Configure SSL Certificate in Exchange 2016

When you install your Exchange 2016 server, Next step is to configure SSL certificate in Exchange 2016. There are 2 methods available in Exchange 2016 to configure SSL Certificate.

  • SSL Certificate using Exchange Admin Center
  • SSL Certificate using Exchange Management Shell

In this article, we’re going to configure SSL Certificate on Exchange 2016 using the Exchange Admin Center. To configure the SSL Certificate, follow the instructions mentioned below.

Generate SSL Certificate Request

  • Login to Exchange Admin Center using Exchange Organization Admin credentials.
  • Navigate to Servers > Certificate and click on + icon

1

  • New Exchange SSL Certificate Wizard will pop up in a new window
  • Select “Create a request for a certificate from a certification authority” option and Click on Next

2

  • Enter the friendly name of your SSL certificate and click Next. Friendly name will appear in Certificates on the server. Make sure you enter a name that is easy to recognize.

3

  • As we’re not generating a wildcard certificate request, make sure that you’ve the checkbox unchecked and click on Next

4

Wildcard certificate is supported with Exchange 2016 but it’s not recommended to use wildcard certificate with your exchange server.

  • Click on Browse button to choose where you want to store the certificate request
  • Select the domain names to include in your SSL certificate. Wizard will pre populate the names based on namespace configuration

5

  • Click next and remove the unwanted namespace configuration like POP, IMAP etc

6

  • I’ve removed the unwanted namespace. Now we only have mail.mscloudtalks.com, autodiscover.mscloudtalks.com namespace along with my root domain mscloudtalks.com for our Exchange 2016

7

  • Click Next to provide the information of your organization

8

  • Click Finish and copy the CSR from UNC path that you mentioned for certificate request

9

  • Submit the CSR to SSL providers like DigiCert and obtain a SSL certificate

Setup Intune Company Portal

To support the idea of BYOD (Bring Your Own Device), Companies deploy Microsoft Intune Company Portal to give access to corporate apps and resources to end users from anywhere. Microsoft Intune Company Portal helps end user to access corporates resources, install company apps, view IT contact information, view, manage, uneroll your devices.

Below are the steps To Setup Intune Company Portal to empower your end users to work from anywhere.

Setup Intune Company Portal

  • Add the required information in Company Portal and click on Save.

Setup Intune Company Portal Setup Intune Company Portal

Now, our company portal for msexperttalk.com and mscloudtalk.com is setup. Users can access company portal by downloading “Company Portal” app from smartphone store. They can enroll their devices with Intune and can see the information of their IT department for support.

Users enrolling their devices to Intune using Smartphone requires a credentials from IT department (domain credentials)

  • To open Microsoft Intune Company Portal page, go to https://portal.manage.microsoft.com

Add Custom Domain in Intune

Microsoft Intune is leverging Azure Active Directory on the backend for user and domain management like Office 365. Azure Active Directory comes with a built-in domain name in the form of Name.onmicrosoft.com that allows you to get started using Microsoft services.

As companies are looking towards Intune for their Mobile Device and App Management solution. Microsoft gives you the ability to add your own custom domain with Intune to simplify the sign-in experience for end user with cloud services. It’s recommended to use a custom domain name with Azure Active Directory if you’re using Microsoft cloud services like Intune, Office 365 or Azure.

Follow the following steps to add custom domain in Intune tenant.

As of this time Intune Account Portal is merging with Office 365. Probably after 6 months down the road this most may or may not be valid

  • Login using your admin credentials when you spun up the Intune tenant. If you do not have a trial tenant, you can setup one using the steps mentioned here
  • Click on Domains to add a custom domain

1

  • Under Domains, Click on Add a Domain

2

  • Enter the name of your customer domain and click on Next

3

Registering a domain need only be set up once for Microsoft Online services. If your organization is already using Microsoft some other Microsoft Online Service, then your organization’s registered domain may be ready for use with Microsoft Intune. If you register a domain for Microsoft Intune, then it will be available for your other Microsoft Online services.

  • On next page, you’ll be asked to verify the ownership of your domain by entering a TXT record in  your public DNS registrar

4

  • Once the record is added in public DNS, Click on Verify button on Domain Verification page
  • Once the domain is verified, Click on Next page to finish the process.

Setup Intune Tenant

Microsoft Intune provides IT Administrator the capabilities to manage mobile device, application and PC management capabilities from the cloud. With the help of Microsoft Intune, you can allow your end users to access corporate information securely from anywhere from any device.

Microsoft Intune provides you the capabilities to manage your Mobile devices, Application and PC management.

Follow the following steps to Setup Intune tenant for your organization.

  • Go to Intune Sign up Page to sign up for trial tenant
  • Enter the required information as shown below

1

  • Create your ID and make sure you’ve a unique tenant ID for Intune.

2

  • Prove yourself as a human by providing the appropriate information either using Text me or Call me option.

3 4

  • Once you prove your identitiy, save the information of your Intune tenant.

5

  • You’re done with your trial tenant setup of Intune. Start managing your Intune tenant using Intune management tenant.

Modify Office 365 Message Size Limit

With the support of up to 150MB email message size, large number of enterprise are now looking for migration to Office 365. Previously 35MB message size limit was a show stopper for large number of organization looking for migration options.

Recently i got a chance to work for a customer who has a message size limit of 100MB for their users in their current environment and would like to use the same size limits in Office 365.

You’ve couple of options available to modify office 365 message size limit to help your customers.

  1. Modify Office 365 Message Size Limit for Individual User
  2. Modify Office 365 Message Size Limit for all the Users

 

Modify Office 365 Message Size Limit for Individual User is only recommended for organizations where you want to modify send/receive limit for specific group of user.

Let’s see how we can modify Office 365 message size limit with each option.

Modify Office 365 Message Size Limit for Individual User

At times, we’ve seen requirements where individual user requires to send or receive large size attachments to internal or external recipients. In order to allow these users to send/receive large size emails, we need to modify the size limits for these specific users. Below are the steps to do so.

  1. Login to Office 365 using Global Admin account
  2. Navigate to Admin –> Exchange –> Recipients –> Mailboxes
  3. Search for the user mailbox
  4. Select the user mailbox and click on Edit
  5. In Mailbox properties, click on Mailbox Features
  6. Click on View Details under Message Size Restrictions
  7. Default Message Size Restrictions are 35 MB for send and receive. Modify the settings based on your needs.
  8. I’ve modified the message size restrictions to 100MB for my user account.

Modify Office 365 Message Size Limit

Modify Office 365 Message Size Limit for all Users

Few companies for whom I’ve worked have specific requirements around message size limits like Marketing and Financial Institutes. To modify Office 365 message size limit for all users, we need to rely on PowerShell for Office 365 as modifying Office 365 message size limit for all users using Exchange Admin Center can be a hectic process based on user count that you’ve. Following are the steps to modify Office 365 message size limit for all users using PowerShell.

  • Connect PowerShell with Exchange online.

You can use the PowerShell script to connect with Exchange Online. Script can be downloaded from Microsoft TechNet Gallery.

  • Run the cmdlet Get-MailboxPlan | fl Name, IsDefault to see a default MailboxPlan.

2

  • Notice the name of default policy that is applied to all users.
  • Run the following cmdlet to set the message size limit

Set-MailboxPlan ExchangeOnlineEnterprise-33fbd11f-ba2c-460a-bc4c-1ac95fd85e70 -MaxSendSize 1
00MB -MaxReceiveSize 100MB

3

 

  • To verify the configuration, run the cmdlet Get-MailboxPlan | fl Name, IsDefault, MaxSendSize, MaxReceiveSize

4

  • You can see that the default message size limits have been changed to 100MB for all users.

Please note that if you can setup maximum message size limit of 150MB. If you try to set a value larger then 150MB then you’ll receive an error message that says the value is not within the define range.

Conclusion

Office 365 message size limit is a good option for many of the customers to allow them to move to Office 365 and configure these settings for all or specific users based on requirements. I do recommend to review your needs for message size limits before you modify the limits. Large message size limits can cause significant impact on your end user productivity as well due to any reason like network bottleneck or recipient domain do not accept larger attachments etc. It’s always good to define the business needs first then modify the system to fulfill the requirements without impacting the end user productivity.