TechShizz | All posts tagged 'Office 365'

Office 365: Retention Tags and Policies

Retention Tag Types

  • Default policy tags - Automatically applied to an entire mailbox which has no other tags set.
  • Retention policy tags - Are applied to the default folders like 'Inbox' and 'Calendar'.
  • Personal Tags - Set manually through user assignments to both messages and folders.
Retention tags are linked to a retention policy and then the policy is linked to user mailboxes.

Power Shell

Connect to MSOnline Power Shell Module
Create a new retention tag
New-RetentionPolicyTag "Tag Name" -Type -AgeLimitForRetention -RetentionAction
New Retention Policy
New-RetentionPolicy -RetentionPolicyTagLinks
Change Policy for all Mailboxes
Get-Mailbox -ResultSize unlimited | Set-Mailbox -RetentionPolicy "RetentionPolicyName"
Change old retention policy to new one
$OldPolicy = {Get-RetentionPolicy "Old-Retention-Policy"}.distinguishedName
Get-Mailbox -Filter {RetentionPolicy -eq $OldPolicy} -Resultsize Unlimited | Set-Mailbox -RetentionPolicy "New-Retention-Policy"

How do we know it worked?
Get-Mailbox "Mailbox Name" | Select-RetentionPolicy

If we need to force the retention process to run for some reason this can be done with a power shell command only. The process which does the retention actions is called the 'Managed Folder Assistant' and is run periodically by default.

Start-ManagedFolderAssistant -Identity "Username"

Place a mailbox on retention hold
Set-Mailbox "Username" -RetentionHoldEnabled $true

Office 365: Configuring MRM in-place Archives


  • You must have an Exchange Online 2 Plan
  • Outlook clients 2016/13/10 and some 2007

Power Shell Commands

Enable archiving for a single mailbox
Enable-Mailbox "User Name" -Archive

Find all mailboxes enabled for archiving
Get-Mailbox -Archive -ResultSize Unlimited

Disable in-place archiving for a single user
Disable-Mailbox -Identity "Username" -Archive

Find a GUID for a mailbox
Get-MailboxDatabase | Get-MailboxStatistics -Filter "DisconnectDate -ne $null"

Connect disabled archive to a mailbox user
Connect-Mailbox -Identity "<GUID>" -Archive -User "Username"

Office Telemetry

Office_Compat_PDF - Download

  • Must have a SQL 2005 Express or newer (or full version)
  • SQL must be set to use Windows Authentication, NOT Mixed Mode
  • A shared folder on the network with "Everyone" permissions
  • Clients need to be domain joined
  • Client running the telemetry dashboard must be running Excel 2013 onward

Steps to Install

  1. Setup the Telemetry processor - Install the processor on a suitable machine. If there are more than 20 clients this must be done on a server as there is a concurrent connection limit of 20 session on end user operating systems.
  2. Deploy telemetry agents (to Office 2010 and earlier only) - The MSI file is available from the Telemetry dashboard and is easily distributed with group policy.
  3. Configure telemetry agents - This is achieved with the Microsoft Office group policy ADMX files.
  4. Connect the dashboard to the database - This is configured from the Telemetry Dashboard.
  5. Configure privacy settings (if required). This is configured from the Telemetry Dashboard.
All of the install files can be found from the Office Telemetry Dashboard which is accessed from the start menu under Microsoft Office folder on a client machine with Office 2013/2016 installed. 

If the telemetry components are going to be installed on a machine without office, the MSI files for the Telemetry agent/processor can be obtained from the dashboard. There are also links to the ADMX / AML group policy files for group policy. 

Office 365 Migrations

Cut over Staged Hybrid IMAP
Exchange Versions 2003 and later 2003 / 2007 2010 / 2013 2000 Onward
Pros Simple Greater than 2000 users More time (no down time) Migrate legacy mailboxes
Cons Max 2000 Users Coexistence Requires Hybrid Exchange Wizard Only Inbox Migrated
Cons Max 2000 Users Coexistence Requires Hybrid Exchange Wizard

Cut over Migration

A cut over migration is a "all at once" method of migrating.

Outlook anywhere (HTTP over RPC) AKA Auto discover
SSL Certificates
Custom domain added to Office 365 tenant account

Preparing the Cut over Migration

If Outlook anywhere / auto discover is already configured, skip to step 7.

1. Create a Custom certificate request
Template: (No Template) Legacy Key
PKCS #10

Certificate Name: Outlook Anywhere
Common name:
Enter an Alternative DNS: and
Extended Key Language: Server Authentication
Key Type: Exchange
Key Size: 2048
Make Key Exportable

Save CSR as Base64.

2. Submit the CSR to a public CA. Once it's received, import the certificate

3. Export the certificate
Export Private key: yes
PKCS #12
Save the certificate to the exchange server

4. Check firewall for required ports
HTTPS: 443

5. Create DNS Records (CNAMEs)
6. Import the Certificate into Exchange
Open IIS
Locate the OWA Site
Assign the certificate to the https bindings.

7. Test exchange connectivity 

Executing the Migration

1. Ensure the on-premises account has correct permissions

2. Add the domain to Office 365
Only step 1 is required for this process there is no need to add licences yet as there are no accounts in Office 365 to assign them to.

3. On the on-Premises exchange, go to Migration
Select cut over migration
Enter credentials of the administrator
Enter the exchange server: exchange.ADDomain.local
Enter the RPC Proxy:
Name the Migration Batch: Batch 1
The batch will then run.

4. Change the MX Records to point to Office 365

5. Disable Synchronization and delete batch on the local exchange

6. Decommission Server

Guide to continue...