15 Ignite sessions every Exchange admin should see (2018)

Welcome to Exchange Server 2019
In this session, Greg Taylor and Brent Alinger discuss all the new features shipping in Exchange 2019. They also discuss features that have been discontinued and the system requirements for Exchange 2019.

• Current state of Exchange Online (1:05 mins)
  • Office 365 revenue 38% YoY growth
  • Office 365 seats 29% YoY growth
  • 135 million users in Office 365
  • Outlook mobile on >100 million devices
  • 94% of Fortune 500 have Office 365
• Exchange 2019 only available via volume licensing (3:30 mins)
• Changes to Exchange development (4:20 mins)
  • Exchange on-prem & Exchange online were developed in tandem using the same code
  • Exchange on-prem code moved to its own code branch & will be independent of Exchange online
  • Discussion on cumulative update schedule going forward
• Unified Messaging removed from Exchange 2019 (10:40 mins)
  • UM functions have been removed
  • Migrating a UM-enabled mailbox to Exchange 2019 will UM-disable that mailbox
  • Recommend replacement is Cloud Voice Mail which can still store voice mail in Exchange mailboxes via EWS or SMTP
  • If you need Unified Messaging:
    • Move all mailboxes to Office 365
    • Migrate to Skype for Business Server 2019 & utilize Cloud Voice Mail
    • Stay on Exchange 2016
    • Deploy a 3rd party voice mail solution
  • For more information see BRK3229 – Everything you need to know about Skype for Business Server
• Unified Messaging Migration scenarios for Exchange 2019 (15:30 mins)
  • Exchange 2013 or 2016 + Skype for Business
    • Migrate to Skype for Business Server 2019
    • Enable Cloud Voice Mail
    • Migrate to Exchange Server 2019
  • Exchange 2013 or Exchange 2016 + 3rd Party PBX
    • Implement a 3rd party voice mail solution
    • Migrate to Exchange Server 2019
  • Note: Due to the discontinuation of Session Border Controllers, 3rd party PBX systems cannot use Cloud Voice Mail.
• Vision for Exchange 2019 (17:30 mins)
• Exchange Server 2019 requires Windows Server 2019 (19:20 mins)
  • Windows Server 2019 available in October
• Exchange Server 2019 supports Server Core (20:15 mins)
  • Microsoft recommends server core for improved performance, smaller attack surface & smaller disk footprint.
  • Exchange 2019 can still be installed on an OS with a GUI.
• Exchange 2019 will only use TLS 1.2 (23:15 mins)
  • RC2, RC4, DES, 3DES, MD5 & SHA disabled during install
  • Preference for elliptic curve key exchange
  • Exchange will use forward key secrecy
  • EHLO Blog: Getting ready for TLS 1.2
• Exchange RAM requirements (25:55 mins)
  • Max supported RAM = 256 GB
  • Mailbox role min RAM = 128 GB (2016 was 8 GB)
  • Edge role min. RAM = 64 GB (2016 was 8 GB)
  • Max processor count = 48 cores (2016 was 24)
• Search changes in Exchange 2019 (29:35 mins)
  • Big Funnel (powered by Bing technology) replaces Fast Search
  • Indexes now stored in the DBs (in each mailbox)
  • No more potentially huge index files that can become unhealthy
  • Index health no longer an issue for DB failovers or switchovers
  • DB log shipping includes the indexes
  • Outlook 2019 in cached mode will attempt to pull search results from the server (not locally)
  • For more information see – BRK3130 Email search in a flash! Accelerating Exchange 2019 with SSDs (notes and session below)
• Storage (and MCDB) in Exchange 2019 (32:50 mins)
  • Exchange 2019 can optionally leverage a MetaCache Database (“MCDB”) which is stored on SSD
  • MCDB allows for:
    • Faster logons
    • Faster search
    • Faster retrieval of very small items
  • MCDB caches 10% of key data from a DB including:
    • Index data
    • Mailbox folder structure
    • Very small items
  • If the SSD or MCDB were to fail all requests will be served directly from the mailbox DB on the spindle disk
  • Sizing for MCDB
    • Regardless of whether you deploy MCDB or not, your spindles must always meet the IOPS requirements for your users
    • All servers must have the same spindle & SSD layout
    • Spindle disk to SSD should be 3:1
    • To plan for SSD storage take 5-6% of your total spindle storage
    • Brent’s example
      • 15 spindle disks = 5 SSDs
      • 15 spindle disks at 10 TB each = 150 TB of mailbox storage
      • 5-6% of 150 TB = 10 TB of total MCDB storage
      • 10 TB = 5 SSDs at 2 TB each
• Code optimizations (45:00 mins)
  • No more UM code
  • No more UM language packs to install
  • Exchange 2019 DVD size reduced by 20%
  • This results in:
    • Faster installs
    • Fewer files and disk usage
    • Improved security
    • Reduced surface area
• Dynamic Database Cache (46:25 mins)
  • Memory allocation between active & passive DB copies optimized
  • Active copies get more memory and cache than passive copies
• Performance gains from MCDB & Dynamic Database Cache (49:30 mins)
  • 20% more users per server
  • Latency cut by 50% for many client/server operations
• Client Access Rules in Exchange 2019 (51:15 mins)
  • This restricts who can access the Exchange Admin Center & Exchange Management Shell
    • For example, allows the Exchange Admin Center to be restricted externally
  • Exchange 2019 should be the front-end for all client communications
  • Administrator mailboxes must be on Exchange 2019 to leverage these rules
• Remove-CalendarEvents (54:10 mins)
  • Exchange administrators can cancel meetings (not appointments).
  • This is particularly useful to cancel a meeting from an organizer who has left the company
• Outlook default option for recurring meetings now configures an end-date rather than no-end-date (57:00 mins)
• Do Not Forward Meetings (57:20 mins)
  • Do Not Forward can now be set on meetings created in OWA.
  • Meeting attendees in OWA will see a banner stating Do Not Forward is enabled & Forward option is greyed out in the menu.
  • Exchange transport enforces the Do Not Forward settings so all Outlook clients honor this setting
  • All other Outlook clients will receive an NDR if they attempt to forward a Do Not Forward meeting
• New Out of Office (OOF) options in OWA (1:00:20 mins)
  • Automatically decline meeting invites received during the OOF
  • Clear existing meetings during the OOF
  • Mark the user’s calendar as blocked during the OOF
• Email Address Internationalization (1:01:45 mins)
  • Send/receive messages to/from non-English email addresses such as:
    • Latin
    • Greek
    • Chinese
    • Japanese
    • Cyrillic
    • Hindi
  • Adding EAI proxy addresses or accepted domains in Exchange is not supported
• Exchange 2019 system requirements (1:03:00 mins)
  • Windows Server 2019
  • .NET Framework 4.7.2 (preinstalled with Windows Server 2019)
  • Forest functional level of Server 2012 R2
  • 128 GB minimum RAM (64 GB for Edge)
  • Minimum coexistence is Exchange 2013
  • For more information see – Exchange Server System Requirements
• Future plans & roadmap (1:05:15 mins)

Hybrid Exchange: Making it easier and faster to move to the cloud
In this session, Jeff Kizner discusses all the advancements coming to Exchange hybrid. Topics include:

• Future vision for hybrid (3:30 mins)
• Administration challenges (6:00 mins)
• Organization Configuration Transfer (“OCT”) (7:30 mins)
  • Version 1 released June 2018
  • Performs a one-time transfer of the following objects (and skips any named policy if it exists in the tenant already):
    • Retention policy
    • Retention policy tags
    • OWA mailbox policy
    • Mobile device mailbox policy
    • ActiveSync mailbox policy
• Jeff demos OCT Version 2 (9:00 mins)
  • Hybrid key acquisition built into the hybrid configuration wizard (“HCW”)
  • Tip: Pressing F12 in the HCW gives you easy access to logs & PowerShell
  • Version 2 grants the administrator the ability to resolve conflicting policies
  • Rollback_OCT script available in the logging folder.
    • This gives you the PowerShell to reverse changes made by OCT
  • Version 2 adds the following objects into one-time transfer:
    • DLP policy
    • Organization configuration
    • ActiveSync device access rules
    • ActiveSync organization settings
    • Malware filter policy
    • Policy tips
    • Address lists
• Demo of the new Hybrid Agent (24:15 mins)
  • Designed to establish hybrid with zero inbound connections from the cloud (no firewall, DNS, or, certificate changes required)
  • Utilizes Azure App Proxy technology
  • Demo of free/busy & MRS moves with Exchange on-prem not published over HTTPS 443
  • Demo of the following configuration in Exchange Online
    • Get-OrganizationRelationship shows TargetSharingEpr configured with a Microsoft owned endpoint (not your on-prem endpoint)
    • Get-MigrationEndPoint shows RemoteServerAddress configured with a Microsoft owned endpoint (not your on-prem endpoint)
    • Set-OrganizationRelationship with TargetSharingEpr can override the autodiscover configuration for intra-org sharing
• Hybrid Agent architecture overview (32:50 mins)
  • Hybrid Agent installed on-prem & talks to Hybrid Proxy Service in the cloud
  • Hybrid Agent only needs outbound HTTPS 443 for mailbox moves & HTTP 80 for CRL checks
  • Each hybrid agent gets a unique Hybrid Proxy Service URL
    • URL formed from a randomly generated GUID
    • GUID can only be found in your on-prem logs or your Office 365 tenant
    • GUID combinations are 2 power of 22
    • Hybrid Proxy Service URL is locked down to just the Exchange Online IP addresses
    • Currently available in private preview
• Hybrid Agent – Free/Busy lookups (36:05 mins)
  • Free/busy lookups from on-prem to cloud go directly to the internet
  • Free/busy lookups from cloud to on-prem use Hybrid Agent
• Hybrid Agent – Mailbox migrations (37:05 mins)
  • Always uses the hybrid agent
• Jeff demos setup of the Hybrid Agent (37:20 mins)
  • HCW asks if you want:
    • Classic Hybrid – same hybrid we use today
    • Modern Hybrid – automatically downloads & starts the Hybrid Agent install process
  • Install process
    • Download the agent
    • Install the bits
    • Register agent
      • This generates a certificate for your tenant that can only be used by you
    • Configure agent
      • Certificate valid for 180 days
      • Certificate auto rolled 30 days before expiration
      • Private key is non-exportable
      • Agent identifies a URL to use
    • Validate agent
      • Tests migration endpoint availability
    • Complete configuration
      • Set organization relationship (TargetSharingEpr, etc.)
• Hybrid Agent Version 1 (43:40 mins)
  • Supports hybrid free/busy and mailbox moves only
  • Version 1 for new hybrid setups only
  • Install 3 or more agents for high availability
  • Dedicated servers not required (install the agent on existing Exchange servers)
  • Hybrid Agent can be installed in DMZ but required HTTPS back to Exchange on-prem servers
  • Hybrid Agent will auto-update
• Demo solving hybrid Send As with the Hybrid Agent (49:15 mins)
• Q&A from the audience (55:00 mins)
  • Can we control the updating of the Hybrid Agent?
  • Can we have a PowerShell version of the OCT?
  • What is the scalability of the Hybrid Agent?
  • Can RBAC be integrated into OCT & Hybrid Agent?
  • How can I get rid of Exchange on-prem?
  • Would the Hybrid Agent eliminate the need to keep Office 365 URLs & IPs up to date on our firewall?
  • Does the Hybrid Agent support multi-forest?
  • How does the Hybrid Agent work with organizational sharing of free/busy?
  • When is the Hybrid Agent expected to GA?
  • Do I still need a 3rd-party SSL cert for on-prem Exchange servers in hybrid?
  • Will there be a path from classic to modern hybrid?
  • Will the hybrid agent support multiple geographically dispersed migration endpoints?
  • Are there any advantages to sticking with the classic hybrid?
  • Is the private preview of the Hybrid Agent fully supported?
  • Does the Hybrid Agent remove the requirement to publish Autodiscover on-prem?
  • Will hybrid Send As work in multi-forest?
  • Will hybrid Send As be available in the classic hybrid?
  • Does the Hybrid Agent eliminate all DNS changes I need to make to go to Office 365?

Deploying Outlook mobile securely in the enterprise
In this session, Ross Smith IV discusses how to secure the Outlook mobile app for Exchange online and on-prem mailboxes using various technologies. Topics include:

• Current Outlook mobile connectivity model for online & on-prem (2:50 mins)
• Future Outlook connectivity model will consolidate all Outlook clients to just 2 protocols (5:10 mins)
  • Proprietary and REST protocols to be replaced by Hx starting EOY
  • Outlook Mac, Outlook Mobile & Windows 10 clients will all use Hx
    • Removes the need of the stateless protocol translator
  • Outlook Windows will continue to use MAPI/HTTP
• ADAL authentication for Exchange online & on-prem mailboxes (7:20 mins)
• Outlook mobile authentication explained (federated identity) (9:00 mins)
  • Required for user-based certificate authentication
• Hybrid modern authentication (HMA) for on-prem mailboxes (11:55 mins)
  • Outlook Mobile only makes connections to Exchange Online
  • MRS syncs data between Exchange online and on-prem with ActiveSync
  • Ability to lock down on-prem ActiveSync to IPs for AutoDetect & Exchange online
• Securing with Conditional Access (16:15 mins)
• Require Outlook mobile as the exclusive messaging client with conditional access (19:30 mins)
  • Utilizes required approved client app
  • Use two conditional access policies
    • 1st policy matches either iOS or Android using modern auth and forces them to use Outlook mobile
    • 2nd policy matches for ActiveSync using basic auth and forces them to use Outlook mobile
    • In this config Exchange online will quarantine basic auth ActiveSync
• Sign-in conditional access (26:50 mins)
  • Requires Azure Identity Protection
  • Can block Outlook mobile access based on leaked credentials or suspicious sign-ins
  • Possible action can force a password reset via SSPR
• InTune MDM (30:25 mins)
  • Android for Enterprise (Android 5.0) is a container for corporate apps & data
  • Isolates corporate and personal data
• InTune App Protection (35:25 mins)
  • Protects the individual apps without enrolling the device
  • Control access to app & data
  • Controls movement of data
  • Selective wipe of the app (by admin, user, or, offline interval)
  • Corporate data encrypted independent of device-level encryption
  • Personal or unmanaged data is untouched
• Application configuration policies (47:00 mins)
  • Allows for the configuration & management of apps (e.g. Outlook mobile email account config)
• New Outlook mobile admin experience in InTune (52:00 mins)
• Securing data in Office 365 (53:30 mins)
  • Lockbox (just in time) for Office 365 engineers
  • TLS 1.2 encryption for data in flight
  • BitLocker for data at rest
  • Service encryption for data at rest in Exchange Online
• Azure Information Protection now Microsoft Information Protection (57:00 mins)
  • Discover & classify sensitive data
  • Apply protection (encryption, restriction, watermarks), governance (retention, deletion, archiving), and monitoring (alerts).
  • Outlook mobile can set & see sensitivity labels
  • Estimated release Q2 2019
• Demo on conditional access policies & user experience (59:00 mins)

Securing Exchange Online from modern threats
Brandon Koeller demonstrates common attacks against Exchange Online & recommendations to prevent these attacks. Topics include:

• Example of an attacker kill-chain using an initial password spray attack all the way through to data exfiltration. Stages of an attack: (2:00 mins)
  • Recon
  • Initial breach
  • Elevation of privilege
  • Entrenchment
  • Exfiltration
• Defender lifecycle (8:10 mins)
  • Prevent breach
  • Assume breach
• Exchange Security Musts (9:30 mins)
  • Microsoft Secure Score
  • Admin Account Protection
    • Multi-factor authentication
      • Only 9% of admin in Office 365 with MFA
    • Just in time (“JIT”)
    • Least privilege
  • Enable telemetry data
    • Mailbox audit
    • Unified log
    • Activity API
  • Use telemetry data
    • Microsoft Cloud App Security
    • Security & Compliance Center Alerts
    • SIEM
    • CASB
• Auditing adoption (12:30 mins)
  • 20% of mailboxes had auditing enabled
  • 2% of customers had enabled any kind of auditing
  • Most security breaches had no security telemetry
  • Microsoft solution
    • All tenants will have mailbox auditing enabled by default in CY18
    • Admin, delegate & owners audited by default
  • New Auditing events for:
    • Inbox Rules
    • Delegation
    • SessionId
    • Remote PowerShell
• Tools, Techniques & Processes (“TTPs”) used by attackers to exfiltrate data (17:15 mins)
• Demo on how an attacker might use open source GitHub projects: (26:20 mins)
  • Spray
  • MailSniper
• Demo on how an attacker might harvest admin accounts via a compromised user (32:30 mins)
• Demo on how an attacker might entrench using: (34:45 mins)
  • Inbox rules
  • Delegations
  • Folder permissions
  • SMTP forwarding
  • Impersonation
• Defending against these attacks (39:25 mins)
  • Azure AD baseline policy: Require MFA for admins (in preview)
    • Microsoft will enable by default for all admins
    • Option to exclude admin accounts
  • Administrators should use separate privileged & user accounts
  • Turn off unnecessary access methods (e.g. POP, IMAP)
• Azure AD Reporting (43:50 mins)
  • Patterns of failed / successful logins
• Security & Compliance Center (45:00 mins)
  • Search audit log
• Microsoft Cloud App Security (47:45 mins)
  • Included in E5
  • Anomaly detection
    • e.g. New management role assignment send an alert
• Demo of PwnAuth on GitHub (49:45 mins)
  • Returns user’s mailbox & OneDrive data in JSON
  • Does not need users credentials
  • Only requires a user granted permission to an elicit app
  • How it might be used in a phishing attack
• Defending against elicit app phishing attacks (57:00 mins)
  • Monitor apps granted consent in Azure AD
  • Revoke app permissions in Azure AD
  • Revoke tokens granted to app
  • Remove users from app
  • Delete the app
• Demo of data exfiltration using (59:50 mins)
  • Content Search
  • MailSniper
• Defending against data exfiltration (1:03:30 mins)
  • Monitor who is doing Content Searches
  • Restrict who can do a content search
• Q&A from the audience (1:07:00 mins)
  • Can I disable remote PowerShell for a user?
  • Will there be a workflow for admins to grant/deny app consent?
  • What licenses do I need for certain MCAS components?
  • Discrepancy between retention of mailbox & unified audit logs
  • More granular control for application impersonation?
  • Can we block the creation of inbox rules?

Email search in a flash! Accelerating Exchange 2019 with SSDs
Tobias Klima & Damon Gilkerson discuss the MetaCache Database (“MCDB”), BigFunnel, and Dynamic Database Cache.

• EXO metrics (1:30 mins)
  • 175,000 servers
  • 47 datacenters
  • 70 network POPs
  • 5.5 billion mailboxes
  • 1.1 EB data
  • 35 trillion items
  • 7.2 billion messages delivered daily
• Big Funnel Benefits (5:15 mins)
  • Powered by Bing technology
  • Indexes stored in the DBs themselves (in each mailbox)
  • No more huge index files that can become unhealthy
  • Index health no longer issue for DB failover or switchover
  • DB log shipping includes indexes stored in the DBs
  • 50% lower search latency via meta cache
  • Search uses less CPU
  • Search uses less memory
  • Same networking footprint
• Smart Captions (8:15 mins)
  • Highlights search results in message body
• Top Results (9:05 mins)
  • Ranks search entries into most relevant results
• Big Funnel Architecture (9:50 mins)
• Big Funnel Administration (13:35 mins)
  • Get-MailboxStatistics -Identity <User>| fl *BigFunnel* returns per mailbox index statistics
  • StartMailboxAssistant -Identity <User> -AssistantName BigFunnelRetryFeederTimeBasedAssistant forces index of missing search items
  • Test-ExchangeSearch & Get-FailedContentIndexDocuments still work the same as before
  • Get-MailboxDatabaseCopyStatus & Update-MailboxDatabaseCopy -CatalogOnly shipped in Ex2019 for coexistence with legacy Exchange
• Big Funnel rolled out to 99.9% Office 365 & Outlook.com (15:40 mins)
  • 97% items indexed <1 second
• MetaCache Database (MCDB) Benefits (19:25 mins)
  • MCDB hosted on Solid State Drives (“SSD”) for IOPS
  • 50% faster search
  • 50% faster login
  • 2x – 3x faster access
  • 20% more users per server
  • Spindle drives are increasing in capacity but not in IOPS
• MCDB Architecture (23:00 mins)
• MCDB Setup (26:00 mins)
  • Prereq
    • Same number & size SSDs in each server
    • DAGs with auto-reseed
  • Use script to configure
    • Each DAG member run: Manage-MCDB -DagName <Name> -ServerEnabledMCDB:$true -ServerName <name>
    • Against DAG run: Manage-MCDB -DagName <Name> -ConfigureMCDBPrerequisite -SSDSizeInBytes <bytes> -SSDCountPerServer <count>
    • Config mount points: Manage-MCDB -DagName <Name> -ConfigureMCDBOnServer -ServerName <name> -SSDSizeInBytes <bytes>
    • Script formats the SSDs (keep SSDs RAW)
• MCDB Operation (30:15 mins)
  • 3:1 HDD to SDD ratio
  • 3 HDDs = 12 mailbox DBs (4 DBs per volume)
  • 1 mailbox DB = 1 MCDB
  • 1 SSD contains 12 MCDBs = caching for 12 mailbox DBs
  • Data auto replicates between HDDs & SSDs
  • MCDBs use 95% of SSD free space
• SSD failure (35:30 mins)
  • DBs will fail to a server with healthy MCDB/SSD
  • No healthy MCDBs/SSDs, DB will mount without MCDB
  • Once SSD is replaced, recreate mount points with Manage-MCDB
• General MCDB guidance (38:15 mins)
  • Use M.2 SSDs to reduce required HDs bays
• Dynamic Database Cache (40:20 mins)
  • RAM allocation between active/passive DB copies optimized
  • Active copies get more memory than passive copies

So long and thanks for all the (email) Phish
Brian Reid discusses how to protect your users, customers, and partners from phishing attacks. Topics include:

• Terminology overview (0:40 mins)
• Why SMTP is susceptible to spoofing, impersonation, phishing & other attacks (2:50 mins)
• Adoption of DMARC policies as of March 2018 (7:48 mins)
  • 6% set to reject
  • 3% set to quarantine
  • 31% set to take no action
  • 60% have no records
• SPF, DKIM & DMARC common syntax mistakes (9:00 mins)
  • SPF identifies IPs/domains allowed to send as you
  • DKIM signs messages with your private key. The recipient decrypts DKIM header with sender’s public key stored in DNS.
  • DMARC instructs receiving server what should happen if SPF/DKIM fail & where to send failure reports
• Anti-spoof protection in Office 365 (16:30 mins)
• Demos of anti-phishing policies in Security & Compliance Center (19:15 mins)
  • Default anti-phishing policy available to all Office 365 tenants (previously only available to ATP customers)
  • Default policy applies to everyone
  • Custom policies can apply to a subset of users & take precedence over default policy
  • Actions include send to users Junk Mail Folder, Quarantine and Reject.
  • Other actions include forwarding to another address, such as a security response team.
  • Mailbox intelligence helps identify spoofing & phishing attacks
• Demo of insights dashboard (Security & Compliance Center) (27:50 mins)
  • View reports & statistics on phishing, spoofing & impersonation attacks
  • Identify & remediate misidentified legitimate email
• Demo of Dmarcian & DMARC report aggregators (34:40 mins)
• Demo of mail flow insights dashboard (Security & Compliance Center) (36:10 mins)
  • SMTP authenticated submission report
• Other options to protect users (39:15 mins)
  • Safe Links & Safe Attachments included in ATP
  • Attack Simulator which simulates phishing attacks to your users
  • Multi-factor authentication for all users
  • Stop weak passwords & legacy authentication processes
  • Use authenticator apps or hardware tokens
  • Conditional access policies

Turbocharge your Exchange on-premises and hybrid environment: Notes from the field
In this session, Steve Goodman discusses the Exchange preferred architecture. Topics include:

• What’s the best way to deploy Exchange Server? (3:12 mins)
  • Design for availability
  • Design for functionality
  • Design to reduce & minimize the cost of ownership
• Start with the preferred architecture (6:45 mins)
  • Use as much of the preferred architecture as you can
  • Don’t deploy Exchange in a custom way – customization adds complexity & risk
• Preferred Architecture (“PA”) primer (8:30 mins)
  • Single unbound namespace per datacenter pair
  • Layer 7 load balancing with no affinity
  • Equal distribution of traffic across data centers (using round robin or geo-DNS)
  • Multiple datacenter pairs use a single world-wide namespace or regional pairs
  • Two well-connected datacenters
  • Each datacenter must be its own AD site
  • File Share Witness placed in a 3rd site
  • Physical servers
  • Commodity hardware (2 sockets, battery-backed cache, large form factor disks)
  • OS and Exchange on a single RAID 1 volume
  • JBOD with 4 databases per disk
  • 1 auto-reseed disk per server for hot-spare
  • DAG with active databases in both data centers
  • 4 database copies with 2 in each data center
  • Scale out, not up.
  • Native data protection with lagged copies, single item recovery & in-place hold
  • Single NIC for all client & replication traffic
• What if I can’t implement all of the Preferred Architecture? (14:00 mins)
• Namespace planning (18:00 mins)
  • Unbound namespace
    • Client can connect to any datacenter
    • Exchange proxies client traffic to where the mailbox is located
  • Bound namespace
    • Client connects to a specific datacenter
    • Exchange proxies client traffic between servers in a single datacenter
    • Typically there would be no proxying between datacenters
  • Keep hops from client to Exchange minimized as much as possible
• Load Balancing (19:40 mins)
  • Use Layer 7 over Layer 4
  • Configure per-service health monitoring for each virtual directory
  • Use round-robin load balancing
  • No affinity
  • Use SSL bridging
• Virtualizing Exchange (24:15 mins)
  • Exchange is not designed to be virtualized but it is supported
  • Design for a physical environment but deploy to a virtual one
  • Any hypervisor in the SVVP
  • Host-based failover performing a cold boot is supported (don’t do saved state failovers)
  • LiveMotion & vMotion is supported
  • Block-based storage including virtual disks, SCSI & iSCSI pass-through
  • Fixed & dynamic disks (dynamic only in Hyper-V VHDX format)
  • Guest OS & database disks should be on separate spindles
  • Unsupported
    • Dynamic memory
    • Snapshots
    • Differencing disks
    • Applications on the host machine
    • NAS & NFS storage
    • Overcommitting the CPU. Do not exceed 2:1 virtual to physical CPU cores
  • Don’t co-locate DAG members on the same physical host (use anti-affinity rules)
  • Reserve all allocated memory & CPU for Exchange
• Planning & Deploying Exchange (37:45 mins)
  • Generate Message Profile
  • Exchange Role Requirements Calculator
  • Exchange Processor Query Tool
  • Transport Database Sizing Tool
  • JetStress & JetStress Field Guide
  • Exchange Environment Report
• Hybrid tips (42:00 mins)
  • If I have an Exchange 2010 server, should I install an Exchange 2013 or 2016 server?
  • Use multiple migration endpoints to increase throughput (e.g. add endpoints in each region)
  • Avoid subjecting traffic to any kind of IDS/inspection mechanisms between Exchange & Exchange Online

What’s amazing and new in calendaring in Outlook!
In this session, Julia Foran & Jennifer Lu announce and demonstrate all the new calendaring features coming to Outlook. Topic includes:

• New ‘Coming Soon’ toggle in Outlook to read about new Outlook features (1:35 mins)
• New Outlook opt-in experience (2:20 mins)
• Behavior change of “do not send a response” when responding to meeting invites (3:30 mins)
  • Previously, did not update attendee tracking or send an email
  • Going forward it will update attendee tracking but no email is sent
  • Applies to all “do not send” responses (accept, tentative and decline)
• Attendees can see everyone’s meeting responses (5:00 mins)
• Attendees can see room responses (5:25 mins)
• Aggregate attendee counts displayed at the top of meetings (6:25 mins)
• Tracking more than 500 attendees (8:30 mins)
  • New ‘Attendee List’ attribute tracks up to 2,000 responses
  • New ‘Summary Counts’ attribute tracks aggregate responses (no limit)
• Required & optional attendees added to main form (9:53 mins)
• Preventing forwarding of meetings (10:45 mins)
  • Organizers can block forwarding of meeting
  • Attendees on a modern Outlook client will have forward option greyed out
  • Plans to backport to Outlook 2013 and 2016
  • Legacy or 3rd party clients with a mailbox on Exchange 2016, 2019, or, Office 365 will receive a “do not forward” NDR
  • Not a security feature
    • Meeting content can still be copied but not to a new calendar item
  • Currently, no one can forward, including organizer
    • Plans to change this behavior for organizers
• Free/Busy (16:25 mins)
  • Used to take 4 seconds
  • 60% queries = 200ms
  • 40% queries = 800ms
• Time zones (18:15 mins)
  • Start and end time zones for meeting
  • Up to 3 time zones displayed on calendar
• FindTime add-in is back (19:53 mins)
  • Replaced Outlook Web’s “Poll for a time to meet”
  • Plans to install by default on Windows and Mac
• Personalized meeting location suggestions (21:15 mins)
  • Suggests available conference rooms which are ranked by:
    • Previously booked
    • Previously attended meetings in
    • Other rooms in the same room list
  • Deep Dive
    • Personal Index
      • Rooms you have booked or attended meetings in
      • Customs locations typed in
      • Physical locations you have used previously
    • Company Index
      • Rooms and resources in your company
    • Public Index
      • Public locations powered by Bing Maps
• Creating Teams meetings (27:10 mins)
• Simplified Calendar Sharing updates (30:00 mins)
  • Old vs. new model
  • New model replicates calendar to delegates mailbox
  • Shared calendars show up on mobile
• Calendar syncing switching from MAPI to REST (34:45 mins)
  • New opt-in experience (off by default)
  • Will eventually default to on
  • GPO for managing opt-in experience for REST calendars
• How to add shared calendars to mobile (39:10 mins)
• Outlook Mac will move from EWS to REST for shared calendars (41:30 mins)
• View free/busy only calendars in Outlook Mac (42:35 mins)
• 500 folder limit in secondary mailboxes (Windows) will be raised (44:00 mins)
• Improvements to recurring calendar events (Outlook Web) (50:00 mins)
  • Past and future exceptions will be preserved
  • Editing a series splits the series into two from the occurrence edited
    • Room bookings are preserved
• Option to show/hide declined events (Outlook Web) (58:40 mins)
  • Includes events declined from any client
  • Showing declined events does not affect free/busy or reminders
• Scheduling meetings across different time zones (Outlook Web) (59:40 mins)
  • Notified if attendees are in different time zones
  • See localized time would be for each attendee
  • Suggested times are working hours for all attendees
• End meeting early to allow for breaks between meetings (1:01:15 mins)
  • <1 hour – shorten by 5 minutes
  • >1 hour – shorten by 10 minutes
  • End time automatically adjusted when scheduling a meeting
  • End time can be overridden
  • Enforce org-wide defaults via GPO
• Fixes for Outlook Windows (1:05:00 mins)
  • Resize scheduling assistant attendee column
  • People search in scheduling assistant
  • Keep room selection when changing room lists
  • Set reminders to display on top of all windows
  • Option to dismiss past reminders
• Fixes for Outlook Mac (1:08:35 mins)
  • Missing features coming with the introduction of REST
  • Gmail mail, calendar & contact support
  • Meeting card updates
• Fixes for Outlook Web (1:10:00 mins)
  • Different start & end time zones in meetings
  • Scheduling assistant parity
  • Calendar search
• Developer updates (1:10:40 mins)
  • PowerShell for setting delegates & delegate permissions
  • Graph APIs
• In development (1:12:40 mins)
  • BCC attendees
  • Change meeting organizer
  • Reduce meeting messages
  • Easier automatic replies

Deep dive into what’s new and coming soon to Outlook for Windows and Mac
Amanda Alvarado, Kathy Thompson, and Vivek Kumar discuss what’s new and coming soon to the various Outlook clients. Topics include:

• New simplified ribbon for Outlook Windows (6:55 mins)
  • Streamlined to a single row of buttons
  • Pin commands to ribbon
  • Expandable to multiple lines
• Coming soon button provides announcements of all upcoming Outlook features (8:20 mins)
  • Toggle button turns on or off all new visualization features
• Folder pane, message list & compose message header are more tightly packed to optimize the screen for more folders & messages (11:10 mins)
• Search moved to title bar for Windows & Mac (11:50 mins)
• New account switcher to the left of folder list (12:40 mins)
  • Similar experience to Outlook Mobile
  • Will include “All accounts” view
  • Ability to customize account logos
• Calendar changes (14:00 mins)
  • Past events shaded
  • Current day emphasized
  • Unified calendar colors across all Outlook apps
• Demo of new Outlook Mac features (15:30 mins)
  • ‘Try the New Outlook’ switch to see the new changes
    • ‘Try’ button can be controlled by admins
  • New simplified ribbon
    • Outlook will initially customize ribbon based on prior usage
    • Buttons can be added & removed
    • Additional functions & add-ins available through the ellipsis
  • ‘My Day’ view brought back to Outlook Mac
    • Can take actions on calendar items from the view
    • Can be hidden
  • Quick reply coming to email strings
  • Calendar
    • Weather widget for the calendar
    • New calendar view chooser
    • New calendar quick cards
    • Simplified calendar sharing
  • Search
    • Keyword highlighting
    • Advanced search improvements
    • People cards
  • New visualization customizations
• Demo of automatic configuration of Outlook Mac (32:35 mins)
  • Configuration profiles can be pushed down with JAMF or other MDM solutions
• Demo of OneNote integration for Outlook Mac (35:50 mins)
• Demo of dark mode for Outlook Mac (36:40 mins)
• Demo of new Outlook Windows features (38:50 mins)
  • Search
    • 2x faster search than 6 months ago
    • Suggestions based on spelling errors
    • Classifies most relevant results as ‘top results’
    • Improved people search
  • Improved cloud attachment sharing
    • Configure default cloud-attachment permissions to give to recipients within your organization
    • Inline links to OneDrive documents will also honor default cloud-attachment permissions
• Outlook cached mode improvements on non-persistent VDI environments (49:30 mins)
• Outlook (& Office) are now per-monitor DPI aware for crisper images (51:45 mins)

Outlook on the web: What’s new and why you should care
In this session Joey Masterson and Cindy Kwan announce and demonstrate all the new features coming to Outlook on the Web (OWA). Topics include:

• Outlook on the Web (1:25 mins)
  • 4.5x faster render speed for list view
  • 7.8x faster render speed for the reading pane
  • 5.9x reduction in memory
• How new features are released in rings (1:55 mins)
• Demo of the new Outlook on the Web features including: (3:35 mins)
  • Quick settings panel for common Outlook options
  • Search bar in the header
  • New search features
  • Pinning people, groups, and categories to the favorites pane
  • Attachments view displays all attachments in your inbox
• Demo of the new calendaring features in Outlook on the Web including: (8:20 mins)
  • Today & Tomorrow in weekly view given wider columns for emphasis
  • Clicking a meeting opens a meeting summary displaying join meeting options
  • Attendees can track everyone’s meeting responses
  • Easy appointment creation popup asks for the most common items
  • Calendar icons now personalize appointment and meeting types
  • Adding a location starts an inline street address location search (e.g. find a Star Bucks)
  • New meeting organizer experience
    • Free/busy for each attendee updated immediately
    • Red identifies unavailable attendees
    • Green identifies available attendees
    • Scheduling assistant available and a similar experience to Outlook desktop
    • Location field suggests recent and available conference rooms
• Demo on scheduling meetings across different time zones (17:20 mins)
  • When scheduling meetings you are notified if attendees are in different time zones
  • Meeting displays localized time for each attendee
  • Suggested meeting times look for working hours for all attendees
• Demo on meeting preparation (20:25 mins)
  • Insights from Office 365 automatically recommends files or emails that might be useful for your meeting
  • Insights are personalized for each user, so everyone may see different recommendations
  • Insights are not saved to the meeting itself
• How to configure your organization or users for targeted early release (25:50 mins)
• Demo of dark mode for Outlook on the Web (27:00 mins)
• Demo of draft tabs (27:40 mins)
• Q&A from the audience (29:00 mins)
  • Will these features be available in the Outlook store app?
  • Does Insights for Office 365 populate files accessed during that meeting?
  • Is Focused Inbox turned on automatically when we migrate users to Exchange Online?
  • Can delegates use Outlook on the Web to manage multiple calendars?
  • Are add-Ins supported in Outlook on the Web?
  • Will any of these features come to Exchange on-premises?
  • What sources do Insights for Office 365 pull from?
  • Can I target early release to groups rather than just users?
  • Is there Teams meeting organizer support in Outlook on the Web?
  • Will FindTime be integrated into the new Outlook on the Web?
  • Do favorites sync to other Outlook clients?
  • Can I use shared mailboxes with the new Outlook on the Web?
  • Any changes to public folder support in the new Outlook on the Web?
  • Any plans to have the primary and shared mailboxes on the same screen versus separate tabs?

Scott Schnoll’s Exchange and Office 365 tips and tricks
In this session Scott shares his latest Exchange and Exchange Online tips and tricks. Even a SharePoint tip made it into the session. Topics include:

• Exchange and Exchange Online was a single code base. Now Exchange on-prem has its own code base. (2:30 mins)
• Exchange 2019 overview (4:00 mins)
  • Releases this year
  • New MetaCache Database (“MCDB”)
  • Supports Windows Server Core
    • Not required but gives the best performance and security
  • Unified Messaging removed
  • Requires Windows Server 2019
  • Pagefile requirements now 25% of RAM (was originally RAM +10MB up to 32GB)
  • No hybrid key for Exchange 2019
    • Either fully license Exchange 2019 or use Exchange 2016 for a hybrid key
• Exchange Calculator updated for Exchange 2019 (6:00 mins)
• Schema Changes (7:15 mins)
  • Exchange 2019 includes significant schema changes
  • Exchange 2016 last schema update was CU7
• Using Get- & Set-MailboxAutoReplyConfiguration cmdlets (9:00 mins)
  • Using Set-MailboxAutoReplyConfiguration with -StartTime and -EndTime switches will default to the time zone of the server
  • Piping Get-MailboxAutoReplyConfiguration into Set- will default to the time zone of the machine where the command was run
• Message Latency in tracking logs (10:00 mins)
• Running Windows Antivirus software on Exchange (10:45 mins)
  • Windows Defender Antivirus is a full antivirus pre-installed on Windows Server
• Health Mailboxes (11:45 mins)
  • Do not apply password policies to the accounts of the health mailboxes
  • Exclude health mailboxes from account lockout policies
  • Do not move the health mailbox accounts to another OU
  • Do not change permission inheritance on the accounts
  • Do not change any user account properties such as restricting password change
  • Do not apply mailbox quotas to health mailboxes
  • Do not move between databases
  • Do not apply retention policies which delete mail less than 30 days old
• How and when to decommission on-prem servers (14:00 mins)
  • When you no longer need directory synchronization & hybrid has been fully removed
  • Removal process
    • Point MX and Autodiscover records to Exchange Online
    • Null out your on-prem autodiscover SCP record
    • Delete inbound & outbound connectors created by the HCW
    • Remove organization relationship with Exchange Online
    • Disable Oauth if configured
    • Disable directory synchronization in tenant
    • Uninstall Exchange
• Mailbox Auditing (16:30 mins)
  • Will be enabled by default in Exchange Online for all tenants
  • An administrator can disable auditing for their:
    • Entire tenant with Set-OrganizationConfig
    • Single mailbox with Set-MailboxAuditBypassAssociation
  • Auditing includes:
    • Mailbox logins
    • Create, edit, delete, copy, or, move emails
    • Creation of inbox rules, adding delegates or delegating calendar access
    • Delegate actions recorded (such as a delegate deleting an email message)
• DMARC reject & quarantine actions will now be enforced by Exchange Online Protection (“EOP”) (18:10 mins)
  • Possible to override by adding the sender’s domain to your allow and safe sender lists
  • Change rolling out since August 2018
• 3rd-party email accounts connected to OWA has been discontinued (19:00 mins)
  • After 9-15-18 connected accounts can no longer be added in OWA
  • After 10-30-18 connected accounts will no longer synchronize mail to OWA
  • After 11-15-18 all options for connected accounts will be removed from OWA
• Document fingerprints (20:10 mins)
  • Creating custom document fingerprints has been removed from the Exchange Admin Center
  • Creating document fingerprints only possible through the Security & Compliance Center PowerShell
• Managing change in Office 365 (21:00 mins)
  • Office 365 roadmap
  • Office 365 message center
  • Changes released in rings
• Changes to EOP IP ranges (25:00 mins)
  • Keep up to date on EOP IP changes
  • Especially important for organizations who restrict ports to the EOP ranges.
  • RSS, XML & HTML feeds will be deprecated in November in favor of REST APIs
  • https://aka.ms/EOPIP
• Cmdlet change for managing 3rd-party storage providers in OWA (26:00 mins)
  • Set-OwaMailboxPolicy parameter to block 3rd-party storage providers (e.g. DropBox) now switched to -ThirdPartyFileProvidersEnabled
• MX records best practices for message hygiene (27:00 mins)
• Managing distribution lists in hybrid (28:15 mins)
  • Scott discusses the various ways a distribution list can be managed in a hybrid environment (centralized versus delegated)
  • Scott discusses how to migrate distribution lists from on-prem (synced) to the cloud
  • Script to automate this process – https://aka.ms/DLMoveScript
• SharePoint workflows broken by September .NET updates + workaround (31:40 mins)
• Exchange Online Archive auto-expansion (32:30 mins)
  • Initial archive = 100 GB.
  • Auto-expand kicks in at 90 GB and archive is converted to auto-expanding within 30 days
  • For MRS move from on-prem (when the on-prem archive is larger than 100 GB) open support case with Microsoft
  • For PST import raise an internal case with Import Service Product Engineering team
• Office 365 Message Encryption unrestricted rights to attachments (34:40 mins)
  • Change encrypt only rules at the tenant level
  • Set-IRMConfiguration -DecryptAttachmentForEncryptOnly
• Changing licenses when a user had an in-place hold (36:00 mins)
• Modern Public Folders best practices (37:07 mins)
  • Use dedicated content public folder mailboxes that don’t serve the hierarchy
  • Use dedicated hierarchy public folder mailboxes that don’t serve content
  • Public folder mailboxes in 70-100 GB range is fine
  • Don’t put any content or hierarchy in the primary public folder mailbox
  • Keep public folder content close to users
• Process for removing former employees: (39:15 mins)
  • Reset password
  • Instruct OneDrive to sign-out of all devices
  • Export content of their mailbox or place on legal hold
  • Optionally:
    • Forward SMTP address
    • Convert to a shared mailbox
    • Assign SMTP to another user
  • Wipe and block mobile device
  • Block Office 365 sign-in
  • Move OneDrive content
  • Remove Office 365 license
  • Delete their Office 365 content
• New License Administrator role in Office 365 (44:10 mins)
• DLP rules for Credit Card matching (45:20 mins)
• Apple Mail message rendering and Apple iOS calendaring issues (48:20 mins)
• Troubleshooting Event ID 2080 (Microsoft support case study) (49:15 mins)
• Microsoft Office uninstall tool (“Offscrub”) and Support and Recovery Assistant (“SaRA”) (52:30 mins)
  • Support And Recovery Assistant (“SaRA”) now located at http://diagnostics.office.com?WT.mc_id=M365-MVP-5002016
• Scott demos the new dashboard which shows the following items: (1:02:00 mins)
  • Mail flow map which visualizes mail flow in and out of Office 365
  • Mail flow statistics
  • Alert dashboard
    • For example, an abnormal increase in malware received
  • Non-Delivery Reports
  • Executives mail flow status
  • Message Queues
  • Auto-forwarded messages
  • Recommendations for improving mail flow
  • Visualization of messages protected by TLS
  • Visualization of messages protected by TLS per connector
  • SMTP authenticated submission report
    • Includes statistics of devices relaying with older TLS protocols

Notes from the field: How a large global bank moved to Office 365
In this session, Michael Van Horenbeeck & Erik Knoppert discuss how the challenges to move a heavily regulated large bank to Office 365. Topics include:

• Key challenges (4:25 mins)
• Architecture overview & environment (7:20 mins)
• Planning Phase (9:15 mins)
  • Risk assessment
  • Legal assessment
  • Procurement
  • Internal policies & standards
  • Internal approval
  • External approval
• Planning Resources (14:55 mins)
  • Trust Center
  • Service Trust Portal
  • Compliance Program
  • Compliance Manager
• Identity challenges & tips (17:20 mins)
  • Sync your entire user base to Azure AD so you have a complete GAL
  • Replace non-routable UPNs
  • UPN, primary SMTP & SIP address should match
• Domains registered in another tenant (22:15 mins)
  • Consider registering your domains even if you have no immediate plans for Office 365
  • Registering a domain could cause issues with existing B2B applications that use that domain
• Migrate linked mailboxes (26:25 mins)
  • Linked mailbox – msExchRecipientTypeDetails = 2
  • Requires both the account & resource forests to be synced to Azure AD
• Authentication challenges (29:05 mins)
• Hybrid Exchange (33:00 mins)
  • Publishing Exchange to the internet securely
  • Handling linked mailboxes
• Using multiple migration endpoints (39:15 mins)
  • Don’t load balance MRS endpoints – slows down moves
  • Lockdown MRS endpoints to just Office 365 IPs
  • Independently published MRS endpoints can be allocated their own bandwidth
• Hybrid mail flow (44:50 mins)
  • When do you move MX records to EOP?
  • Centralized mail flow
  • Using Edge Transport to stagger adoption of EOP
  • Sizing Edge Transport in hybrid
  • Limit SMTP 25 to Exchange Online IPs
    • Keeping up to date on Exchange Online IP changes
• Migrations at scale (55:25 mins)
• Other challenges (58:15 mins)
  • Features changing during migration (e.g. cross-premises permissions support)
• Journaling (on-prem vs. online) (1:03:25 mins)
• Conditional access (1:06:35 mins)
• Networking (1:09:05 mins)
• User-centric deployment approach (1:10:15 mins)
  • Interviews, surveys & A-B testing
  • Focus on what matters to users
  • Excel in communication & support
  • Drive adoption continuously

Why do we need to keep an Exchange Server on-premises when we move to the cloud?
Brian Reid discusses whether we can get rid of our last Exchange Server once we have moved to the cloud. Discussions included:

• Directory sync required for Exchange attributes (0:40 mins)
  • Source of authority for Exchange attributes is on-prem Active Directory
  • Synced attributes in the cloud are read-only
  • What happens to attributes after a mailbox migration
• What happens if we uninstall our last Exchange server (6:00 mins)
  • Exchange attributes are unaffected & are still synced by AAD Connect
  • On-prem is still the source of authority
  • Attributes can only be managed through ADSI Edit or Attribute Editor (unsupported)
• Attribute considerations (8:50 mins)
• Management server requirements (11:50 mins)
  • Very easy to virtualise
  • Does not need much RAM or disk
  • Could also act as a mail relay for on-prem devices & apps
• Can I remove my last Exchange server? (13:15 mins)
  • Only if you remove directory synchronization & convert to cloud only identities
    • This will result in separate on-prem & cloud identities with separate password
• What do I gain keeping Exchange? (16:50 mins)
  • Accurate attribute management
  • Supported by Microsoft
  • Easier off-boarding & mergers

Panel discussion: Microsoft Exchange, Calendar & OWA
Brent Alinger, Damon Gilkerson, Julia Foran, Jeff Kizner, Brandon Koeller, Joey Masterson, Robin Thomas answer questions from the audience. Greg Taylor moderates. Questions include:

• When can we get rid of the last Exchange Server on-prem? (2:00 mins)
• Is Outlook Today coming for webmail? (3:00 mins)
• What is the guidance for upgrading the Exchange hybrid server? (3:45 mins)
• Can the Outlook client generate the OAB rather than Exchange? (4:28 mins)
• When can we see a common signature across all devices? (5:25 mins)
• What is the future of public folders? (6:00 mins)
• How can I have mail-enabled public folders and still have directory-based edge blocking? (7:00 mins)
• DKIM signing causing problems with third-party mail edge solutions (9:00 mins)
• How can users manage their own distribution lists from Outlook once migrated to Office 365? (10:20 mins)
• Any progress on the native tenant to tenant mailbox moves? (11:20 mins)
• Reg key to turn off public folder enumeration in Outlook? (12:00 mins)
• GAL synchronization between tenants? (12:20 mins)
• Will DANE (DNS Authentication for Named Entities) be implemented in EOP? (13:15 mins)
• Have email reminder options in Outlook desktop? (14:00 mins)
• Is there a soft limit of 20 shared calendars in Outlook? (15:30 mins)
• Will Outlook be merged into Teams? (17:40 mins)
• Can a compliance officer delete email items while a mailbox is still on hold? (18:30 mins)
• What ports do Exchange servers need to communicate with one another? Can we limit these ports? (19:40 mins)
• How can I track new features coming out in Office 365? (21:15 mins)
• Problems with free/busy issues after running the hybrid configuration wizard (25:25 mins)
• How do the new advancements in server search work with Outlook in cached mode? (26:20 mins)
• Customizations to virtual directories and upgrading Exchange? (28:20 mins)
• When will search include results from shared mailboxes? (31:10 mins)
• Support lifecycle for Exchange 2019? (32:00 mins)
• Tools to troubleshoot public folder moves that are stuck in a loop at 95%? (32:50 mins)
• When will EOP get some of the customizations third-party providers have such as forcing an SMTP 4.2.1 during a migration? (34:45 mins)
• Customizations in web.config files lost during cumulative updates? (35:45 mins)
• More insight into what the hybrid configuration wizard is doing? (37:30 mins)
• What throttling policies are there in Office 365 as they relate to sending mail? (38:35 mins)
• Is there a way to synchronize address lists on-prem to Office 365? (41:45 mins)
• What causes mail to be deferred in Office 365? (42:45 mins)

Panel discussion: Microsoft Outlook (Windows, Mac, and Mobile)
Vivek Kumar, Kathy Thompson, Amanda Alvarado, Tali Roth,  Lexi Torres, Ross Smith IV, Michael Palermiti answer questions from the audience. Eugenie Burrage moderates. Questions include:

• Problems moving folders in shared mailboxes (2:40 mins)
• When will shared mailboxes be available on iOS? (5:40 mins)
• Can my meeting reminders on iOS let me know if I should be somewhere else? (6:15 mins)
• Any support update regarding the discrepancy between maximum OST size and maximum mailbox size in Office 365? (8:00 mins)
• Can we have the ability to set different cache settings for different mailboxes? (9:20 mins)
• When will delegate access come to iOS? (10:55 mins)
• Concerns over battery consumption when running Outlook for iOS/Android (12:44 mins)
• What the benefits of dark mode for Outlook for Mac? (14:30 mins)
• Can we get more flexibility for notifications in Outlook for iOS? (15:50 mins)
• How can I best troubleshoot and identify Outlook performance issues and/or issues with add-ins? (18:30 mins)
• Question to the audience: When was Outlook “born”? (22:00 mins)
• Any plans to allow management of rules (or other options) for shared mailboxes without going to the web portal? (22:30 mins)
• How can I suppress administrative restart notifications when I disable focused inbox globally? (23:25 mins)
• Are tasks and notes coming to iOS? (24:25 mins)
• Can I have custom recurring meetings that I had in Lotus Notes? (26:20 mins)
• Question to the audience: How many countries does the Outlook development team span? (28:35 mins)
• Will email, tasks, and other items eventually be part of the Teams client? (29:20 mins)
• Can I save Outlook email attachments to Teams? (30:40 mins)
• Can I apply multiple InTune managed profiles to a single device? (31:50 mins)
• Problem with timeout settings for MFA and untrusted devices (33:30 mins)
• Feature request for Offcat (36:50 mins)
• What search improvements are there for Outlook for Mac? (37:50 mins)
• Can we have moderated messages in Outlook for iOS? (40:00 mins)
• Any update on calendar search in Outlook mobile? (41:45 mins)
• How can I help my users identify phishing attacks from external sources? (42:55 mins)