Microsoft hosted its annual conference this September. However, unlike prior Ignite conferences, this one was impacted by COVID-19. As a result, Microsoft took its massive conference, typically attended by tens of thousands of individuals, and converted it into a digital online experience.
This digital Ignite was by no means a shadow of its former self. With 812 scheduled sessions and another 410 on-demand sessions via the Video Hub, this digital experience was massive.
At 1,222 sessions, here are the top 15 sessions I think every Exchange admin should watch.
Tip: I have included extensive notes for each session and the time each topic starts. You can expand the session notes under each video by clicking “Show more session notes.”
Exchange – Here, There and Everywhere
In this session, Greg Taylor discusses the roadmap for Exchange on-prem and Exchange Online. Topics include:
In this session, Greg Taylor discusses the roadmap for Exchange on-prem and Exchange Online. Topics include:
- Exchange Calculator will now be a separate download, outside of the ISO (0:30 mins)
- Exchange 2016/2019 will support multiple tenants with the HCW (2:15 mins)
- Up to 5 tenants at GA
- Have to rerun the HCW against each tenant
- HMA will be restricted to only 1 of those 5 tenants
- It won’t configure free/busy between the tenants
- New Exchange Admin Center will be GA Q1 2021 (4:40 mins)
- New Exchange Admin Center Home (6:25 mins)
- New Exchange Admin Center Reports (7:25 mins)
- Auto-Forwarded Message Report
- Outbound Message Report
- Exchange PowerShell Module v2 (8:40 mins)
- General availability of certificate-based authentication for unattended scripts
- PowerShell Core support in preview
- Linux PowerShell support in preview
- Plus, Addressing in Exchange Online is GA (11:15 mins)
- Full rollout expected by October
- Administrators need to enable it at the tenant-level
- A new version of on-premises Exchange Server (13:40 mins)
- Released H2 2021
- Only available via subscription purchase
- SharePoint and Skype for Business will follow suit
- Can install into an existing org with Exchange 2013, Exchange 2016, and Exchange 2019
- One more backward-compatible version than normal
- Exchange 2019 users can do an in-place upgrade to vNext (like applying a CU)
- Only for 2 years after vNext release
- Exchange 2019 and vNext can be in the same DAG and load balancer VIP
- No more major Exchange upgrades
- Exchange 2016 end of mainstream support – October 14th (20:00 mins)
- If using the free hybrid key, keep using it during extended support
- If you have on-prem mailboxes, migrate to Exchange 2019
- Removing the last Exchange server (22:30 mins)
- Nothing to announce, but work is still in progress
- Basic Authentication still being retired (23:30 mins)
- Deadline extended to H2 2021
- Easy on/off controls in M365 Admin Center
- OAuth support added for POP, IMAP, and SMTP AUTH
- PowerShell Module v2 uses modern auth
- Outlook 2013 and newer uses modern auth
- Use the Azure AD Sign-Ins report
- Basic auth will be turned off in new tenants by default with security defaults
- Basic auth will be turned off in tenants not using it
- Additional Exchange Online training resources (26:55 mins)
Exchange Online Transport – New Email Management, Optics and End-user experiences
In this session, Kevin Shaughnessy discusses all the advancements coming to Exchange transport. Topics include:
In this session, Kevin Shaughnessy discusses all the advancements coming to Exchange transport. Topics include:
- Support for Plus Addresses (4:55 mins)
- E.g., amypond+newsletter@supertekboy.com
- Now rolling out
- Great way to see who may have sold/leaked your data
- Can target inbox roles to use the new plus address (move to a folder, etc.)
- Could use it to track marketing/sales campaigns you initiate
- Block users from blind carbon copying (BCC) a group (9:00 mins)
- Problem: Inbox rules were ignoring a group added to the BCC line in an email
- Solution: Generate an NDR if a group is added to the BCC line in an email. It can be enabled per group by either the group owner or administrator.
- Rolling out Q4 2020
- New Exchange Admin Center (12:53 mins)
- All mail flow items and insights (e.g., message trace and mail flow reports) are moving from the Security & Compliance Center to the new Exchange Admin Center
- New Exchange Admin Center is an opt-in experience
- DEMO: New Exchange Center mail flow group (14:15 mins)
- New Mail Flow Insights, Notifications, and Reports (16:10 mins)
- Expired / soon to expire certificates report (Q4 2020)
- Expired / soon to expire domains report (Q4 2020)
- Misconfigured connectors report (TBD)
- New Settings
- Message expiration for email delivery issues (Q4 2020)
- Default is 24 hours to generate NDR
- Will be able to configure expiration and NDR value of 8-24 hours
- Expiration for queued due to TLS failures (TBD)
- Default is 24 hours to generate NDR
- Under consideration
- Message expiration for email delivery issues (Q4 2020)
- Reply-All Storm Protection (21:20 mins)
- V1 is currently deployed
- 10 reply-all to emails with 5,000 recipients within 1 hour
- Blocks replies with an NDR for up to 4 hours
- V2 planned
- Customize the number of recipients on the email (new default will be 2,500)
- Customize the number of reply-all messages detected in 1 hour (default will still be 10)
- Customize block replies (default will still be 4 hours)
- Reply-All Storm insights/reports coming to EAC
- V1 is currently deployed
- Message Recall for Exchange Online (26:15 mins)
- Previously message recall is client-based and only works when the client is Outlook (not web or mobile)
- New message recall is client agnostic and will remove the message from the mailbox
- User will see a report of message recall success/failure
- Available by Q4 2020
Exchange Online Transport – Email Security Updates
In this session, Sean Stevenson discusses new security features coming to Exchange transport. Topics include:
In this session, Sean Stevenson discusses new security features coming to Exchange transport. Topics include:
- Existing mail flow scenarios and susceptibility for attack (3:04 mins)
-
TLS 1.0 deprecation underway (6:55 mins)
- TLS 1.0 already disabled for DoD/GCC High tenants
- 2% of all mail to/from Office 365 with other mail exchangers using TLS 1.0
- Even with TLS 1.0 disabled man-in-the-middle attacks are still a problem
- DEMO: New Exchange Admin Center insights and reports identify mail sending with TLS 1.0 to/from your tenant (10:30 mins)
- New cipher requirements to send/receive mail to Exchange Online (11:40 mins)
- SMTP MTA Strict Transport Security support (RFC 8461) (12:55 mins)
- Office 365 outbound now supports MTA-STS
- DNS TXT record added to external DNS which identify location (and presence) of an MTA-STS policy (TEXT file hosted on a web server)
- DEMO: Example of an MTA-STS policy (TEXT file) (17:50 mins)
- Support for DANE / DNSSEC (18:25 mins)
- DANE for SMTP identifies what TLS protocols the recipient domain supports prior to handshake/TLS negotiation
- Protects against man-in-the-middle or downgrade attacks
- DANE TSLA records protected with DNSSEC to prevent tampering with the DANE records
- Outbound protection will be added before inbound protection
- SMTP Auth Clients (20:52 mins)
- Deprecation of TLS 1.0 for SMTP Auth Clients is still coming
- If your SMTP Auth Clients can’t be easily upgraded to use TLS 1.2, leverage Exchange on-premises for mail relay.
- DEMO: SMTP Auth Client report (23:00 mins)
- SMTP Auth Clients (24:10 mins)
- No plans to deprecate basic authentication for SMTP Auth Clients at this time.
- Modern Auth (OAuth) is available for SMTP Auth Clients (recommended)
- Recommended: Disable SMTP Auth for any mailbox that does not require it
- SMTP Auth being globally disabled on all new tenants (can be re-enabled by the admin)
