FAQs from Exchange and Outlook booths at 2019 Microsoft Ignite

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

During Microsoft Ignite 2019, we had a bunch of Microsoft employees and Exchange MVPs in the Exchange and Outlook booths on the show floor. We send them there to answer our customer’s questions.

Unsurprisingly, when you get a lot of questions (and we got many), some of them come up more frequently than others. We are going to assume here that the questions that we got in the booth might very well be the same questions that many of our wider Exchange and Outlook communities have too. So, we will answer them here. Obviously, these aren’t all the questions we got, just those we heard often and we thought might be useful to a larger audience.

Here goes:

When can I uninstall that last Exchange Server on-premises (I currently need it to manage my users)?

This was easily the #1 question we got this year. We should have printed t-shirts with the answer to this on it! It was obvious that many of our customers have moved to the cloud and do not really feel the need to have an Exchange Server on-premises anymore, but must keep one around to have a supported way to manage Exchange objects (using EAC or PowerShell).

The fundamental problem here is that there is currently no way to change attributes that are seen as authoritative on-premises on cloud objects, so with the AAD team, we’re investigating how we can switch the source of authority for these attributes. While we do not have any dates to announce today, we are hoping that within a year we will have something to announce on the subject! We know we’ve said something similar before. It’s a hard problem to solve but trust us; we are working on it!

Note that there might be other reasons why you might want to have an on-premises Exchange server, like an email relay to O365 from local devices (for example) and you should evaluate those separately.

My Exchange server on-premises also handles SMTP relay. How do I end this?

This issue is a little more complicated than it seems at first. We publish guidance to allow small businesses the ability to connect their SMTP apps and devices directly to Office 365. However, a customer who has more than a very small number of devices, or who sends larger volumes of email to external parties must consider the monitoring, management, and reliability of any SMTP relay configuration. If you have hundreds of devices, you don’t want to manually go to each one and reconfigure the connection endpoint, especially in the event that Office 365 makes a change (e.g., deprecating a TLS version that your devices require, or disabling support for basic authentication). You also need to be responsible and make sure that devices or apps are not compromised or abused – your public IP and domain reputation would be at risk. While Office 365 offers some tools to monitor this, your tenant can also get blocked in such an event. Unless you directly control access to the devices and apps, it might be best to keep a buffer in the form of an MTA or SMTP proxy that you can monitor and centrally manage.  The centrally managed device can then deliver mail directly, relay to Office 365, or another service - depending on the situation. You can continue to use your on-premises Exchange server for this purpose, and if you wish, that server could be moved to Azure.

Further, we believe that it is a best practice to separate as much as possible the infrastructure, IP, and domains used to send any sort of marketing, bulk, or grey mail from your normal business mail. There are services that can help your employees perform these business functions responsibly.  Office 365 should generally not be used for these purposes.

Will there be another version of Exchange server on-premises?

The truth of the matter is – we never pre-announce versions of Exchange server years in advance. People sometimes forget that we released Exchange 2019 just over a year ago. Just as with previous versions of Exchange, we will announce what’s next when the right time comes! In the meantime – did you know that if you go to Exchange Online, you can get all the new features now, without having to wait? (See what we did there?)

Why is there no ‘hybrid key’ for Exchange 2019?

Because Exchange 2019 is downloaded AND licensed through the volume licensing center, the Hybrid Configuration Wizard (HCW) does not have the ability to license or provide a key for an Exchange 2019 ‘hybrid server’. Simply use Exchange 2016 instead, and HCW will happily license it for you.

I am in hybrid already; should I be switching to Modern hybrid (using the Hybrid Agent)?

If you have already done all of the work to get into hybrid (and many of you did) – there is generally no good reason for you to switch to Hybrid Agent / Modern hybrid. Modern hybrid has really been designed to help unblock a set of customers who could for variety of reasons not make necessary networking configuration changes to enable hybrid configuration, so it’s ability to proxy the free/busy requests as well as mailbox migrations comes in handy. But as a rule, if you are already in hybrid, you don’t need to worry about switching.

Various questions about announced Basic Authentication deprecation.

We are aware that you have various questions about the announced deprecation of Basic Auth. Look for a dedicated post discussing those questions early in the new year.

I still use Exchange on-premises. Can I use Office Message Encryption?

Yes, absolutely – you just need to route your inbound and outbound mail via Office 365. While not required, we recommend setting up Hybrid if you know that you’ll eventually want the benefits of Hybrid. Office Message Encryption (OME) can then be configured to your needs. We recommend you check out the Office 365 Message Encryption FAQ.

We’ve purchased M365 or O365 services licenses.  Where can we find out more about Exchange Online Protection and Advanced Threat Protection?

Exchange Online Protection is included with all license types and includes protection from basic spam, phish, and bulk mail.  This protection is pre-configured with the most basic protection in place. There are two plans for ATP. The first adds zero-day and advanced phish protection capabilities which must be configured.  ATP P2 adds additional investigation & response capabilities.  These are also available as part of other comprehensive licensing packages.

When an employee leaves my company, we… (insert different things organizations do)

It seemed pretty apparent that some of our customers have different processes and steps that they might take when people leave the company, how their accounts are handled and what happens to their mailboxes. What was also apparent is that many did not know that we in fact have a pretty comprehensive document about this scenario, discussing various options and best practices. We shared this in the Exchange booth multiple times so here it is: Remove a former employee from Office 365. It might not answer every question there is, but it’s a great start!

It seems like hybrid mailbox migration can sometimes take a very long time, even if the mailbox does not have a lot of data. Why is this? Can this be unthrottled?

There are a variety of reasons that impact the actual throughput of mailbox migrations (often, there are throughput issues in on-premises environments.) Many of our customers do not seem to know that we have documented some of this in the article Office 365 email migration performance and best practices. Another thing to realize is that migration jobs are intentionally prioritized lower than active service loads, to not impact both the source and target environments. See Resource Based Throttling and Prioritization in Exchange Online Migrations to learn more about that.

There is no ‘throttling’ for hybrid migrations that can be increased. Our migration team has heard that many of our customers would like to be able to increase the priority of some of their mailbox moves, so this is an idea that is being considered (no commitments at this point). We are also looking at how migration finalizations can be sped up. Stay tuned!

Variety of public folder migration questions, most of ‘how to’ nature.

We received a good number of ‘how to’ public folder migration questions. There is some good documentation on the subject that we wanted to call out. First off, if you are migrating public folders from Exchange 2010 to Exchange Online, you will need this article. If you already migrated your on-premises public folders to Exchange 2013 / 2016, then you are already using what we call modern public folders, and you need this article. There is also a way to migrate certain public folders to O365 Groups and that is described in this article. If you are wondering how many public folders you can migrate to Exchange Online, you should check Exchange Online Limits. Finally – we at this time do not have a way to migrate public folders to shared mailboxes directly (would be curious to hear what the scenario is for such a move?)

Why are more Office 365 features not part of Exchange 2019?

Office 365 is our focus for features. We ship features to Office 365 first and may deliver a sub-set of those features that make sense for on-premises. We look at the capabilities individually to determine how readily they can be deployed and sustained in on-premises landscapes, but the maximum value and feature set will always be in Exchange Online. Some features have need for updates or a level of integration that don’t fit well into the realities of deploying and managing an on-premises server. It’s also true that the customers we know who still want to deploy on-premises value stability and reliability above features. That’s what we’re focusing on with our on-premises product.

Is Microsoft going to extend end of support for Exchange Server 2010 after October 2020?

No. We had a one-time extension to give customers with Exchange Server 2010 more time to complete their migrations and to maximize customer satisfaction. End of support for Exchange Server 2010 will not be extended further beyond October 13th 2020.

How can you help me decide which version of Outlook should my users use when connecting to Office 365 Exchange Online? Is there something that can help my users as well?

In order to help with such situations, we have published some articles that can help you compare different versions of Outlook based on the feature-sets that each version of Outlook provides to its users. These comparisons can help you and your users in making related decisions.

The Outlook/Office Add-ins story is all too complicated for me to handle as an Admin in my organization. Users have been using some add-ins that were never approved by us, moving into the cloud we didn’t regulate it, but now we think we need to take full control of this space. Where should we start?

You should start by reviewing the Publish Office Add-ins using Centralized Deployment via the Office 365 admin center article on centralized deployment and administration of add-ins in your organization. It will help you determine if that’s the right way for you to go and provides a compatibility checker as well.

What should I do to ensure I am looking at the latest developments in different Outlook clients, what’s coming up and if there is anything that I need to be doing for my organization and users?

We recommend that you keep an eye on the Tech Community Outlook blog for all new features that we are releasing for production users, sign up for Office Insiders Program if you want to try out the latest upcoming features, review the Microsoft 365 Roadmap site where we publish information on upcoming features in different versions of Outlook. Also check the Message Center in Microsoft 365 Admin Portal for regular communications where we may ask you to take actions in advance of a major change that’s coming up for Office 365 Exchange Online users.

When are DKIM and DMARC features coming to Exchange on-premises?

There is no roadmap for the DKIM and DMARC features to be included with Exchange on-premises. For customers who are looking for these features can use Standalone EOP for their inbound and outbound mail routing and use the Exchange Online DKIM and DMARC features. This way, they can also use additional Antispam and Threat protection features which come with Exchange Online Protection.  

Users in my tenant are getting a lot of spam / phish messages, how do I fix these issues?

There are various reasons which can cause False Positive and False Negative messages for the users – tenant wide configuration issues, user level safe and blocked sender lists, not using optimum threat management policies are few of them. While we encourage end user to use the report message add-in for reporting FN and FP messages, we have come up with a new powerful feature called Admin Submissions, which can be found under Office 365 Security and Compliance Center. With this new capability, admins can easily submit emails and content, provide more details, and receive immediate feedback. The feedback provided by Microsoft also offers valuable insights into configurations that may have caused a false positive or a false negative, reducing the time to investigate issues and improving the overall effectiveness.

There you have it, the “Top 18 questions from Ignite!” Okay, we just made that up; it just happened that there were 18 of them…

The Exchange Team

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.