You are interested in OneDrive and OneDrive for Business?
You want to know how you can integrate the OneDrive technology into your IT infrastructure securely? 

Here is the list of OneDrive related sessions at Microsoft Ignite 2017

Monday

• THR1022: Bring your sales team together: Office 365 Groups, Teams & Microsoft Dynamics 365 in the real world 
• THR2039: Explore the mobile options for OneDrive for Business and SharePoint files
• BRK2181: Accelerate productivity with search and discovery in SharePoint and Office 365 
• BRK3382: Securing, governing, and protecting your Office 365 investments
• POD2005: Todd Klindt's SharePoint Podcast

Tuesday

• POD2010: 2 Guys and SharePoint Ignite live stream
• POD1000: Microsoft Cloud Show - live episode
• THR2084: Figuring out Office 365 external sharing in 20 minutes
• BRK2229: Security you can trust, control you can count on with SharePoint and OneDrive
• BRK2310: Speed and scale: Accenture’s Windows 10 journey 
• POD2011: First Ring Daily 
• BRK1015: Office + Everyday AI 
• BRK2184: Accelerate your digital transformation with SharePoint and OneDrive 
• THR1066: Fostering a successful remote worker culture 
• THR1023: Can I get a side of OneDrive for Business with my SharePoint? 
• BRK1013: Collaboration in Microsoft Office Apps 
• THR2097: Developing a blueprint for your data in Microsoft Azure 
• BRK1053: Microsoft Office 365 adoption user group meetup 
• BRK2205: OneDrive - Past, Present, and Future 

Wednesday

• THR2093: Backup strategies for your Office 365 environment and Windows or Linux computers 
• BRK3050: Going from traditional to modern: Moving to cloud-first deployment and management models in schools 
• BRK3382R: Securing, governing, and protecting your Office 365 investments 
• BRK3361: Veeam for the Microsoft Cloud 
• BRK1065: Women in Technology community leaders 
• THR2061: Optimizing Microsoft OneDrive for the enterprise 
• THR3011: Upgrade your organization to the latest OneDrive sync client 
• THR3021: Why Microsoft is updating the new OneDrive sync engine in a different way 
• BRK2243: Understanding your collaboration options in Office 365 
• BRK4030: Learn how SharePoint Online safeguards your data in the cloud 
• THR2171: How to be productive with Microsoft Office 365 
• THR3026: Migrating home folders to OneDrive for Business 
• BRK3227: Office UI Fabric behind the scenes: Open source Design & Engineering in Office 
• BRK3224: Manage and secure Microsoft OneDrive web 
• THR2184: Empowering students for their future 
• THR1020: Tackling Adoption Like A Service With Office 365 
• BRK3039: Integrate OneDrive and SharePoint files 
• BRK2228: Migration to SharePoint and OneDrive in Office 365: Process and options 
• BRK3226: Create beautiful, fast, interactive pages in SharePoint: Deep dive with the product team 
• THR1038: Learn how to consolidate, manage, backup, and secure your cloud collaboration content 
• BRK3231: Deploy Microsoft OneDrive across users and devices: Deep dive with the product team
• THR2181: The impact of digital literacy on Office 365 user adoption 
• BRK3080: Build smarter apps with Office using the Microsoft Graph 

Thursday

• THR4002: Achieving upward mobility: Top 3 strategies for migrating data & workloads from data center to cloud 
• THR1035: Prevent costly data leaks from Microsoft Office 365 
• POD1007: Microsoft Cloud IT Pro Podcast 
• BRK3012: Secure access to Office 365 
• BRK2245: Enable external sharing and collaboration with OneDrive and SharePoint 
• BRK3244: OneDrive unplugged 
• BRK3237: Create and manage sharing and access policies for SharePoint 
• THR2065: Groups and Teams: Friend or foe? 
• BRK2374: Stop data exfiltration and advanced threats in Microsoft Office 365 and Azure 
• BRK2185: Build your personalized and social intranet with SharePoint 
• BRK2365: Service and Support for Microsoft Surface - Built for the Demands of Today’s Enterprise 
• BRK3236: Multi-Geo Capabilities in OneDrive and SharePoint Online 

Friday

• BRK2247: Learn from MVPs: Panel discussion on all things SharePoint and OneDrive 
• BRK3235: Manage SharePoint and OneDrive in Office 365: A field guide for administrators 
• BRK2384: What to use when in Office 365 meetup: Helping you find the answers to this never ending question 

See you at Microsoft Ignite!

The use of Microsoft Viva requires using a modern SharePoint site as a home site. 

The documentation for enabling Microsoft Viva describes how to set a new SharePoint Online Home Site, but lacks an important step.

You must swap the new home site and current home site, in addition to setting the SharePoint Online home site. The swap cmdlet archives the current home site. 

# Replace with the new home site URL
$NewHomeSiteUrl = 'https://varunagroup.sharepoint.com/sites/Varuna'

# Replace with current home site URL
$CurrentHomeSiteUrl = 'https://varunagroup.sharepoint.com/'

# Replace with an archive URL
$ArchiveUrl = 'https://varunagroup.sharepoint.com/sites/oldhomepage'

Invoke-SPOSiteSwap -SourceUrl $NewHomeSiteUrl -TargetUrl $CurrentHomeSiteUrl -ArchiveUrl $ArchiveUrl

Links

• Install Viva Connections today

Wouldn't it be nice if you could stay in Microsoft Teams even when working with your emails? Microsoft Teams is getting even more mature by providing an App for integrating Outlook into the Microsoft Teams client.

At least it seems that this is the case. or was it?

The Outlook App (Preview)

Last week a new App, still in preview, showed up in the Teams Admin Center (TAC) of some demo tenants. I filtered the list of available apps using Outlook as a search term.

When selecting the app, the details showed that the app was still in preview (v0.41).

As long as the app is enabled within Teams, you can add the app to a Teams Setup Policy and make it available for users.

Your users can then access the Outlook App using the Teams app bar.

You can simply click on Outlook in the app bar and, voilá, you have your Outlook inbox in Microsoft Teams. Due to the architecture of Microsoft Teams, you have access to your Outlook on the Web version of your inbox.

Links

• Learn more about Microsoft Teams 
• Teams App Setup Policy
• Learn more about today

Enjoy Microsoft Teams and Microsoft Outlook. - And remember today's date.

Learn - Connect - Explore

This year's Microsoft Ignite Conference takes place on November 4 - 8 at the Orange County Convention Center (OCCC), Orlando, Florida.

Choose from over 1,000 Breakout and Theater Sessions to learn about new technologies and methods, or talk directly to Microsoft professionals and MVPs about your technical challenges. Select the sessions and hands-on experiences that are most interesting for you based on the Microsoft Learning Paths to suit your job role.

You will find me directly in the Modern Workplace & Modern Life in the exhibition area. Just stop by to learn more about the possibilities of modern and secure collaboration using Microsoft Teams, Mobile Productivity, and more. 

Feel free to contact me via email to arrange an appointment at Ignite 2019: thomas@mcsmemail.de.

Links

• Microsoft Ignite 2019 Conference
• Session Catalogue
• Microsoft Learning Paths

See you in Orlando!

On May 11th, the SharePoint Saturday Cologne took place at the new Microsoft Office in Cologne. 

My session covered the migration of legacy public folders from Exchange Server 2010 to modern public folders hosted on-premises or Exchange Online. Additionally, I've talked about the pros and cons of a migration to Office 365 Groups and Microsoft Teams.

The slide deck is available on SlideShare.

• View and Download at Slideshare

Enjoy Exchange Server and do not forget about the end of support for Exchange Server 2010 on January 14th, 2010.

I was involved in a troubleshooting request for a hybrid mail flow issue. Before I take a closer look at the issue, let's talk about the hybrid setup.

Hybrid Setup

A managed service provider runs separated on-premises Exchange Organizations for various clients. Also, the service provider runs it's own Exchange Organization in a hybrid setup with Exchange Online (EXO) utilizing centralized mail flow. Let's name the managed service provider Varunagroup, using the primary domain varunagroup.de.

The on-premises IT-Infrastructure consists of the following email components:

• Centralized Third-Party Email Gateway Solution with two nodes
  TLS certificates in use
  • mx01.varunagroup.de
  • mx02.varunagroup.de
     
• Varunagroup on-premises Exchange Organisation
  • Hybrid setup with Exchange Online
  • Hybrid mail flow using Edge Transport Servers
    TLS certificate in use
    • smtpo365.varunagroup.de
  • Centralized mail flow with EXO inbound connector configured by HCW 
  • Tenant name: varunagroup.onmicrosoft.com
  • Internet Send Connector with address space '*' uses the centralized Third-Party gateways as smart hosts
     
•  Multiple separated on-premises Exchange Organization hosted for SPLA-clients
  • Internet Send Connector with address space '*' uses the centralized Third-Party gateways as smart hosts

The following diagram illustrates the setup and the expected mail flow.

Let's name one of the clients Setebos AG, using setebos-ag.com as their primary domain. 

The Issue

Varunagroup's IT department activated journaling in Exchange Online, using an on-premises Journaling mailbox. After a few days, an IT administrator checked the inbox folder for journaling messages and journaling reports. The journaling inbox did not contain messages of Varounagroup senders or recipients only, but messages from client sender domains, e.g., setebos-ag.com.

In reality, the mail flow from on-premises to external recipients from any of the local Exchange organizations looked like shown in this diagram.

Question

Why does the Variangoup journaling mailbox contain messages from Setebos senders sent to external recipients?

We choose a single message for troubleshooting purposes, originating from the Setebos.com domain, sent to a non-Varunagroup recipient.

Analysis

1. The first thing to check is the Exchange Online Message Trace.
   In this case, the administrator already checked the Message Trace using the legacy Exchange Online Admin Center.
   
   The Exchange Online message trace showed the Varunagroup Exchange Online tenant received the Setebos message.

• Row 1: Exchange Online received the message for Varunagroup 
• Rows 2-5: The DLP Journaling rule processed the message, and the journaling report got routed to the journaling mailbox
• Row 6: The message was sent to an external mail server using the Exchange Online DNS resolver
• Row 7: Spam diagnosis for outgoing messages

The interesting piece of information is row 6. 

You see that EXO resolves the target mail exchanger via DNS. The target is another Microsoft 365 tenant as we see an xxx.mail.protection.outlook.com host.
 

2. Why did this message end up in the Varunagroup tenant?

When checking the on-premises mail gateway connection log, we found the distracting information that the gateway resolved the target mail exchanger as xxx.mail.protection.outlook.com.

As a next step, we checked the extended message tracking log using the new Exchange Admin Center. We created a new custom query with the following search criteria:

• Time range: Last 7 days
• Message-Id: The message Id fetched from the outbound connection log 
• Report type: Extended report

When you troubleshoot connection issues with Exchange Online, always select the extended report. You'll receive the report as a CSV file attachment. Use the Data tab in Excel to import the CSV file. Do not access the content by simply clicking the received file attachment. 

The interesting information is stored in the custom_data column for row source=SMTP and event_id=RECEIVE. 

S:ProxyHop1=HE1EUR01FT049.mail.protection.outlook.com(10.152.0.221);
S:ProxyHop2=AM0PRxxCAxxxx.outlook.office365.com(2603:10a6:208:fa::40);
S:InboundConnectorData=Name=Inbound from [EXCHANGE ORG GUID];
ConnectorType=OnPremises;
TenantId=[VARUNAGROUP GUID];
S:InboundTlsDetails=TLS=SP_PROT_TLS1_2_SERVER [...];
S:CorrelationId=d9ac6a10-8de9-4308-4205-07d865e8909b;
S:MimeParts=Att/Emb/MPt:0/0/1;
S:MessageValue=MediumHigh;
S:Replication=AM6PRxxxxMBxxxx;
S:FirstForestHop=AM0PRxxxxMBxxxx.eurprd03.prod.outlook.com;
S:FromEntity=HybridOnPrem;
S:Oorg=varunagroup.de;
S:ProxiedClientIPAddress=81.173.212.44;
S:ProxiedClientHostname=mx01.varunagroup.de;
S:DeliveryPriority=Normal;
S:AccountForest=EURPRxxAxxx.PROD.OUTLOOK.COM

The information in line 3 shows the actual name of the configured Varunagroup inbound connector, as shown in the Exchange Online connector configuration. The message did not enter the Varunagroup EXO tenant due to a mysterious connection, it was received by the dedicated inbound connector, configured by HCW.

3. Why was the Hybrid Inbound Connector chosen?

The key to this question is the TLS certificate used by the centralized email gateway and the TLS common name filtering in Exchange Online.

• The email gateways use the following TLS certificate with the two following common names
  • mx01.varunagroup,de
  • mx02.varunagroup.de
    ​
• The hybrid inbound connector used the TLS common name filtering, controlled by the TlsSenderCertificateName attribute, with the following name
  • *.varunagroup.de

The wildcard name *.varunagroup.de resulted in a matching string comparison for the incoming TLS common names of mx01.varunagroup.de and mx02.varunagroup.de. At the same time, the inbound connector matched the Edge Transport TLS certificate smtpo365.varunagroup.de.

Nobody knew, how the inbound connector configuration got "changed" to the wildcard name or for how long that configuration resulted in outbound messages from customer domains routed via the service provider tenant.

Solution

The solution contains two configurations.

1. Ensuring that the FQDN attribute of the Edge Send Connector is set to smtpo365.varunagroup.de
   
   This ensures that Exchange Server Transport selects the installed and SMTP-enabled TLS certificate for that name.  
    
2. ​Changing the TlsSenderCertificateName to smtpo365.veruangroup.de 
   
   This ensures that Exchange Online selects the hybrid inbound connector for Edge Transport established connections only.
    

The TLS common name behavior is by design and described in this blog post as FAQ #6(b). As a customer, you identify this as a misbehaving SMTP receive connector. But as described in the blog post, this is by design.

It is required that you understand the inbound routing behavior of Exchange Online if you have complicated outbound routing requirements. The blog post provides detailed information on how Office 365 inbound routing works and what you should be aware of.
 

Links

• Office 365 Attribution
• Hybrid Deployment Requirements
• Hybrid Configuration Wizard

Enjoy Exchange Online.

Are you located in Germany, Austria, or Switzerland? Join the Exchange User Group DACH to collaborate with other Exchange enthusiasts.
Follow us on Twitter @exusg, join on Meetup, or visit our website.