Working With Office365
Handy info for working on and with the Office365 platform
Setting up alternative email addresses in Exchange Online / Office 365
One of the biggest pain points of Microsoft Exchange is its inability to have multiple “send-as” addresses for a user. Unfortunately, since Exchange Online is just a cloud implementation of the same Exchange 2010 that everyone else uses, this issue carries over to the online version as well.
Traditionally, when you have an on-premises Exchange server, you can deal with this problem in one of two ways:
1) Install 3rd party software that allows this functionality through Exchange
2) Setup distribution groups for the alternative email addresses, and assign permissions to allow sending as the group
In Exchange Online, option 1 is not possible because you don’t have access to the OS, just a subset of services sitting on top of it. This means that distribution groups is your only option to achieve this functionality, and the following are instructions on how to do it:
1) If you have already added the alternative address to a user, remove it. If you are not sure how to do this, follow the instructions on [this page - needs writing]
2) Jump into the Exchange Control Panel and setup a distribution group. The important part to remember when you are doing this is that whatever you enter into the “Display Name” box is what people will see as the sender when you send from this address. In my example, I am setting up brendan@workingwith365.com as an alternative address for myself. For ownership, setting the owner as your admin account is a best practice, but you can set it as the actual owner of the address, this will just allow them to adjust setting on the group without administrator intervention.
Setting up a new distribution group. Make sure to set the "Display Name" to what you want people to see when you send as this address.
3) While setting up the group, make sure to pay close attention to the membership and membership approval sections. You want to make sure that the person you want to use the address is a member, or that the person is the owner and the ”Add group owners as members” is ticked. Make sure to select both “Closed” options under membership approval. This will prevent other users from joining the group and receiving emails that are not for them, and prevent the intended user/s from leaving the group and missing emails.
4) When you are finished, click save.
To achieve the above steps using PowerShell, use the following line in an Exchange Online remote session:
New-DistributionGroup -Name "Brendan Working with 365" -DisplayName "Brendan Erofeev - Working with 365" -Alias "brendan-workingwith365" -PrimarySmtpAddress "brendan@workingwith365.com" -Members "brendan@erofeev.net" -MemberDepartRestriction Closed -MemberJoinRestriction Closed
5) Now the group has been created, you run the following PowerShell command to set SendAs permissions on the group for the user you want to have the ability to send as:
Add-RecipientPermission -Identity "brendan@workingwith365.com" -AccessRights SendAs -Trustee "brendan@erofeev.net"
And it’s as simple as that. Rinse and repeat for each user you need to setup and alternative email address for.
On the Outlook client side, you need to enable the “From:” box in new emails (this is different depending on what version of Outlook you have), and then enter the alternative email address, or select it from the Global Address List.
In this post we learned how to setup an alternative email address for a user to send out of. We set it up as a distribution, and assigned permissions so that the user could send-as that email address.
Administering Office 365 with PowerShell
I like to think of PowerShell as the Windows tool that finally convinced Unix guys that Microsoft admins can do more than just drive a GUI.
PowerShell is Microsoft’s task automation framework, consisting of a command-line shell and associated scripting language built on top of, and integrated with the .NET Framework. (http://en.wikipedia.org/wiki/Windows_PowerShell)
So, what can you do with it? Almost anything! More and more, PowerShell is becoming the tool of choice for administration on Microsoft platforms, and Office 365 is no exception. In fact, like most PowerShell administer-enabled applications, there are things you can do in PowerShell that you can’t do in the GUI.
Most of the posts on this site will reference administering Office 365 using PowerShell in some way (whether it be the main focal point of the post, or an alternative to achieving the goal), so this article will serve as a reference on how to connect to difference Office 365 services using PowerShell.
General Administration using the Microsoft Online Services PowerShell Module:
The Microsoft Online Services PowerShell Module can downloaded from here:
Microsoft Online Services PowerShell Module 32 Bit
Microsoft Online Services PowerShell Module 64 Bit
Once you have downloaded and installed the bits, launch the module by finding it in your start menu (should be under All Programs > Microsoft Online Services).
Once you have it fired up, type:
connect-msolservice
You should now be prompted for your Office 365 credentials:
Once you enter your credentials, and press OK, your PowerShell window will take few seconds to connect, and then give you back your prompt:
A little anti-climactic isn’t it?
But…now you are connected. Try typing:
get-msoluser
Bam! A list of Office 365 users.
So, where from here? What else can you do? Type:
get-command -noun msol*
This will give you a list of cmdlets that you can use for Office 365 administration (at the time of writing, there are 49 cmdlets). OK OK, so how do I USE these cmdlets?
The beautiful thing about PowerShell, is it was designed to be easy to learn. Firstly, all PowerShell cmdlets come in the form of Verb-Noun. What this means is that figuring out what cmdlet will do the job you are trying to do is as easy as thinking of what you would call it yourself.
If I want to add a new user, I use “New-MsolUser” If I want to remove a user, I use “Remove-MsolUser”. If I want to do anything to do with a user, I can enter:
Get-Command *MsolUser
And a list of cmdlets will be returned that are used to manage users.
If I want to know how to use “New-MsolUser”, I can enter:
Get-Help New-MsolUser
And if I want a practical example of the use so that I can learn by example, I can enter:
Get-Help New-MsolUser -examples
Exchange Online Administration using a Remote PowerShell Session
To administer Exchange Online, instead of using the Microsoft Online Services module, you connect to a remote PowerShell session.
The first thing to do is start a regular PowerShell session with administrative rights. Navigate to All Programs > Accessories > Windows PowerShell, right click on “Windows PowerShell” and select “Run as administrator”
Once PowerShell is open, we need to do a bit of tweaking before we can connect to the remote session. The first tweak is to adjust the execution policy to allow local scripts to run.
NOTE: Adjusting your execution policy lowers the security of PowerShell. Make sure to read and understand this article before adjusting your execution policy.
OK, now, lets adjust the execution policy to RemoteSigned. This level will enable you to run local scripts, or scripts from other sources, but will not allow you to run scripts downloaded from the internet.
enter the following command into PowerShell:
Set-ExecutionPolicy RemoteSigned
You will be asked to confirm the change, press enter.
The next step is to build a function to connect to Exchange Online (not necessary, but a definite time saver) and place it into your PowerShell profile. Enter into PowerShell:
test-path $profile
If you receive back “True”, this means that you already have a PowerShell profile, so we can just add the function to it. If you receive back “False”, type the following (Only if you received back “False”):
New-Item -Path $profile -Type File -Force
The above line just created you a new profile. ”New-Item” is the command to create a new item, “$profile” is a pre-defined value in PowerShell, and points to your profile (or where it should be), and the -Force command forces the file, and any directories along the way, to be created.
Now that you have a profile (or if you already had one previously), you can type:
notepad $profile
This will open your profile in notepad, so that we can add our function to it. Add the following lines to your profile:
Function Connect-ExolService
{
$cred = Get-Credential
$ExchangeOnline = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $ExchangeOnline -Prefix Exol
}
And save it.
So, what does this function do? I’ll break it down:
Function Connect-ExolService
First, we define our function. I am calling mine “Connect-ExolService”
$cred = Get-Credential
Next, we create a variable “$cred”, and prompt the user for credentials to store in it “Get-Credential”
$ExchangeOnline = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
Then, we create a new variable called “$ExchangeOnline” and store a “New-PSSession” in it. our “-ConnectionUri” points at “https://ps.outlook.com/powershell”, but we also have the “-AllowRedirection” switch, so when we connect, our connection will be redirected to the Exchange server that hosts our tenant.
Import-PSSession $ExchangeOnline -Prefix Exol
Finally, we import the session. Importing a session imports command such as cmdlets, functions, and aliases into the current session. The important part to note here is the “-Prefix Exol”. What this tells PowerShell to do is place “Exol” in front of the noun in every command imported. The importance of this will be made apparent shortly.
Ok, so now we have our shiny new function saved into our profile. We must reload our profile before we can use the function. To do this, type the following:
.$profile
Ok, now we are all geared up to manage our Exchange Online via PowerShell! Lets try our function:
Connect-ExolService
The first thing we get is a prompt for credentials. Enter your credentials, and press OK.
Next, all of our commands are loaded from the remote session, and now we are ready to work.
Remember the “-Prefix Exol” we created earlier? Well, this is where it comes in handy. Enter the following command:
Get-Command -Noun Exol*
What you have now is a list of imported commands from the Exchange Online remote session. All of these commands are used to manage Exchange Online (230 at the time of writing). That’s a LOT of commands….well, not really when compared to on-premises Exchange, which has over 600!. But nontheless, not easy to take in all at once. So lets see them a-page-at-a-time:
Get-Command -Noun Exol* | Out-Host -Paging
Where to from here? Well, if you have administered Exchange on-premises using PowerShell, you should be in your element right about now. Remember though, Exchange Online is a Convenience vs Control trade-off, so you won’t see all of the cmdlets you are used to working with, you only get the ones that are applicable to managing the parts of Exchange Online that you are allowed to manage.
If you have never touched Exchange on-premises, or PowerShell, remember, “Get-Command” and “Get-Help” are your two best friends. Do not underestimate them, as 99% of the time, they have the answers you are looking for.
In this post, you learnt how to manage Office 365 in general, and Exchange Online using PowerShell. If you are interested in PowerShell, I suggest the following resources to help you learn:
