Office 365 share free busy between tenants

Introduction

Recently I have seen scenario’s where customer was looking for a way in Office 365 to share free busy between tenants. Nowadays, it seems to be a common ask by customers if its possible for two different organizations hosted on two different Office 365 tenants owned by two different companies to share free busy information with each other like they are used to doing with on premises Exchange.

By default, all office 365 tenants have a federation trust setup with Microsoft federation gateway.

Office 365 has a federation gateway configured with Microsoft Federation Gateway. This allows organizations to setup free busy between tenants by setting up “Organizational Relationship” to allow access and sharing permissions.

Configuring Office 365 share free busy between tenant

Let’s start out with the two domains of msexperttalk.com and msmvpservices.com, and then we will assume they have both been updated to Office 365 tenants. Now, we want to share free busy information between them. Configuring Office 365 share free busy between tenant’s is a two step approach. Each step will set up the relationship from its side.

Part 1 – MSExpertTalk to MSMVPServices

We need to pull the federation information from the Microsoft federation gateway and use that to establish an organizational trust from MSExpertTalk.com to msmvpservices.com. User the following PowerShell cmdlets to connect with Exchange online using Global Admin credentials.

C:\> $Cred = Get-Credential

C:\>$session=new-pssession -ConnectionUri https://ps.outlook.com/powershell -ConfigurationName microsoft.exchange -Credential $Cred -Authentication basic -AllowRedirection

C:\>Import-PSSession  $session -AllowClobber | Out-Null

Office 365 share free busy between tenantsYou can connect with Office 365 PowerShell by using a PowerShell script available at TechNet Gallery. Once you are connected with the MSExpertTalk Office 365 tenant, run the following cmdlet to retrieve the federation information of contoso.com

C:\> Get-FederationInformation -DomainName msmvpservices.com

This step verifies everything is good with MSExpertTalk and the Microsoft federation gateway.

Now we need to establish the organizational relationship.

C:\> Get-FederationInformation-DomainName Msmvpservices.com | New-OrganizationRelationship -Name FreeBusyMSMVP -Enabled $true -FreeBusyAccessEnabled $true -FreeBusyAccessLevel ‘AvailabilityOnly’ -FreeBusyAccessScope $null

After this completes, run Get-OrganizationRelationship to verify.

This will complete your step 1 to configure the free busy sharing from your tenant with msmvpservices.com. Next step is to configure msmvpservices.com to share free busy information with your office 365 tenant.

Part 2 – MSMVPServices to MSExpertTalk

Now we need to pull the federation information from the Microsoft federation gateway and use that to establish an organizational trust from MSMVPServices to MSExpertTalk.

From MSMVPServices.com, we open Powershell and connect to Office 365.

C:\> $userCredential = Get-Credential

C:\> $session=new-pssession -ConnectionUri https://ps.outlook.com/powershell -ConfigurationName microsoft.exchange -Credential $usercredential -Authentication basic -AllowRedirection

C:\> Import-PSSession $session -AllowClobber | Out-Null

C:\> Connect-MsolService -Credential $userCredential

Now that we are connected to the MSMVPSerivces Office 365 tenant, we need to collect the federation information for MSExpertTalk.com

Now, we establish the organizational relationship.

C:\> Get-FederationInformation -DomainName msexperttalk.com | New-OrganizationRelationship -Name MSExpertFreeBusy -Enabled $true -FreeBusyAccessEnabled $true -FreeBusyAccessLevel ‘AvailabilityOnly’ -FreeBusyAccessScope $null

After this completes, run Get-OrganizationRelationship to verify.

Conclusion

With both sides set up, we can log into OWA from either side and set up a meeting with a user in the other domain to check for availability. Since you followed this handy guide, you should see the availability and life is good. Please note that this configuration only enables you to setup free busy sharing between two tenants. It will not allow users to view users in address book from other organization. For users to show up in address book, you need to configure GAL Sync between tenants.

I hope you found this helpful in getting your tenants connected, availability working, and keeping it working as you grow with Office 365.

Office 365 Email Protection with DKIM and DMARC

Introduction

Email spoofing is the most common challenge that every organization is facing in current digital world regardless of the size of the organization. Office 365 email protection with DKIM and DMARC helps organization to protect against spoofing that tend to have increased number of spam emails. DomainKeys Identified Mail (DKIM) and Domain-based Messaging and Reporting Compliance (DMARC) checks trusted authenticated sender to prevent untrusted senders from sending spoofed emails.

Inbound validation of DKIM and DMARC is supported in Office 365

What is DKIM?

Domainkeys Identified Mail (DKIM) is a method to validate a digitally signed messaged that appears in the DKIM Signature header in the message headers. It ties an email message to the organization responsible for the message.

Office 365 Email Protection with DKIM and DMARC

More details on DKIM can be found on TechNet.

What is DMARC?

Domain-based Messaging and Reporting Compliance (DMARC) is designed to protect email spoofing when the phisher has spoofed the 5322.From email address that is the email address displayed in email clients like outlook. Sender Policy Framework (SPF) protect the phisher to spoof the emails from 5321.MailFrom. DMARC catches the case that is more deceptive. DMARC results are stamped in authentication header of email.

DMARC evaluate both DKIM and SPF and ensure that the domain matches the domain in 5322.From address. SPF does not protect against 5322.From spoofed emails.

Q: Helo woodgrovebank.com
Q: Mail from: phish@phishing.contoso.com  <– 5321.MailFrom
Q: Rcpt to: astobes@tailspintoys.com
Q: data
Q: To: “Andrew Stobes” <astobes@tailspintoys.com>
Q: From: “Woodgrove Bank Security” security@woodgrovebank.com  <– 5322.From
Q: Reply-To: “Woodgrove Bank Security” <phish@phishing.contoso.com>
Q: Subject: Woodgrove Bank – Action required
Q: Greetings User,
Q: We need to verify your banking details. Please click the following link to accomplish this.
Q: http://short.url/woodgrovebank/updateaccount/12-121.aspx
Q: Thank you,
Q: Woodgrove Bank

The end user will see this information as below.

This email can pass SPF check if the phisher has published the SPF check for woodgrovebank.com but as we know the phisher has spoofed the email using 5321.MailFrom and DMARC will fail on this email. DMARC configurations are already in place in Office 365 for inbound emails and you don’t have to configure anything. In next blog article, we will look into how we can configure DMARC for outbound emails in Office 365.

For more information on office 365 email protection with DKIM and DMARC, please go through the following posts.

Customized Office 365 OWA URL

When you are working with your customers to transition them to Office 365One of the most important ask is to have customized Office 365 OWA URL to ease end users and have them not to remember something that is not related or company branded like outlook.office.com. I received these type of requests almost on all of my engagements when customers are moving to Office 365 from on-premises messaging environment to Office 365 or a 3rd party messaging system.

This blog post is not applicable when you have Exchange hybrid deployment. Exchange hybrid deployment has a lot of different things and scenario’s.

Office 365 OWA can be accessed by users by visiting the known URL of Office 365 i.e. http://portal.office.com and click on the Outlook icon to access the mails in Office 365. Users can also access their emails on OWA by visiting http://outlook.office.com URL but for users to have it customized Office 365 OWA URL to visit for accessing the emails is something that can be company branded like mail.msexperttalk.com?

In order to setup the OWA URL redirection for your organization’s customized Office 365 OWA URL, you need to create a CNAME entry in your public DNS to point to outlook.office.com. 

Create CNAME record with the name of Mail and point it to outlook.office.com 

Once the CNAME records are in place for both public and private DNS of the company, your users now can access OWA by using customized Office 365 OWA URL by visiting http://mail.domain.com and in my case it’s http://mail.msexperttalk.com. You can visit the Office blog site to see the details of other DNS records requirements for Office 365.

 

Troubleshooting Office 365 Room Mailbox Permission Issue

Introduction

Recently, working with an enterprise customer, we came across an issue where Office 365 room mailbox permissions were not being applied correctly. Most of the time after we assign permission to a Room Mailbox in Office 365 the permissions were not synchronized correctly to outlook clients. We worked with Microsoft support for this issue but it seems to be a product “bug” but i cannot confirm this or it seems like PowerShell is the way to trust when working with workloads in Office 365. Troubleshooting Office 365 room mailbox permissions issue requires me to perform all level of testing and troubleshooting to ensure everything is in place but it wasn’t working properly. During the troubleshooting, we reassigned the permissions to a user on room mailbox via exchange online powershell and appropriately that seems to be working without any issue. 

Troubleshooting Office 365 Room Mailbox Permission Issue

Working with Office 365, when you assign a user permission to room mailbox so that the user can add the mailbox to outlook client and can create appointments, During the process of adding a room mailbox to outlook client, we were prompted with the following error message.

The workaround for this issue that worked for us in our scanerio was to remove the permissions and reassign the permissions using powershell. To assign the permissions using powershell, perform the following steps.

Troubleshooting Office 365 Room Mailbox Permission Issue

  • Retrieve the permissions being assigned to room mailbox using powershell

C:\> Get-MailboxFolderPermission -Identity confroom@msexperttalk.com:\Calendar

Troubleshooting Office 365 Room Mailbox Permission Issue

  • As you can see that i do not have the permissions to Calendar folder. Run the following cmdlet to assign permissions on calendar folder

C:\> Add-MailboxFolderPermission -Identity confroom@msexperttalk.com:\Calendar -User rjbutt@msexperttalk.com -AccessRights Owner

Troubleshooting Office 365 Room Mailbox Permission Issue

Re-run the Get-MailboxFolderPermission cmdlet to verify the permissions are being assigned to the user.

Troubleshooting Office 365 Room Mailbox Permission Issue

Once it’s done, restart outlook client  and the permissions will start synchronizing and the user will be able to create/edit/delete calendar appointments to the conference room mailbox. The issue that i had faced could be due to some back end issues with Exchange online and I do not recommend that this could be the issue with all deployments but i have seen much more success with PowerShell as compared to GUI and i always recommend to leverage Powershell over GUI.

Setting up Room Finder in Office 365 using Room list

Introduction to Room List

Setting up room finder in Office 365 using room list is required when you are migrating to Office 365 from a non-exchange platform or you are using Office 365 in your organization. Setting up Room finder in Office 365 using Room list feature is also available in on-premises exchange version as well. Based on your organization requirements, it could be possible that the users users may be used to of looking up conference rooms by checking all rooms available to them and then picking the room they want depending on which ones are available. In Office 365, they will be using Room Mailboxes to schedule meetings in conference rooms, auditorium, labs or other facilities.

By default, users cannot see all the rooms unless they pick them

Outlook client will show all the rooms and all conflicts, but to empower your users and let them see only the rooms that are available for the time when they’re looking at scheduling a meeting to improve user productivity requires you to setup Room Finder for Microsoft Office Outlook by leveraging Room List Distribution Groups.

What is Room Finding with Room Lists?

Room Finder simplifies the process of searching for an available room while setting up a meeting. Instead of adding all possible conference room to a meeting request and using the Scheduling Assistant to identify available rooms, meeting organizers can use Room Finder to show a room list, see suggested times, and choose an available room.

Setting up Room Finder in Office 365 using Room list

Setting up Room Finder in Office 365 using Room list

  • Create Room List Distribution Groups by running the following PowerShell cmdlet

C:\> New-DistributionGroup -Name “Conference Rooms” –PrimarySmtpAddress “ConfRooms@msexperttalk.com” –RoomList

Setting up Room Finder in Office 365 using Room list

  • Get a list of all room mailboxes in your organization by running the following PowerShell cmdlet

C:\> Get-Mailbox -RcipientTypeDetails RoomMailbox

Setting up Room Finder in Office 365 using Room list

  • To filter your room mailboxes based on office location, run the following PowerShell cmdlet

C:\> C:\> $HQConfRoom = Get-Mailbox -RecipientTypeDetails RoomMailbox -Filter {Office -eq ‘HQ’} | select -ExpandProperty Alias

Setting up Room Finder in Office 365 using Room list

  • Add existing Room Mailboxes to Room List Distribution Groups by running the following PowerShell cmdlet

C:\>  $HQConfRoom |

Add-DistributionGroupMember -Identity “Conference Rooms”

Setting up Room Finder in Office 365 using Room list

  • To get a list of distribution group members, run the following powershell cmdlet

C:\> Get-DistributionGroupMember -Identity “Conference Rooms” | ft Name, PrimarySMTPAddress, Office -AutoSize

Setting up Room Finder in Office 365 using Room list

Outlook will automatically detect Room List Distribution Groups and populates the Room Finder with room lists in outlook when an end user is setting up a meeting.

End user experience with Room Finding when Room Lists are Setup

Without room lists, end users are required to manually look for a list of available rooms and select a room based on availability. Room lists will empower end user and provide options to end user based on time selected. When a end user setup a meeting in outlook client, followings steps will be performed with Room lists being setup in the organization.

  • Open Outlook
  • Start a new meeting
  • Invite a few people to your new meeting
  • Pick a time
  • Click on room finding if it is not open already

Setting up Room Finder in Office 365 using Room list

  • In the drop down pick a room list that has conference rooms in it

Setting up Room Finder in Office 365 using Room list

  • Outlook will now search all the rooms in the room list for the time use has selected and present with suggested times for any rooms available. If a room is not available then it will not show up in the list
  • In Choose an Available room: pick the room you want and hit send to schedule a meeting

Please note that at the current release of Office 365, room lists are only visible with PowerShell. They do not show up in the EAC. You have to run the PowerShell commands listed above to see them and add members to them.

This should save your administrators and executive assistants time when planning and scheduling conference rooms in environments where there are abundant conference rooms and recurring meetings.

1 2 3 4