OFFICE 365

What is Office 365?

Office 365 is a hosted solution of Microsoft which offers services like Exchange Online, Link Online, Share
Point, One drive etc.,

Office 365 is a web based subscription service that gives anywhere access to Microsoft office tools
as well.

TENANT:

When we signup or subscribe for office 365 we actually gets a tenant, a tenant is basically an account we
create in Microsoft online service environment.

Domain.onmicrosoft.com is format of tenant, when you add a domain to a tenant Microsoft will
ask for DNS Records to add with their public DNS.

After subscription by default after signup the user gets created is an admin, these admin is called
Global Administrator.

To verify the domain there are three steps

1. TXT Record
2. MX Record
3. OTP Method

There are three types of methods to create users in Office 365

1. Power Shell
2. .CSV File export
3. GUI mode

Exchange Server 2010 Roles:

1. Mail Box Server Role
2. Client Access Server role
3. Hub Transport server role
4. Edge Transport server role
5. Unified Messaging server role

Communication between all above roles is called RPC (Remote Procedure Call)

Exchange server 2013 Roles:

1. Mail Box Server Role
2. Client Access Server role
3. Edge Transport Server Role – Optional

Exchange Server 2016 Roles

 1. Mail Box Server Role
2. Edge Transport Server Role – Optional

Edge Transport Server Role:

Edge Transport Server role is used for filtering the mails

There are five types of filters in Edge

1. Connection filter – Blocking and Unblocking of Domains and IP Addresses is done in this filter
2. Recipient filter – It will Search for recipient and which mail address need to hit
3. Malware filter – It will check pishy mail which has contains harmful links and attachments
4. Spam filter – It will filter spam emails
5. Transport Rule – It will deviate the path of unwanted mails

Hub Transport Server Role:

Content Conversion, it converts emails into readable format that is actually cutting shorts the emails into
chunks
Routing of emails - where this emails belongs to
Recipient resolutions – Checks the emails to recipients type
Above three functions performed by CATAGARIZER

Client Access Server Role:

It is a server that client connects to the mailbox access, it is also authenticate and re-directs the request
to appropriate mail box server

It is responsible for to access mailbox with outlook, OWA

Outlook works on MAPI Protocol

OWA Works on HTTP Protocol
Mobile Works on Active sink

Types of Recipients:
1. User Mail Box
2. Shared Mail Box
3. Link Mail Box
4. Arbitrations Mail Box
5. Distribution Group
6. Dynamic Distribution Group
 7. Security Group
8. Mail User/ Mail Contact
9. Resource Mail Box

User Mail Box:

User mail is assign to individual users in exchange organization and it is the most common recipient type,
each mail box is associated with an AD User account
User mail box can be used to send and receive messages, perform tasks and saving contacts

Shared Mail Box:

Shared mail box is a common mail box which is created and access for common purpose
It allows a group of users to view and send messages from a common mail box
there are three types of permissions required to access shared mail box

1. Send As
2. Send on behalf
3. Full Access

Arbitration Mail Box:

Arbitration mail box is temporary mail box where mail box is hold foe authentication

Distribution Group:
It is a type of Recipients created in O365 that is primarily used for distributing messages to multiple
recipients
In distribution group members are added by manually
Display name is starts with @

Dynamic Distribution Group:

It is also like distribution group but group members are added by automatically in this group

Security Group:
It also like Distribution group however permissions are assigned on the group to distribute group

Resource Mail Box:

Resource mails box is a special mail box is designed to use for scheduling resources
There are two types of resource mail Box

1. Equipment Mail Box – not Location specific

2. Room Mail Box - Location specific

Mail User / Mail Contact:

Mail user and Mail Contact are both are Different Forest
Mail user are similar to mail contact and they both will contain information about people out side your
organization
Both have external email addresses
Mail users have an AD Credentials but not mail contact

Link Mail Box:

Types of Domains:
Two types of Domains

1. Accepted Domains
2. Remote Domains

Accepted Domains: Is the one for which server is responsible for accepting emails

It has three status

1. Authoritative
2. Internal Relay
3. External Relay

Authoritative: It set by default, If the domain is set to authoritative then edger server will perform the
recipient filtering this process is called DBED (Directory Base Edge Block).

Internal Relay: If the domain is set to internal relay, then edge will not perform DBEB it will pass to HUB

External Relay: If the domain is set to external relay where third party tool is hired for filtering the emails

Remote Domains: Remote domains are created to define setting for message transfer between Exchange
server and a domain which is outside the exchange organization.

Connectors:
Connectors are used to connect roles to exchange server

By default there are two types of connectors are already present

1. Send Connector
2. Receive Connector

In Exchange Server 2013, 2016 the above two connectors are called IN BOUND Connector and OUT
BOUND Connector.

Queues:
There are Five Types of Queues in Exchange Server

1. Mail Box Delivery Queue

2. Remote Delivery Queue
3. Submission Queue
4. Unreachable Queue
5. Poisson Queue

Mail Flow in Exchange Server 2010:

When we compose an email, click on send message will go to out box.
(On exchange server mail box submission service is runs continuously)
Store driver will pick up the message from the outbox and submit into the submission queue
Then it will go to categorizer in categorizer (performs content conversation, routing, recipient resolution)
After categorizer it will go to delivery queue
Then it will go to recipient
****Store driver is component of Hub transport server
Mail Flow in Exchange Server 2013:
Three services are available in 2013 mail flow
1. Front end transport Service – These Services runs in Client access Server
2. Transport Service – These Services runs in Mail Box Server
3. Mail box Transport - These Services runs in Mail Box Server.

Front End Transport Service:

This service runs in Client access server and it doesn’t inspect the message content it only communicate
with the transport service on mailbox server and it doesn’t queue any messages.

Transport Service:
This service runs on mail box server and it is virtually identical to hub transport server in previous versions
of exchange
This service handled message categorization and message content inspection.

Mail Box Transport Service:

It runs on mail box server and consists of two separate services
1. Mail box Transport Submission Service
2. Mail Box Transport Delivery Service
The process of mail flow starts with user typing a message and click on send it will go to the outbox, store
driver is replaced by mail box transport service, mail box transport submission service will pick up the
message from outbox and put it in the submission queue, after submission queue it will go to categorizer
in categorizer three steps will perform, next it will place the message to correct delivery queue, if message
queue is going to the external recipient it will use the correct send connector and deliver the message.

Mail Flow in Exchange Server 2016:

Message send from the internet through send connector it go to front end transport service, then
transport service, then mail box transport delivery service

Protocol logging:
When email is not able send and receive and issue is at connector level then we use protocol logging to
diagnose the mail flow issue
Protocol logging records the STMP conversations that occurs between messaging servers
By default protocol logging is disabled on all send and receive connectors

Types of protocols used in client

SMTP – Simple mail transfer protocol (it is responsible for sending emails) it works on port no: 25
POP/POP3 – Post office protocol (it is responsible for receiving emails) it works on port No: 110
IMAP – Internet messaging access protocol (it is responsible for receiving emails) it works on port No: 143

DNS Record Used in Exchange:

1. A – Naming resolution
2. MX – is used to receive the emails
3. CNAME
4. PTR
5. SRV
6. SPF/TXT
7. DKIN
8. DMARC

SPF/TXT (SENDER POLOCY FRAME WORK)

Office 365 Users SPF/TXT Record to ensure that destination email system trust messages sent from your
custom domain, it is a type of DNS record that helps prevent spoofing/ phishing by verifying the domain
name from which email messages are sent
SPF Validates the Origin of email message by verifying the IP address of the sender
There can be a one SPF record but it can have multiple IP addresses.
If SPF record is passed then the email is not spoof and spam.
DKIM :
DKIM is authentication method which uses encryption with private and public keys to validate whether
the email are generated from the authorized servers, recognized and configured by the administrators of
the sending domain
In DKIM Process a public key is published every outgoing email includes a unique signature generated
using a private key for the particular domain. The receiving email server uses these private/public key
combination to decrypt email

DMARC: (DOMAIN BASED MESSAGE AUTHENTICATION REPORTING AND CONFORMANCE)

Demark is Combination of SPF and DKIN Records.

EXCHANE VIRTUAL DIRECTORY:

Virtual Directories in Microsoft exchange is used for applications and other clients that used web based
services. Exchange virtual directory is a directory which stores some necessary URLs to point to
correspondent webpage
These URLs can provide services for users by exchange server

IMPORTANT URLs IN VIRTUAL DIRECTORY:

1. Auto Discover
2. OOF (Out Of Office)
3. EWS(Exchange Web Services)
4. OAB (Offline Address Book)
5. ECP (Exchange Control Panel)
6. OWA (Outlook Web App)
7. Active Sync.

EWS:
It provides the functionality to unable client applications to communicate with exchange server.
EWS Describes three flies
1. Services.wsdl
2. Message.xsd
3. Types.xsd

AUTO DISCOVER:
Auto Discover is a Mechanism that allows users to easily configure their email client knowing only their
email address and password.
Auto Discover also enables Additional features for Microsoft exchange including: Downloading the Offline
Address Book, Viewing Free/Busy Time in your Calendar.
 Auto Discover is a Process by which the client gets the XML which helps to Configuring outlook

There are 4 Steps in Auto Discovery:

1. SCP Lookup – Server Connection Point
2. Predefined URL
3. HTTP Redirect
4. SRV Method

SCP Lookup:
SCP Object has two components
1. SBI (Server Binding Info): it has the CAS URL
2. (Keyword): It has the information of the where the location of the CAS URL

There are Two Scenarios in Auto Discover

1. Domain Joined Machines
2. Non-Domain Joined Machines

Domain Joined Machines:

In domain joined machine to configure email client, when we typing user name and password it do a LDAP
Query, after the successful LDAP Query it will get SCP object, so SCP object has CAS URL, then it gets XML
which helps to configuring outlook

Non-Domain Joined Machines:

In Non domain join machines LDAP will be failed, then it will go the predefine URL to configure email client

URL is – https://domain.com/autodiscover/autodiscover.xml

To success the email client configuration through the above URL, it has to satisfy three conditions

1. A Record
2. Port No : 443 should be open
3. Third Party certificate

If above process fail then it will go to other predefine URL

URL https://autodiscover.domain.com/autodiscover/autodiscover.xml

Again three conditions should satisfy to successful to configure outlook

If it fails next it will go to port no 80, then it gets reply from 301, 302 after 301 and 302 it will check the
CNAME of the domain and then it will make the URL as

URL : https://autodiscover.outlook.com/autodiscover/autodiscover.xml

Again same three conditions should satisfy, if its not satisfy then it will configure from SRV Method.

In SRV Method it will do a DNS query for SCP lookup through NS Lookup Command,

Once NS Lookup Command runs it will get IP address this IP called CAS IP
Through that IP it gets XML to configure the email client/outlook.

NOTE: Remote Connectivity Analyzer (EXRCA) is a tool for diagnose/test the Auto discover issues

EXCHANGE AUDITING:

Auditing is done for compliance purposes, through auditing we can cross verify the issues in office 365,
you can use office 365 security and compliance center to search the audit logs to view user and
administrator activity in your exchange organization

In exchange, admin logs are enable by default

Audit logs are available only for past 90 days

JOURNALING:
Journaling is keeping records of incoming and outgoing emails of some other mail box, it is also done for
legal/compliance purposes

Journaling mail box we have incoming and outgoing email copy.

DELIVERY STATUS NOTIFICATION: (DSN)

1. NDR (Non Delivery Report)
2. DR (Delivery Report)
3. Read Receipt

NDR:

Non delivery has 5 contents (information’s)

1. Generating Server
2. Remote Server
3. Rejected Recipient
4. Enhanced Status Code
5. Original Header

NDR always go on Revers Path and it is also known as BOUNCE BACK EMAIL.
BACK SKETTLER:

If we receive NDRs for the email which we have not send then it is called back settler.

FORMAT OF NDR:

Generating Server :user@gmail.com

550.5.xxxx :Recipient not found (550.5.xxx is called enhanced Status code)

Remote Server :xxxxx

Original Header :XXXXX

From :User@gmail.com

To :user@domain.com

SUB : XXX

Enhanced status code has three components

1. Class
2. Subject
3. Details

Class Range:

 2 Successful
 4 Temporary Failure
 5 Permanent failure

Subject Range (0-7):

0- Unidentified
1- Email issue
2- Mail Box Status
3- Mail System
4- Network issue
5- Protocol
6- Content
7- Security Policies
SPAM CONFIDENTIAL LEVEL:
When an email message goes through spam filtering it assigned a spam score, this score is mapped to an
individual SCL rating and stamped in message header. Based on these ratings trouble shooting is done.

Spam score range starts from -1 to 9

-1- No Spam filtering is performed i.e. it has been bypassed

0,1 – Good emails

5,6 – Spam emails (this mails will go to junk)

9 – High Confidential spam (this mail also will go to spam)

2, 3,4,7,8 - some rules has been setup for these mails.

BULK CONFIDENTIAL LEVEL:

BCL Range (0-9)

0 – Message is not from a bulk sender

1,2,3 – Message is from a bulk sender with few complaints

4,5,6,7 – Message is from a bulk sender with mix complaints

8,9 – Message is from a bulk sender with High complaints.

SARA: Support and recovery Assistance

It is used to troubleshoot the outlook issues. SARA tool need to install in the client system to troubleshoot.

OUTLOOK TROUBLESHOOTING:
Problem: Password prompts (password keep asking)

If the same issue happen OWA that indicates problem at exchange server level
It is working fine in OWA issue is at system level, so we need to first create new profile then test
If that is also not working then remove the cache credentials from credential manger
Command for remove the cache credentials
RUN -> run as admin
Rundll32.exe keymgr.dll, KRShowKeyMgr
Even problem not been solved run the SARA tool.
QUARANTINE:
QUARANTINE EMAIL MESSAGE IN OFFICE 365:

We can setup Quarantine for incoming email messages in office 365 where messages have been filtered
as spam, bulk, phishing emails, malwares and mail that Matches a specified criteria can be kept in
quarantine for later review.

NOTE: if email goes in quarantine by default it remain for 15 days.

When transport rule is setup that Mail will remains 7 days in quarantine.

E-DISCOVERY:
e-DISCOVERY are electronic discovery for email, It is used to search emails or mail boxes if deleted, to
perform e-discovery the admin has to be e-discovery manager.
E-discovery path:
EAC->Security & compliance ->eDiscovery->properties->eDiscovery permissions

DELETED EMAILS HIRARCHY:

EMAILS ->DELETED->DELETED EMAILS (emails will be in 14 days in this) -> RECOVER DELETED ITEMS
(emails will be in 14 days in this) ->PURGE (emails will be in 14 days in this) ->VERSIONS (emails will be
forever).

MULTI FACTOR AUTHENTICATION:

MFA increases the Security of user’s login per cloud services above and just password.
With MFA Office 365 users are required to acknowledge a phone call, text message or app notification.
Path :
EAC->active users->More->setup MFA.

E-DISCOVERY HOLD:
In place eDiscovery hold search results goes on hold, there are three types of hold.
1. Time based hold
2. Query based hold
3. Indefinite time hold.

Exchange Online Protection:

Exchange online protection is known as EOP actually it is edge transport server some organizations called
as EOP.
OUTLOOK ANY WHERE:
In Microsoft exchange server from 2013 onwards outlook anywhere feature formally known as RPC/HTTP
(RPC over HTTP) its let client who are used Microsoft outlook 2010 and 2013 connect to their own
exchange server from outside the corporate network.

Differences between outlook anywhere and outlook connectivity

SL NO Outlook any where Outlook Connectivity

1 Double encapsulation Single encapsulation
2 slow fast
3
HTTP
RPC HTTP
MAPI MAPI

4 Once disconnected reestablishes the Once disconnected the last session is paused for
connection all over agian 15 min and can be resumed

DATA BASE AVAILABILITY:

DAG is a Server which has databases at multiple sites and gets replicates, it actually a group of mail boxes
DAG servers also provide high availability
DAG servers are installed with mailbox server roles, each server that is member of DAG is capable of
hosting active or passive copies of mail box databases. That resides on servers in that server group
Heart beat is a process continuously works on DAG to make sure that the server is active

Active manager:
Active Manager is a roles on each DAG server which decides which server has to be active in case of other
if other server is down
If server is down then active manager will see that which site has the majority of active servers, it will then
check that which server from the majority has most updated database and it will make that server active.

Split Brain Syndrome:

If the Majority is equal in this case majority will be with the site which has a witness server and hence that
server will become active

Witness Server:
It is basically a windows machine linked with the server at site to overcome split brain syndrome.

MS ODS: (Microsoft Online Directory Services)

Users are created on cloud through MSODS, MSODS is a Microsoft cloud based service
This service is the foundation of office 365 and many other Microsoft cloud services.

User Provisioning: creation of users is called user provisioning

Service Provisioning: Assign the licenses to the users is called as service provisioning.

MESSAGE TRACE:
In office 365 as an administrator you can find out what happen to an email message by running message
trace, after running the message trace you can view the results in a list, and then view the details about a
specific message

Message trace in security and compliance center follows email messages as they travel email
message through your exchange online organization. You can determine the message was received,
rejected or delivered

There are two types of message trace

1. Simple Message trace

2. Extended Message trace

Through Message trace we search up to 90 days min 4 hours

This tool is helpful NDRs also

OFFICE 365 LIECENSES/PRODUCTS:

1. Exchange online Plan 1
2. Exchange online Plan 2
3. Exchange online KIOSK
4. Exchange online Protection
5. Office 365 Business Essentials
6. Office 365 Business Premium
7. Office 365 A1, A3, A5.
8. Office 365 E1, E3, E5.

Exchange Online KIOSK: KIOSK licenses are aim at users whom need to access emails only and doesn’t
required full functionality.
KIOSK license can only connect QWA and Smart phones
Mail box limit is given only 1GB.
Office 365 E1:
Services includes
1. Exchange
2. One drive
3. Share point
4. Microsoft Teams
5. Yammer

E1 Features:
1. You will get email hosting with 50GB email box
2. Web versions of outlook, MS office
3. File storage and sharing with 1TB of storage
4. Host unlimited HD video conferencing meeting with up to 250 people
5. Hosts meeting per up to 10000 with the Skype or teams
6. 24/7 phone and web support.

Office 365 E3:

Services includes
1 Exchange
2 One drive
3 Share point
4 Microsoft Teams
5 Yammer
6 Microsoft web and desktop versions

E1 Features:
1. You will get email hosting with 100GB email box
2. Desktop and Web versions of MS office
3. File storage and sharing with unlimited personal and cloud storage
4. Host unlimited HD video conferencing meeting with up to 250 people
5. Hosts meeting per up to 10000 with the Skype or teams
6. 24/7 phone and web support.
7. E3 get ATP as add on subscription.

Office 365 E5:

Services includes
1. Exchange
2. One drive
3. Share point
4. Microsoft Teams
5. Yammer
6. Microsoft web and desktop versions
E1 Features:
1. You will get email hosting with 100GB email box
2. Desktop and Web versions of MS office
3. File storage and sharing with unlimited personal and cloud storage
4. Host unlimited HD video conferencing meeting with up to 250 people
5. Hosts meeting per up to 10000 with the Skype or teams
6. 24/7 phone and web support.
7. ATP is inbuilt
8. Advanced personal and organizational analytic with power BI.

POWER BI:
Power BI is a business analytic service that delivers to site to enable and transform data into visuals. I. e
visually explore and analyze data.

244447250030