Shulou(Shulou.com)06/03 Report--

Proficient in Office 365Cloud Computing Management Exchange Online

Chapter 1 starts with Office 365

1.1 Domain name management

When you register with Century Internet office 365, you will get an initial domain name of Office 365: XXX.partner.onmschina.cn.

Administrator logs in to office 365 portal: "Navigation Bar" on the left-- "install"-- "Domain"-- "add Domain":

Https://portal.partner.microsoftOnline.cn

two。 Manage OFfice 365 through PowerShell:

2.1 install Azure AD Module:

Install-Module AzureAD

Install-Module Msonline

Connect-MsolService-AzureEnvironment AzureChinaCloud

Get-MsolDomain-DomainName nipc.me | fl

Set the default domain:

Set-MsolDomain-Name nipc.me-IsDefault

Get-MsolDomain

Delete domain:

Remove-MsolDomain-DomainName nipc.me

If the custom domain name has been bound on the global version of Office 365, even if it has been added on the Chinese version of Office 365, the domain name in the "accepted domain" of the Chinese version of Exchange Management Center will be missing, resulting in abnormal mailbox function.

1.2 user Management

Create a user:

Create the required attributes for the user:

DisplayName display name

UserPrincipalName user name used to log in to the Office 365 service eg: XXX@nipict.partner.onmschina.cn

New-MsolUser-DisplayName "Gan Zhiyan"-UserPrincipalName ganzy@nipc.me-FirstName Gan-LastName Zhiyan-UsageLocation CN-LicenseAssignment reseller-account:O365_BUSINESS_PREMIUM

Query the license of the subscription:

Get-MsolAccountSku

AccountSkuId ActiveUnits WarningUnits ConsumedUnits

--

Reseller-account:O365_BUSINESS_ESSENTIALS 0 0 2

Reseller-account:O365_BUSINESS_PREMIUM 2 0 2

Create users in batch:

Prepare a CSV file with the corresponding attributes: DisplayName,UserPrincipalName,FirstName,LastName,UsageLocation,LicenseAssignment (AccountSkuId)

Then use Powershell to create users in batch:

Import-Csv-Path "C:\ users.csv" | foreach {New-MsolUser-DisplayName $_ .DisplayName-UserPrincipalName $_ .UserPrincipalName-FirstName $_ .FirstName-LastName $_ .LastName-UsageLocation $_ .UsageLocation-LicenseAssignment $_ .AccountSkuId} | Export-Csv-Path "C:\ Results.csv"

Administrator permissions role:

Get-MsolUser | where Displayname-Like "gan*" | sort displayname | select Displayname | more

Get the administrator role name and description:

Get-MsolRole | sort name | select Name,Description

Name Description

-

Application Administrator Can create and manage all aspects of app registrations and enterprise apps.

Application Developer Can create application registrations independent of the 'Users can register applications' setting.

Authentication Administrator Allowed to view, set and reset authentication method information for any non-admin user.

Azure DevOps Administrator Can manage Azure DevOps organization policy and settings.

Azure Information Protection Administrator Can manage all aspects of the Azure Information Protection product.

B2C IEF Keyset Administrator Can manage secrets for federation and encryption in the Identity Experience Framework (IEF).

B2C IEF Policy Administrator Can create and manage trust framework policies in the Identity Experience Framework (IEF).

B2C User Flow Administrator Can create and manage all aspects of user flows.

B2C User Flow Attribute Administrator Can create and manage the attribute schema available to all user flows.

Billing Administrator Can perform common billing related tasks like updating payment information.

Cloud Application Administrator Can create and manage all aspects of app registrations and enterprise apps except App Proxy.

Cloud Device Administrator Full access to manage devices in Azure AD.

Company Administrator Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.

Compliance Administrator Can read and manage compliance configuration and reports in Azure AD and Office 365.

Compliance Data Administrator Creates and manages compliance content.

Conditional Access Administrator Can manage conditional access capabilities.

CRM Service Administrator Can manage all aspects of the Dynamics 365 product.

Customer LockBox Access Approver Can approve Microsoft support requests to access customer organizational data.

Desktop Analytics Administrator Can access and manage Desktop management tools and services.

Device Administrators Device Administrators

Device Join Device Join

Device Managers Deprecated-Do Not Use.

Device Users Device Users

Directory Readers Can read basic directory information. Commonly used to grant directory read access to applications and guests.

Directory Synchronization Accounts Only used by Azure AD Connect service.

Directory Writers Can read and write basic directory information. For granting access to applications, not intended for users.

Exchange Service Administrator Can manage all aspects of the Exchange product.

External Identity Provider Administrator Can configure identity providers for use in direct federation.

Global Reader Can read everything that a global admin can read but not update anything.

Groups Administrator Members of this role can create/manage groups, create/manage groups settings like naming and expiration policies, and view...

Guest Inviter Can invite guest users independent of the 'members can invite guests' setting.

Helpdesk Administrator Can reset passwords for non-administrators and Helpdesk Administrators.

Intune Service Administrator Can manage all aspects of the Intune product.

Kaizala Administrator Can manage settings for Microsoft Kaizala.

License Administrator Can manage product licenses on users and groups.

Lync Service Administrator Can manage all aspects of the Skype for Business product.

Message Center Privacy Reader Can read security messages and updates in Office 365 Message Center only.

Message Center Reader Can read messages and updates for their organization in Office 365 Message Center only.

Office Apps Administrator Can manage Office apps cloud services, including policy and settings management, and manage the ability to select, unselect...

Partner Tier1 Support Do not use-not intended for general use.

Partner Tier2 Support Do not use-not intended for general use.

Password Administrator Can reset passwords for non-administrators and Password Administrators.

Power BI Service Administrator Can manage all aspects of the Power BI product.

Printer Administrator Can manage all aspects of printers and printer connectors.

Printer Technician Can manage all aspects of printers and printer connectors.

Privileged Authentication Administrator Allowed to view, set and reset authentication method information for any user (admin or non-admin).

Privileged Role Administrator Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management.

Reports Reader Can read sign-in and audit reports.

Search Administrator Can create and manage all aspects of Microsoft Search settings.

Search Editor Can create and manage the editorial content such as bookmarks, Q and As, locations, floorplan.

Security Administrator Security Administrator allows ability to read and manage security configuration and reports.

Security Operator Creates and manages security events.

Security Reader Can read security information and reports in Azure AD and Office 365.

Service Support Administrator Can read service health information and manage support tickets.

SharePoint Service Administrator Can manage all aspects of the SharePoint service.

Teams Communications Administrator Can manage calling and meetings features within the Microsoft Teams service.

Teams Communications Support Engineer Can troubleshoot communications issues within Teams using advanced tools.

Teams Communications Support Specialist Can troubleshoot communications issues within Teams using basic tools.

Teams Service Administrator Can manage the Microsoft Teams service.

User Account Administrator Can manage all aspects of users and groups, including resetting passwords for limited admins.

Workplace Device Join Workplace Device Join

Assign roles to the account:

Add-MsolRoleMember-RoleMemberEmailAddress gan@nipc.me-RoleName "Exchange Service Administrator"

Assign roles to multiple users:

Create the following CSV file, including the display name DisplayName and the role name RoleName

DisplayName,RoleName

"Gan Zhiyan", "Exchange Service Administrator"

"Joe Xiao", "SharePoint Service Administrator"

"Eric Yan", "Helpdesk Administrator"

Next, run the following command:

Import-Csv-Path "C:\ RoleAdd.csv" | foreach {Add-MsolRoleMember-RoleMemberEmailAddress (Get-MsolUser | Where DisplayName-eq $_ .DisplayName). UserPrincipalName-RoleName $_. RoleName} | Export-Csv-Path "C:\ RoleAddResults.csv"

Note: only users can be assigned administrator roles, not groups.

1.2.2 Delete a user:

Delete a single user:

Remove-MsolUser-UserPrincipalName gan@nipc.me

There is no need to prompt for confirmation:

Remove-MsolUser-UserPrincipalName gan@nipc.me-Force

If it is a directory synchronization account, the next synchronization will be restored to the active user after deletion. Therefore, for directory synchronization users, the best way is to delete or not synchronize the user object locally.

Delete all users at once:

$users=get-msoluser

$users | Remove-MsolUser-Force

$users=Get-MsolUser-All-ReturnDeletedUsers

$users | Remove-MsolUser-RemoveFromRecycleBin-force

Remove user license:

Get-MsolAccountSku

Get-MsolUser-All | select UserPrincipalName,Licenses

Remove licenses from existing users and use Set-MsolUserLicense with the parameter-RemoveLicenses multiple licenses separated by commas.

Set-MsolUserLicense-UserPrincipalName gan@nipc.me-RemoveLicenses "reseller-account:O365_BUSINESS_PREMIUM", "reseller-account:O365_BUSINESS_ESSENTIALS"

Soft delete and hard delete user

Soft delete users are stored in deleted users, and licenses can be restored and assigned within 30 days before the permanent deletion of user data, and users can still have normal access to data and services.

Hard deletion means that the user's mailbox has been soft deleted for more than 30 days, and the associated Office 365user has been hard deleted. All mailbox contents, such as emails, contacts and files, will be permanently deleted.

Connect to the Exchange Online with the following Powershell:

Set-ExecutionPolicy RemoteSigned

$USerCredential = Get-Credential

$Session = New-PSSession-ConfigurationName Microsoft.Exchange-ConnectionUri https://partner.outlook.cn/PowerShell-LiveID/-Credential $USerCredential-Authentication Basic-AllowRedirection

Import-PSSession $Session

Get the information of the soft delete mailbox:

Get-Mailbox-SoftDeletedMailbox | Select-Object Name, ExchangeGuid

Recover mailbox:

New-MailboxRestoreRequest-SourceMailbox-TargetMailbox

View the recovery results:

Get-MailboxRestoreRequest

Manage user licen

Obtain the licensing plans in the current organization and the services and order contained in each plan (index number)

(Get-MsolAccountSku | where {$_ .AccountSkuid-eq 'reseller-account:O365_BUSINESS_PREMIUM'}) .ServiceStatus

ServicePlan ProvisioningStatus

--

Microsoft Bookings Success

SHAREPOINTWAC Success

SHAREPOINTSTANDARD Success

OFFICE_BUSINESS Success

MCOSTANDARD Success

EXCHANGE_S_STANDARD Success

If you just want the user to disable only other Exchange Online services, then assign it to the user.

First define a license variable

$LO = New-MsolLicenseOptions-AccountSkuId 'reseller-account:O365_BUSINESS_PREMIUM'-DisabledPlans' Microsoft Bookings','SHAREPOINTWAC','SHAREPOINTSTANDARD','MCOSTANDARD'

New-MsolUser-UserPrincipalName gan@nipc.me-DisplayName "Gan"-LicenseAssignment "reseller-account:O365_BUSINESS_PREMIUM"-LicenseOptions $LO-UsageLocation CN

If you have more than one user, you can create a txt file with one user account on each line:

Gan@nipc.me

Eric@nipc.me

Joe@nipc.me

Batch operations are as follows:

Get-Content "C:\ Accounts.txt" | foreach {Set-MsolUserLicense-UserPrincipalName $_-LicenseOptions $LO}

1.2.4 multiple authentication (MFA) in Office 365:

Active user selects multiple Authentication Settings in the more drop-down list

When the user MFA, you also need to enable new authentication in the Exchange Online. Exchange Online PowerShell:

Get-OrganizationConfig | ft-Auto Name,OAuth*

See if OAuth3ClientProfileEnabled is Ture.

If the result is False, change it to Ture with the following command:

Set-OrganizationConfig-OAuth3ClientProfileEnabled $true

Chapter 2 Exchange Online Management

2.1 recipient

The recipient is the object of any enabled message that can be delivered or routed.

Each recipient type has a unique value in the RecipientTypeDetails property of Exchange Online PowerShell

2.1.1 user mailbox

1. Create a user mailbox:

Active users automatically create user mailboxes when assigning Exchange online licenses.

two。 Delete mailbox

Remove-Mailbox-Identity gan@nipc.me

Permanently delete a user's mailbox, which cannot be restored after deletion:

Remove-MsolUser-UserPrincipalName gan@nipc.me-RemoveFromRecycleBin

After the mailbox is deleted, it can be verified by Get-Mailbox. When an error is returned that the mailbox cannot be found, it means that it has been deleted.

After the mailbox is deleted, Exchange Online will retain the mailbox and all its contents for 30 days when litigation retention or in-situ retention is not enabled. After 30 days, it will be permanently deleted and cannot be restored.

If the mailbox was deleted by canceling the Exchange Online license, you can reassign the license within 30 days and restore the mailbox.

If you deleted it through active users, you can restore the mailbox from deleted users within 30 days.

3. Manage email address:

An administrator can add a "primary SMTP address" and a "proxy address" of multiple "aliases" (up to 400) for the same user mailbox.

Add a SMTP address to the user's mailbox:

Set-Mailbox-Identity "Zhiyan Gan"-EmailAddresses @ {add= "ganzy@nip.com.cn", "ganzhiyan@nip.com.cn"}

Delete address:

Set-Mailbox-Identity "Zhiyan Gan"-EmailAddresses @ {remove= "ganzy@nip.com.cn", "ganzhiyan@nip.com.cn"}

You can also specify all addresses directly:

Set-Mailbox-Identity "Zhiyan Gan"-EmailAddresses SMTP: gan@nip.com.cn,gan@nipit.partner.onmschina.cn,ganzy@nip.com.cn

You can also import multiple user mailboxes from CSV files to add e-mail addresses in bulk:

Import-Csv "C:\ AddEmailAddress.csv" | foreach {Set-Mailbox-Identity $_ .Mailbox-EmailAddresses @ {add=$_.NewEmailAddress}}

4. Configure message size limits for user mailboxes:

Office 365All subscriptions, by default, users' mailboxes are restricted to 35MB for sending messages and 36MB for receiving messages.

Administrators can change the email size up to 150MB between Office 365 mailbox users, and the maximum email size is 150MB.

When sending and receiving email in Office 365 and non-O365 mailboxes, the maximum sending and receiving size is about 112MB because there is about 33% transcoding.

Change a mailbox user message size limit:

Set-Mailbox-Identity "Zhiyan Gan"-MaxSendSize 150MB-MaxReceiveSize 150MB

Modify the mailbox size limit for all users:

Get-Mailbox-RecipientTypeDetails Usermailbox-ResultSize Unlimited | Set-Mailbox-MaxSendSize 150MB-MaxReceiveSize 150MB

5. Configure message forwarding:

In the Exchange Online Management Center:

"recipient"-"mailbox"-select the mailbox to which you want to set up message forwarding, and click the "Edit" button.

"Mailbox function"-"Mail flow", click "View details"

Users configure email forwarding by themselves:

Log in to owa: https://partner.outlook.cn

Click the "Settings" button in the upper right corner-- "Mail"-- "account"-- "forward"

If you are forwarding to more than one recipient, you can create an inbox rule in OWA:

"Settings"-"Mail"-"automatic processing"-"Inbox and sorting rules"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.