Using EXO Modern Groups for SHD Postings

Posted on

Many Office 365 Service admins do not want to grant Admin rights to people, say in the Help Desk or Support organizations.  Today Admins must grant some sort of Admin role/right for users to check the Services Health Dashboard (SDH), however you might want to consider using Exchange Online Modern Groups to manage SHD postings.

The idea is to create a Modern Group, add the Help Desk members to this group and enable the Modern Group –> Connectors, and add the SHD RSS feed, which will bring these items into the Modern Group, which is effectively a combination of Security & Distribution (SG & DG) groups together, with a Shared Mailbox/Calendar and backing SharePoint Online (SPO) Notebook and Document/Files library.

Note – In order to use Modern Groups, you must have an Exchange Online license and IF you want a backing Notebook (OneNote) and Files (Document Library), the user creating and managing this Modern Group must have an SPO license.


  1. Login to your Exchange Online Mailbox via OWA
    1. Example:
  2. Click the Groups + item in the left navigation pane
    1. modernGroups_Create
    2. Click Create
    3. Fill out all the necessary questions, such as Name, Public versus Private, etc.
    4. createGroup1
    5. Add members as you see fit
    6. createGroup2_AddUsers
  3. Once the Modern Group has been created, use the below URL ‘parameter’ to the Modern Group URL, which will enable the ‘Connectors’ feature to be enabled
    1. &EnableConnectorDevPreview=true
      1. Example of Full URL:
  4. Click Connectors and…
    1. Add this SHD RSS Feed URL: Connectors à Scroll down to bottom and select RSS and enter:–3s –> Save
    2. createGroup3_AddRSSFeed
  5. As items are posted, it is sent to this Modern Group where these Service Desk people can review.
  6. createGroup4_results

Onboarding into Office 365 – Pilot Testing and Tasks

Posted on


For those who are interested in moving into or onboarding into Office 365, it is very important that you take into account the following considerations:

  1. Full review of all your business and technical requirements, to fully understand the process, procedures and tasks your Information Workers perform on a daily basis.  Without performing this review and going into Office 365 you are almost guaranteed to find settings, features, functions and or limitations that do not align with your needs.  To review the Office 365 Service Descriptions, you can find them here.
  2. Once you have a good idea on whether the different Office 365 services, features, functions and capabilities are a good fit for your company, you should perform a Full Pilot Test.  This ensures that you can perform your work tasks in the cloud and find out first hand whether any limitations, restrictions or capabilities are missing that are needed.
    1. Notes
      1. I have attached an .xlsx spreadsheet to help with testing all of the different Office 365 Services, Features, Functions and Capabilities.  Note that this spreadsheet is provided as-is and may be missing a few test tasks or not account for some features or requirements your business needs.  Please use this spreadsheet and customize as you see fit!
        1. Office 365 Feature Chart – Test Plan
      2. Without this step you are almost assured to find capabilities, features or functions which don’t fully align with your business and technical requirements and will spend lots of time with Office 365 Support trying to find workarounds, solutions or ways to “make this work”.


I cannot emphasize these points enough.  It is very important that any company looking to use Office 365, should first review the Service Descriptions, to get a real sense of what the services can provide.  Then go through a full Pilot test pass to ensure everything works as needed, while fully documenting any “differences” or “restrictions” which may cause “pain” when using these services!

With an SD Review and Full Testing you WILL be fully informed on whether Office 365 is a good solution for you and your company and will have first hand knowledge on any items/issues/services, etc which may need to be addressed before moving forward.  Otherwise you will spend many hours with Office 365 Support in trying to find “solutions” to your business challenges, which will not be a fun experience.  Enjoy the review and I look forward to seeing you in “The Cloud” 🙂

Managing Office 365 Photo’s – Centralized Photo Management

Posted on

For all the Office 365 Administrators out there who are asking “What is the best method or option for managing Office 365 Photos?”, this post is for you!

Since the beginning of Office 365 users are able to submit photo’s into Office 365, for use in displaying in Outlook/OWA, Lync Client, SharePoint Site Collection Members, etc.  However there is confusion on whether each service manages their own photos and/or if there is a Best Practice on managing these in one central location!

Best Practice

Instead of having end users submitting photo’s into the different online services, such as:

  • Microsoft Online Portal
    • Office 365 Settings –>Me –> Edit my “About Me” page, which takes you into SharePoint Online –> Edit Profile page
  • Instant Messaging & Collaboration
    • Lync Client – Tools –> Options –> My Photo, which is uploaded into LYO for use
  • Messaging
    • OWA – Options –> Account –> My Photo
  • Note – If someone submits their photo into Exchange Online via the above path, all other Office 365 Services will pick up this photo and use it in their particular service (i.e. Post to EXO and is picked up by SPO and LYO). If you as an Administrator cannot update your Active Directory thumbNailPhotos attribute and values, to be synchronized into Office 365, then this method is the best option, as EXO is the gateway into pushing photo’s into Office 365 and being picked up by all the other cloud services (i.e. SPO, LYO, etc).
  • Collaboration
    • SharePoint – OneDrive –> About Me –> Edit Profile –> Picture

Instead of using these different options, Office 365 Administrators can centralize the end-user photo(s) into Active Directory and allow Directory Synchronization to push this into Office 365, to be picked up by all the different online services.


Use the steps noted in this other Blog Posting, which will provide you with a way to inject user photos into Active Directory, using the thumbNailPhoto attribute and value:

  2. Once Active Directory has been updated with user photo’s, either allow DirSync to run, every 3 hours, or manually run DirSync to push all the user photo’s into Office 365.
  3. Once posted into Office 365, each service will reference these photo(s) and display in the web UI (OWA, SharePoint, etc) and Rich Applications (Lync Client, Outlook, etc.).

Removing O365 Accounts WITHOUT Having to Remove AD Accounts

Posted on Updated on

DirSync-Scoping  As many Office 365 Admins know, when you need to remove someone from Office 365 when using Directory Synchronization, in order to synchronize all your AD objects into the cloud, you have probably found that the ONLY way to remove the cloud user is to remove the AD user.  BUT many times this is not possible, as the AD user still has a role to fulfill or being used, for example, as a Service Account.  In this case “what DO you DO?”

Since the new Directory Synchronization provides “scoping” capabilities, which means ONLY certain domains/OU’s are to be synchronized while all other AD objects are not. This “scoping” feature is key to maintaining your Active Directory user objects while removing them for your Office 365 tenant.

In a nutshell, you would use the following article, which explains HOW to setup Directory Synchronization “scoping”, which will take an OU out of synchronization, which is where all your AD account who no longer need to be in Office 365 will be placed.  DirSync will no longer finds these accounts in your AD, due to not looking into that OU (i.e. Scoping) and issue a Delete request into Office 365 to remove these users.


  1. Overview of Directory Synchronization Filtering/Scoping:
      1. Great additional article on Directory Synchronization Filtering and a discussion on the Soft-Delete feature, allowing you to recover users and their MBXs quickly and easily.

Note – Directory Synchronization scoping is a relatively new feature and one that can be used when needing to maintain AD users while removing them from Office 365.  Directory Synchronization is the only way to manage this scenario, as Directory Synchronization maintains management of these user objects, which requires that the user object (objects) must be managed via onsite Active Directory.  Be Careful when using Directory Synchronization Scoping, as the Directory Synchronization delete directive WILL cause these online user objects to be deleted.  If you have done Directory Synchronization scoping in error, you can easily use the “Soft-Delete” feature in Office 365 to get these accounts pulled from the “deleted items” hidden folder in Office 365 AD and bring them back into action.

DirSync, proxyAddresses & Domains – Removing Domain & Managing Email Address

Posted on

For Office 365 Admins who manage domains and UPNs/proxyAddresses, I wanted to write a posting explaining an interesting “use case scenario”.


  1. You have created and verified a domain in your Office 365 Portal, such as the ole domain
  2. Users in your Active Directory have been given that email address via the AD proxyAddresses attribute and synchronized into Office 365
  3. You remove the domain from your Online Portal because it is no longer needed, such as selling the company/domain
    1. Note – In order to remove a domain NO OBJECTS can be associated with this domain, either as UPN or Email address.  The fastest way to do this is to remove the Domain Intent settings for Lync & Exchange Online, which releases the check for attributes using this domain during the Domain Removal process.

Note – Unchecking these services from your domain will release the attribute checks used by this domain.  If you do not do this, then you must change your task and remove the email addresses from on-premises Active Directory (UPN and/or proxyAddresses {SMTP}, before you can remove this domain.  There is a way to remove SMTP addresses from Online using PowerShell BUT managing onsite Active Directory is the better approach for this scenario.


  • Question: You will notice that by removing the domain that the online users maintain their domain and you may be asking yourself “WHY, I removed the domain”.
  • Answer: This is because Directory Synchronization manages the proxyAddresses value during Synchronization and will NOT see any changes to your on-premises Active Directory user’s proxyAddresses values, therefore no changes are pushed into the cloud.
  • Resolution: To remove the domain email address from online users, you must remove the proxyAddress (i.e. from Active Directory, which instructs Directory Synchronization to remove it from your Office 365 user email address.

Note – Click Remove on the email address and in 3 hours Directory Synchronization will remove this from the online user.




NOTE – There are ramifications for doing this, as this email address is/was most likely used in Exchange Online.  If was used to send mail by other Exchange Online users, this address will be cached in Outlook and will automatically popup when attempting to send to  Users must hit the Delete button to remove this entry from their Outlook cache and then “re-find” the user, which will now only use

Provide PowerShell 3.0 Add-On Connections for Office 365

Posted on


The below is provided as-is and not supported in any way.  The below is a set of PowerShell commands, which are used to instruct the PowerShell0 ISE to load these commands each time the ISE is launched:

  1. Create a new folder in your Documents folder called WindowsPowerShel
  2. Open notepad and copy the below into the notepad file
    1. Once copied, save the file with a .ps1 extension


$psISE.CurrentPowerShellTab.AddOnsMenu.SubMenus.Add(“Connect to Exchange Online”,


if($msolCredentials -eq $null)


$msolCredentials = Get-Credential


$EXOL = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $msolCredentials -Authentication Basic -AllowRedirection

Import-PSSession $EXOL




$psISE.CurrentPowerShellTab.AddOnsMenu.SubMenus.Add(“Connect to Office 365”,


if($msolCredentials -eq $null)


$msolCredentials = Get-Credential


$getModuleResults = Get-Module

If (!$getModuleResults) {Import-Module MSOnline -ErrorAction SilentlyContinue}

Else {$getModuleResults | ForEach-Object {If (!($_.Name -eq “MSOnline”)){Import-Module MSOnline -ErrorAction SilentlyContinue}}}

Connect-MsolService -Credential $msolCredentials




$msolCredentials = $null

Exchange Online & Postmaster Account / NDR Sender

Posted on


As Exchange Administrators work to understand all the nuances of Exchange Online, either the older Office 365 (2010) or the newer Office 365 (2013), they have probably asked “What about my Postmaster account, where is it, how do I configure or manage it?  There is no Postmaster account that I can find, so how does this work?”.

In reading through the following, written in 2012, EXO Admin’s get a default Postmaster account/setting used for your Exchange Online Tenant:

So if you as an Exchange Online Admin start to see lots of information from or, however you won’t find a Postmaster account, as this is part of the underlying Exchange Online Service, so save yourself some time and don’t try an find the account, it is no where to be found but is always looking out for your Exchange Online Messaging domain.