

安裝時不檢查更新

Version="16.0.12527.22021"

Version 2002 最後的一個支援版本 (Win7 可安裝它(Office 2016))

<Display Level="None" AcceptEULA="TRUE" />

When installing Office, no user interface is displayed. (只見一個 Dos 框)

[3]

# Win7 成功安裝 O365 的 ODT 版本

officedeploymenttool_12827-XXXXX

Link

O365 Office Version

O365ProPlusRetail # "Microsoft 365 Apps for enterprise"

O365BusinessRetail # "Microsoft 365 Apps for business" Plan (Microsoft 365 Business Standard HK$97@2022)

O365BusinessRetail Price

https://www.microsoft.com/en-WW/microsoft-365/business/compare-all-microsoft-365-business-products?market=hk

License

remove license from a user

When you remove the license, all that user's data is held for 30 days.

After 30 days, all the user's data (except for documents stored on SharePoint Online)
is deleted permanently from Office 365 and can't be recovered.

shared mailbox

When you convert a user's mailbox to a shared mailbox, all of the existing email and calendar is retained.
Only now it's in a shared mailbox where several people will be able to access it instead of one person.
At a later date, you can convert a shared mailbox back to a user (private) mailbox.

* The user mailbox you're converting needs a license assigned to it before you convert it to a shared mailbox.

Otherwise, you won't see the option to convert the mailbox.

https://admin.exchange.microsoft.com/

Recipients > Mailboxes >

Select the user mailbox or a shared mailbox that you want to convert

From the More actions pane, click Convert to regular mailbox or Convert to shared mailbox.

PowerShell

# DisplayName 係 GUI 內顯示的名

New-Mailbox -Shared -Name "AccountTeam1" -DisplayName "Account Team 1" -Alias "AccountTeam" -PrimarySmtpAddress Account@DOMAIN

-Name

The Name parameter specifies the unique name of the mailbox.

-DisplayName

The display name is visible in the Exchange admin center, in address lists, and in Outlook.

If you don't use the DisplayName parameter, the value of the Name parameter is used for the display name.

-Alias

also known as the mail nickname for the recipient

A recipient can have only one Alias value

# Checking

Get-Mailbox -RecipientTypeDetails SharedMailbox

Sync Issue

imapsync log

Err 4/4: - msg INBOX/32470 {42194056} could not append
  ( Subject:[...], Date:["16-Mar-2021 18:04:27 +0800"], Size:[42194056], Flags:[\Answered \Seen] )
  to folder INBOX: Error sending 'APPEND INBOX (\Answered \Seen) "16-Mar-2021 18:04:27 +0800" {42194056}':
  128 NO Maximum size of appendable message has been exceeded

Provider limit

Gmail message size limit is 35 MB.
O365 message size limit is 45 MB by default (Max: 150MB)

CLI

Set-mailbox -Identity "[email protected]" -MaxReceiveSize 150mb -MaxSendSize 150mb

GUI

Step 1. Open Exchange Admin
Step 2. Open the Recipients Mailbox Properties
Step 3. Change the Message Size Limit
Step 4. Change the Maximum Message Size

O365 Bulk Import of Whitelist

* Messages that are identified as malware or high confidence phishing are always quarantined,
regardless of the safe sender list option that you use.

1. 建立 Whitelist - Whitelist_Sender

Exchange admin center -> Mail flow -> Rules > "+Add a rule" > "Bypass spam filtering"

Name: Whitelist_Sender
Action 預設好了(spam confidence level (SCL) = -1)
[要加入的設定]
加入 "The sender..." > "is this person" > "Check names" (相當於新加)

P.S.

Stop processing more rules

=> Subsequent rules will be ignored

i.e.

move all messages from your manager into a folder

Mail Header

When a message skips spam filtering due to X ,
就會加入 "X-Forefront-Antispam-Report" header

Mail flow rule: SFV:SKN
IP Allow List: IPV:CAL

2. Bulk Import

# 一行一Email
$emails = "C:\tmp\emails.txt"

$temp=""
foreach ($content in (get-content $emails)){
    $temp+="'" + $content + "'" + ","
}

# 對應建立一個 Whitelist 時的 Name
set-transportrule -Identity Whitelist_Sender -From $temp

P.S.

cat tmp.txt | grep @ | sort -u > emails.txt

cat tmp.txt | grep -v @ | sort -u > domains.txt

Checking

Get-TransportRule

Name             State   Mode    Priority Comments
----             -----   ----    -------- --------
Whitelist_Sender Enabled Enforce 0        ...

Get-TransportRule -Identity Whitelist_Sender | Select-Object "From"

From: {a@A, b@b, c@C}

Whitelist with dmarc

Configure the following settings:

Mail flow rule condition: A message header > includes any of these words >

Header name: Authentication-Results > Header value: dmarc=pass or dmarc=bestguesspass.

DMARC uses the following syntax:

dmarc=<pass|fail|bestguesspass|none>

If an email is received that is not authenticated with either SPF or DKIM,

the "dmarc=" results show none just as it always had.

DMARC=BestGuessPass will appear if the message is authenticated and

the matching authenticated domain does not have a DMARC record.

Mail Header(EML)

Authentication-Results: spf=temperror (sender IP is S.S.S.S)
 smtp.mailfrom=datahunter.org; dkim=none (message not signed)
 header.d=none;dmarc=temperror action=none
 header.from=datahunter.org;compauth=pass reason=105

Setup DKIM on Domain

https://security.microsoft.com/dkimv2

Microsoft Defender portal > Policies & rules > Threat policies > Email authentication settings

Click YOUR_DOMAIN

Click "Create DKIM keys"

過程會建立 2 組 DKIM Keys, 要 Verify DNS Setup 好後才可套用

selector1._domainkey
selector2._domainkey

Distribution groups & Shared mailboxes

Distribution groups

For sending email notifications to a group of people.

Create a distribution group (list)

Select the app launcher icon and choose Admin.

Team&groups > Active teams & groups

應用: forward email to multiple users

Shared mailboxes

Shared mailboxes are used when multiple people need access to the same mailbox, such as a company information or support email address, reception desk, or other function that might be shared by multiple people.

Shared mailboxes can receive external emails if the administrator has enabled this.

Shared mailboxes include a calendar that can be used for collaboration.

Users with permissions to the group mailbox can send as or send on behalf of the mailbox email address,

if the administrator has given that user permissions to do that.

This is especially useful for help and support mailboxes because users can send emails from "Contoso Support" or "Building A Reception Desk."

It's not possible to migrate a shared mailbox to a Microsoft 365 Group.

Send As & Send on behalf

Send on behalf of permissions

With Send on Behalf permissions, a user may send emails that are marked as, "on behalf of" another user.

This is not the same as Send As permissions, which allow emails to be sent as if they actually came from another user.

Other delegate access permissions that can be granted to a user include the permission to open and manage another user's calendar and email.

OrganizationCustomization

CLI: Enable-OrganizationCustomization

In the Microsoft datacenters, certain objects are consolidated to save space.

you may encounter an error message that tells you to run the Enable-OrganizationCustomization cmdlet.

Note that you are only required to run the Enable-OrganizationCustomization cmdlet once in your Exchange Online organization.

If you attempt to run the cmdlet again, you'll get an error.

Troubleshoot

ie. cannot-set-up-profile-autodiscover

Method 1: Run Microsoft 365 Support and Recovery Assistant
(https://aka.ms/SaRA-OutlookSetupProfile)

Method 2: Upgrade to the latest version of Outlook

Method 3: Make sure that the Autodiscover CNAME record is set up correctly
(https://testconnectivity.microsoft.com/tests/O365Ola/input)

收費

Microsoft 365 Business Basic # 沒有桌面 App (Word, Excel ...)

Microsoft 365 Business Standard # Annual subscription, HKD$97@202210

Microsoft 365 Business Standard (Month to Month) # 一個月合約 HKD$116@202210

Microsoft 365 Apps for business # 沒有 Mailbox(Exchange 365)

O365 conflict folder feature

The "Conflicts" folder is created when Outlook encounters synchronization issues with the Exchange server.

The items in this folder are duplicates or conflicts that need to be resolved.

Once you have resolved the conflicts, you can safely delete the items in the "Conflicts" folder to save space.

When a conflict is detected, Office 365 creates a copy of the file in a special folder called the Conflict folder.

This copy includes the conflicting changes made by the users.

OneDrive

How to Transfer OneDrive Files to Another Employee

* If you delete the user's account, you have 30 days by default to access the former user's OneDrive data.
(可以修改 retention time 成 30 ~ 3650)

1) Download And Upload Approach

在 OneDrive Client

Right-click the OneDrive icon on the right side of the taskbar (cloud icon)

> Settings > Sync and Backup > Manage Backup > Advanced settings > Download all files.

This will ensure all your OneDrive files are stored locally.

2) Copy To

在 Source A/C 建立 "link to files"

Share the entire OneDrive folder from the first account with the second account,
then log in to the second account, open the shared folder, and select "Add to my OneDrive."

This will copy the files to the second account without downloading them locally.

Admin Center > Users > Active users > YOUR_USER > OneDrive tab

> Create the link to files.

1. Repeat above steps to create the link to files

2. Select files and folders and click "Copy To" in the upper panel.

* You can move or copy up to 500 MB of files and folders at a time.
* When you move or copy documents that have version history, only the latest version is moved.

瀏覽次數： 1417

夢想家