Configuration

Office 365 Groups and Anonymous External Senders

I have created a more detailed example of how to do this here: https://www.undocumented-features.com/2018/09/14/fixing-office-365-anonymous-group-write-back-and-external-delivery/

Office 365 Groups are glorious creations.  There are, however, some instances where they don’t work as you anticipate (or hope). One of those scenarios is when you are configured in hybrid coexistence with the following scenario:

  • Office 365 Group Writeback is enabled (for configuring permissions, see this script)
  • RequireSenderAuthenticationEnabled is set to False for an Office 365 group
  • Your organization’s MX record is configured to point on-premises

In this scenario, external emails sent to Office 365 groups (via your organization’s MX record pointing on-premises) will be returned with one of our favorite NDRs:

“You do not have permission to send to this recipient.”

This happens because the RequireSenderAuthentication attribute (which maps to msExchRequireAuthToSendTo) written to the synced group object is set to the constant True inside of AAD Connect (as shown in the rule “Out to AD – Group SOAInAAD”):

Which translates to this on written-back group objects:

In order to fix this, you need to either update the rule (Edit | Disable and Make a Copy) or update the msExchRequireAuthToSendTo attribute on the synced group objects if you are keeping your MX pointed on-premises, or update the MX to point to Office 365.… [ Continue reading ]

Information

Office 365 Administration Inside Out

Hey! It’s finally here! After months of hard work (almost a year from when we started until a copy at my doorstep), we’ve finally made it to the finish line!  Also, pay no mind to my poor cuticles!

You can read the press release here: https://blogs.msdn.microsoft.com/microsoft_press/2017/11/27/new-book-microsoft-office-365-administration-inside-out-includes-current-book-service-2nd-edition

Or jump straight to Amazon and order it: http://aka.ms/o365adminio

While you’re at it, be sure to check out the blogs of the other authors, filled with all sorts of goodies:

Darryl Kegg, https://aka.ms/dkeggblog

Lou Mandich, http://blogs.technet.com/b/loum/

Ed Fisher, https://blogs.technet.microsoft.com/edfisher/[ Continue reading ]

Configuration

Disable Skype SKUs across all users

This week, I was presented with a question from a partner who was in the middle of the Skype for Business portion of a larger merger and acquisition migration project. The customer had enabled the Skype for Business license for all users in the tenant (including users who hadn’t migrated for other domains and forests), and since neither the hybrid configuration nor DNS were complete, messages and calls were undeliverable. … [ Continue reading ]