EXCHANGE

Hi All,

A few days ago, i did publish the Article Installing ADFS on Windows Server 2025. That gave me the opportunity, to test some scenarios with Exchange and Active Directory Federation Services (ADFS).

ADFS Server

Let’s start the ADFS MMC

C:\Windows\ADFS\Microsoft.IdentityServer.msc

Create relying party trusts in AD FS for Outlook on the web and the EAC

As you can see, the Relying Party Trusts are empty

Create Relying Party Trust for Outlook on the Web (owa)

Hi All,

A few Months ago, Microsoft has announced the Exchange Hybrid App. They announced that in Q2 2025 the HCW will support the creation of the Exchange Hybrid Application. Not sure if that is already the case. So i did write this Script to check for updated Versions of Hybrid Configuration Wizard (HCW).

• Exchange Server Security Changes for Hybrid Deployments

Browser Developer Tools

In the Browser development tools i’ve analyzed the URL that is used to download the Hybrid Configuration Wizard (HCW) when requesting https://aka.ms/hybridwizard

Hi All,

In my professional Life, i have architected and implemented many Exchange Hybrid Organizations.

Most of the Time the MX Records still point to the OnPrem Mailgateway or a 3rd Party Service for AntiMalware, Antispam, AntiPhishing. These Systems have well designed Rules for preventing Malware and unwanted Mails.

But customers forget, that with Exchange Online by default comes two MX Records to your Tenant, where someone potentially can bypass all these checks from the OnPrem Mailgateway and deliver Mails directly to Exchange Online Protection (EOP).

Hi All,

I had to debug an Application that sends a Mail with an Attachment via Graph API. I’ve created this Small Script to Test the Functionality.

Entra Application

You need an Entra Application.

Entra Application:

Certificate Authentication:

Permissions:

• Application: Mail.ReadWrite
• Application: Mail.Send

Application Access Policy

I’ve written a whole Article Application Access Policy in Exchange Online

• Limit Microsoft Graph Access to specific Exchange Mailboxes

Connect-ExchangeOnline -ShowBanner:$False
Get-DistributionGroup -Identity PostmasterGraphRestriction | fl DisplayName, PrimarySmtpAddress, ExternalDirectoryObjectId
Get-DistributionGroupMember -Identity PostmasterGraphRestriction | fl DisplayName, PrimarySmtpAddress,ExternalDirectoryObjectId

Hi All,

Microsoft has released the Exchange Server Subscription Edition (SE) today.

• Exchange Team Blog Exchange Server Subscription Edition (SE) is now available
• System Requirements
• Release Notes
• KB5047155

Check also the Updated Information Upgrading your organization from current versions to Exchange Server SE

• Exchange SE CU1 release was moved to H1 CY26
• Exchange SE CU2 was added, with the H2 CY26 release date
• Exchange SE coexistence block for E2016/E2019 will be coming in Exchange SE CU2 (previously CU1)

Download

I’ve downloaded the ISO from the Download Center

Hi All,

Until now, I did believe, that some properties from synchronized Objects from On-Prem to Entra ID like Emailaddresses and HideFromAddressLists can only be changed on the Source in Active Directory.

I discovered that you could change the HideFromAddressLists property for synced MailUsers in Exchange Online EAC and EXO Powershell.

User Mailbox

If you look at a syncronized User Mailbox in Exchange Admin Center the “Hide from global address list (GAL)” is greyed out and can not be changed.

Hi All,

Just a few Hours ago, Microsoft has released the Exchange Server May 2025 Hotfix Updates

• Exchange Team Blog Released: May 2025 Exchange Server Hotfix Updates

Process

Download

• Exchange 2019 CU15 HU2 Downlaod Hotfix Update for Exchange Server 2019 CU15 HU2 (KB5057651)

• KB Article Hotfix update for Exchange Server 2019 CU15 HU2: May 29, 2025 (KB5057651)

Pending Reboot

Bevore running the Installation of the Hotfix Update, it’s a good idea to check if there is a pending reboot.

Hi All,

This Morning Microsoft has released the ExchangeOnlineManagement 3.8.0 PowerShell Module.

• PowerShell Gallery ExchangeOnlineManagement 3.8.0

v3.8.0:

• Support for providing an Access Token with Connect-IPPSSession.
• Get-VivaModuleFeature now returns information about ParentFeature, ChildFeature, and PolicyModes. These values represents parent and child features of a Viva App feature along with available enablement modes for policies for the feature.
• Added a new parameter IsUserOptedInByDefault in Add-VivaModuleFeaturePolicy and Update-VivaModuleFeaturePolicy cmdlets and its return value in all VivaModuleFeaturePolicy cmdlets. The value represents if by default, users are opted in/out by the policy if the user has not set a preference. This parameter can be used to set up complex policies, such as keeping the feature enabled in your tenant while opting out the impacted users by default, effectively soft disabling the feature for those users.
• Deprecated Get-VivaFeatureCategory cmdlet and all category-related parameters and return values (CategoryId, IsCategoryEnabled).

Hi All,

A few Weeks ago Microsoft has announced the Permanent Deletion of mailbox items.

• Microsoft Graph APIs for permanent deletion of mailbox items now available

It’s relatively simple. Instead of the “DELETE” HTTP Method you use the “POST” Method and add “/permanentDelete” to the URI.

###############################################################################
#Delete
#https://learn.microsoft.com/en-us/graph/api/message-delete?view=graph-rest-1.0&tabs=http
###############################################################################
DELETE /users/{UserId}/messages/{MessageId}
DELETE /users/{UserId}/mailFolders/{mailFolderId}/messages/{MessageId}

###############################################################################
#Permanently Delete
#https://learn.microsoft.com/en-us/graph/api/message-permanentdelete?view=graph-rest-1.0&tabs=http
###############################################################################
POST /users/{UserId}/messages/{MessageId}/permanentDelete
POST /users/{UserId}/mailFolders/{mailFolderId}/messages/{MessageId}/permanentDelete

Time for me to test the Functionality.

Hi All,

Yesterday, Microsoft has releasesed the April Hotfix Updates for Exchange Server

• Released: April 2025 Exchange Server Hotfix Updates

Exchange 2019

In my case, i’ve downloaded the Hotfix Update für Exchange Server 2019 CU15

• Hotfix Update for Exchange Server 2019 CU15 HU1 (KB5050672)
• KB5050672

Installation

Update has been sucessfully installed

Healthchecker

Now let’s run the Healthchecker.

The First run updates the Healthchecker to the current version