Get-AzureADUser -SearchString user1@xyz | Get-AzureADUserMembership -All $true | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select-object DisplayName,Mail,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | Export-Csv -Path 'C:\new_folder\UserDetails.csv'
Showing posts with label Microsoft O365. Show all posts
Showing posts with label Microsoft O365. Show all posts
BULK Get Calendar permission of multiple mailbox
$i = C:\New_folder\room.txt
foreach ($room in $i){Get-MailboxFolderPermission -Identity ($room + ':\Calendar') | select-object {$room},User}
Add custom alias to M365 group
Get-UnifiedGroup groupname@xyz.com | fl emailaddresses
Set-UnifiedGroup –Identity groupname@xyz.com –EmailAddresses @{Add="groupname@xyz.mail.onmicrosoft.com"}
Force create room mailbox on on-prem hybrid setup
Enable-mailuser -identity Room01 -ExternalEmailAddress Room01@xyz.mail.onmicrosoft.com
Enable-RemoteMailbox -identity Room01 -RemoteRoutingAddress Room01@xyz.mail.onmicrosoft.com
Set-RemoteMailbox -Identity Room01 -Type Room
Mailbox Auto mapping off
Add-MailboxPermission -Identity user1@xyz.com -User user2@xyz.com -AccessRights FullAccess -AutoMapping $false
Disable Outlook "Do not send response" meeting response option
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\Calendar
DWORD: ForceMtgResponse
Value: 1
You'll need to restart Outlook after setting this key.
Administrators can add the key using Group Policy.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Options\Calendar
DWORD: ForceMtgResponse
Value: 1
Check DKIM using CMD
in CMD
Type nslookup -q=txt <selector>._domainkey.<domain> where <selector> is the DKIM selector and <domain> is the domain name.
e.g --
nslookup -q=txt abc1._domainkey.himanshu.xyz
Audit Teams chat
Auditing Private Chats in Teams - Microsoft Community
Microsoft Teams > Find Chat Conversations Between Users
7/9/2021 · Applies to the Security and Compliance Center using eDiscovery to find conversations in Microsoft Teams
Change Recoverable Items retention time/days
Change Recoverable Items retention time/days
Get
Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Get-Mailbox | ft displayname,primarysmtp*,RetainDeletedItemsFor -autosize
Set
Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Set-Mailbox -RetainDeletedItemsFor 30
Search and Purge permission
I've had a user want permissions to
hard/soft delete emails found to be potentially malicious in M365 Defender
Threat Explorer (https://security.microsoft.com/threatexplorer)
What you need to be able
to access Threat Explorer in M365:
- Organization Management
- Security Administrator (assign this in the Azure Active Directory
admin center (https://aad.portal.azure.com)
- Security Reader (if you PIM upto SecAdmin then you
won't need SecReader
Required Licenses
You
must have Microsoft
Defender for Office 365 to use Explorer or Real-time
detections.
- Explorer is included in Defender for Office 365 Plan 2.
- The Real-time detections report is included in
Defender for Office 365 Plan 1.
- Plan to assign licenses for all users who should
be protected by Defender for Office 365. Explorer and Real-time detections
show detection data for licensed users.
Digging into it....
Assign AAD Security Administrator to
the user if they don't have it already. It's likely if they are in a SOC or
InfoSec that they will probably have this.
The
user was able to access Threat Explorer after pimming up to SecAdmin but
couldn't access hard or soft delete.
This
delete function was something that I was able to perform but actually couldn't
see why I could or where the permission was that enabled me to.
So,
let's head over to Permissions & Roles @ https://security.microsoft.com/securitypermissions and
select "Roles" under "Email & collaboration roles".
You'll
now see a list of roles and permission specific to M365 Defender
The magic role you need now is "Search & Purge" which appears
in "Data Investigator".
The
side window will swipe in and you'll see "Search & Purge" under
assigned roles.
Assign
the member to this role then they should be able to purge any emails they look
up (making sure they are pimmed upto AAD SecAdmin first).
Copy or Migrate mailbox data
Article - 4 Ways To Copy Emails From One Mailbox To Another In Office 365 (techpress.net)
You may have a requirement of switching from one mailbox to another by copying all emails from the the old mailbox to new mailbox. If only some of the emails might be relevant and important to you. In that case, you can also select the emails you want to copy across to the new mailbox.
Another scenario could be that you want to consolidate multiple mailboxes into one and delete all the old mailboxes. Whatever the reason may be, copying emails from one mailbox to another in Office 365 is a common task that can be accomplished in a few simple steps.
A source mailbox can be a user mailbox or a shared mailbox and destination mailbox also can be a user mailbox or shared mailbox. We would be using Powershell mostly, but I would show you a way to copy the emails using Outlook as well.
Option 1 – Copy emails using Search-Mailbox
The PowerShell cmdlet Search-Mailbox is a powerful tool in Office 365 that allows you to search for and manage mailbox content. This cmdlet can be used to search for and delete specific emails, as well as to copy or move emails between mailboxes.
It is particularly useful for compliance and legal purposes, as it allows administrators to search for and preserve emails that may be relevant to legal or regulatory investigations. However, it is important to use “Search-Mailbox” with caution, as it can potentially delete important emails if used improperly.
Let’s check the steps now!
Required permissions to run Search-mailbox cmdlet
To be able to run Search-Mailbox cmdlet, You will need to have Mailbox Search or Mailbox Import-Export role. If you don’t have these permissions, You may get below error message:
| Error |
|---|
| Search-mailbox : The term ‘Search-mailbox’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 Search-mailbox FullyQualifiedErrorId : CommandNotFoundException |
1. Add admin user to Discovery Management Role Group
You can either use Exchange admin center or powershell to add the administrator account to Discovery Management role group. Let’s check both the ways:
1.1 Using Exchange admin center
- Login on Microsoft Exchange admin center.
- Go to Roles > Admin roles.
- Find Discovery Management Role group and click on It.
- Go to Assigned tab and then click on + Add button.
- Add the administrator account here.
1.2 Using Powershell
You can also use Powershell to add an administrator account to Discovery Management role group. But first you need to Install Exchange Online Management powershell module and then connect to Exchange Online. Let’s check the steps:
Install Exchange Online Powershell Module
Connect to Exchange Online
Example: Add Jatin.makhija@techpress.net to Discovery Management Role group
2. Add admin user to Mailbox Import-Export role group
For adding an admin user to Mailbox Import-Export role group, I would be using below powershell cmdlets. First you need to create a new Role group called Mailbox Import-Export Mgmt and then add the admin user to this role group.
Create a new role group for Mailbox Import Export permission
Example: Add admin user jatin.makhija@techpress.net into Mailbox Import-Export Mgmt role group
Use Search-Mailbox cmdlet to copy emails
Now, we have administrator permissions assigned to be able to run Search-Mailbox. We will copy emails from one mailbox to another user’s mailbox using this cmdlet.
- Source Mailbox – GradyA@techpress
- Destination Mailbox – NestorW@techpress
- Emails to copy – All
If you have already Installed Exchange Online powershell module and connected to Exchange online then you can skip the commands for the same. However, If you have not connected to Exchange online yet then please run below commands:
Install Exchange Online Powershell Module
Connect to Exchange Online
Copy all emails of GradyA to NestorW mailbox in a new folder GradyA-Emails
As we can see all emails from Grady A user mailbox has been copied to Nestor W mailbox in a separate Folder called as GradyA-Emails. The folder structure is TargetFolder\User Name-Date and time of the search\Primary Mailbox\Inbox
Option 2 – Copy emails using New-ComplianceSearchAction
You cannot directly copy the emails across to the target mailbox using New-ComplianceSearchAction cmdlet. However, you can export the search results into a PST file and then Import the PST.
Before we use New-ComplianceSearchAction cmdlet to Export the emails , we will need to search for the emails using New-ComplianceSearch cmdlet. For running New-ComplianceSearch cmdlet, you would need to connect to Security & Compliance Center using Powershell cmdlet Connect-IPPSSession.
To be able to Export the emails using Powershell, Administrator account must be added to eDiscovery Manager rolegroup. Please follow below steps to assign eDiscovery Manager role to the admin account who is going to perform the export.
- Login on Microsoft 365 Defender portal.
- Go to Permissions > Email & collaboaration roles > Roles
- Find eDiscovery Manager in the list and click on it then click on Edit role group.
- Click on Choose eDiscovery Manager option and then click on Choose eDiscovery Manager link.
- Click on +Add to add your admin account here. Search for the administrator account and add it to the eDiscovery Manager role group then Save and exit.
Now, we have assigned the administrator with eDiscovery Manager role group. We will proceed with running below powershell commands to proceed with this task.
Connect to Security & Compliance Center
Create a New Compliance Search
Example of New-ComplianceSearch
Start the Search
Example of Start-ComplianceSearch
Check the status of Compliance Search
Example of Get-ComplianceSearch
Export the search results using New-ComplianceSearchAction
Download the Results from Microsoft Purview portal
Now, you need to download the results from Microsoft Purview Portal. As per my research, there is no command available to download the results directly from Powershell. Therefore, we need to download the results by using GUI only.
- Login on Microsoft Purview Portal using Microsoft Edge.
- Find Content Search on left hand side and click on it then click on Export Tab.
- Click on the Export created GradyAMails_Export > then Click on Download results.
- After you download the PST file from here, you can then Import the PST using Outlook to any mailbox you want as per your requirement.
Option 3 – Copy emails from one mailbox to another using Outlook
You can also use Outlook to copy emails from one mailbox to another by providing full mailbox access (Read and Manage) to the user. For example: If you want to copy emails from Grady A to Nestor W, then provide Full mailbox access to Nestor W on Grady A mailbox.
You can use Powershell or use Exchange admin center to provide full mailbox permission to NestorW on GradyA’s mailbox. Let’s check both the ways:
Using Exchange admin center
- Login on Exchange admin center.
- Click on Recipients > Mailboxes.
- Find the user Grady Archie and click on It.
- Go to Delegation tab.
- Click on Edit next to Read and manage (Full Access).
- Click on + Add members to add Nestor W to provide him with Full Mailbox access on Grady A mailbox.
Using Powershell
You can also use Powershell to provide Full mailbox access to Nestor W. Let’s check the steps and commands for this:
Launch Powershell console as Administrator and run below commands:
Install Exchange Online Powershell Module
Connect to Exchange Online
Provide Full mailbox access to NestorW on GradyA’s mailbox
Steps to copy emails using Outlook
As we have specified -AutoMapping $true when we provided full mailbox permission to NestorW on GradyA’s mailbox. When you restart Outlook, Grady Archie’s mailbox will automatically apear in the Outlook of Nestor W.
- Go to Grady Archie’s Inbox Folder or any other folder containing emails.
- Select all the emails which you want to copy.
- Press Ctrl + C on the Keyboard to Copy the emails.
- Go to Nestor W’s mailbox and Select the folder where you want to paste the emails.
- Press Ctrl + V on the Keyboard to paste the emails.
| You can also drag the emails from Grady Archie’s mailbox to NestorW mailbox but while dragging to the destination folder Keep holding the Ctrl key on the keyboard to copy the emails, otherwise the emails will be Moved Instead of getting Copied. |
Option 4 – Copy emails from one mailbox to another Bittitan MigrationWiz
Our last option in the list to copy emails from a source mailbox to target / destination mailbox is Bittian MigrationWiz. As this is a third-party solution, there is a cost associated with it. You will need to buy License for each user mailbox move from Bittitan and use it to copy the emails across.
The benefit of Bittitan MigrationWiz is that, you can copy emails from same source folder to same destination folder. For Example: It will copy emails from Source Inbox folder –> Inbox folder in the desination, source Sent Items folder –> Sent Items folder in the desination or any other user created folders will also be created and mails will be copied.
Migration Wiz will try to maintain the same folder structure as in the Source and just copies the emails to the desination. You can also get the stats on the dashboard and check the progress of the copy process. I have used this tool a lot and its very useful when it comes to large scale migrations. I have written a detailed blog post on Bittitan Migration Wiz which you can check and find more details about it here.
Conclusion
In this blog post, We have seen different ways to copy emails from one mailbox to another. As we have seen the Search-Mailbox cmdlet is very useful, however it does not allow you to copy emails in the same folders as the source folder. For example: Inbox to Inbox or Sent Items to Sent Items. Search-Mailbox cmdlet copies the emails in a separate folder of the target mailbox.
For this type of scenario, you can use Bittitan Migrationwiz. We have also checked how you can move or copy the emails to another mailbox using Outlook. Using Outlook to copy the emails also allows you to select a folder to copy the emails across unlike Search-Mailbox cmdlet.