Exchange Admin Center

Note: Some microsoft web page are not working with browser that has uBlock Origin add-on enabled.

See Message limits https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits?redirectedfrom=MSDN#message-limits.

1. Logon

Browse to https://admin.exchange.microsoft.com.
System Admin: Log in as Microsoft 365 - BHF IT Admin with the bhf@tbhf.onmicrosoft.com email account.
IT Helpdesk: Log in as Microsoft 365 - BHF IT Helpdesk with the bhf-it@bhf-th.org email account.

2. Manage role groups in Exchange Online

2.1. Create role

Select permissions > admin roles.
Click + icon.
Type the role name in Name field.
Click + icon under Roles.
Select the role name under DISPLAY NAME.
Click add.
Click OK.
Click + icon under Members.
Select the user name under DISPLAY NAME.
Click add.
Click OK.
Click Save.

2.2. Allow limited sender to email group

Note: If you want to add external sender, the external sender email need to be added in the Contacts
Note: If the sender is in the Guest users list, you cannot create a Contact for that sender.

Select Recipients > Groups.
Optional: Select Distribution list tab.
Optional: Select Mail-enabled security tab.
Select <Group>.
Select Settings.
Click Edit delivery management.
Choose Allow messages from people inside and outside my organization.
Type <User> in Search by name or email address field.
Click Save changes.

3. Mail Flow

3.1. Message Trace

Select Mail flow > Message trace.
Check All failed messages for the last 7 days.
Click Start a trace.
Select Failed for the Delivery status.
Choose Summary report.
Click Search.

4. Mail Flow Rules

4.1. Block sending email to external

Optional: Create SMRU block outgoing emails to all group.

Select Mail flow > Rules.
Click New.
Select Create a new rule.
Type Block sending email to external by group in the Name field.
Click More options at the bottom.
Select The recipient > is external/internal under Apply this rule if.
Select Outside the organization.
Click OK.
Click Add condition.
Select The sender > is a member of this group.
Select SMRU block outgoing emails to all.
Click add.
Click OK.
Select Block the message > reject the message and include an explanation under Do the following.
Type You can not send the email because SMRU IT block it. Contact smru-it@shoklo-unit.com for the details. in the specify rejection resion field.
Click OK.
Click Save.

4.2. Block sending email to internal

Optional: Create SMRU block outgoing emails to all group.

Select Mail flow > Rules.
Click New.
Select Create a new rule.
Type Block sending email to internal by group in the Name field.
Click More options at the bottom.
Select The recipient > is external/internal under Apply this rule if.
Select Inside the organization.
Click OK.
Click Add condition.
Select The sender > is a member of this group.
Select SMRU block outgoing emails to all.
Click add.
Click OK.
Select Block the message > reject the message and include an explanation under Do the following.
Type You can not send the email because SMRU IT block it. Contact smru-it@shoklo-unit.com for the details. in the specify rejection resion field.
Click OK.
Click Save.

5. Migration

5.1. IMAP to Exchange Online

Prepare CSV file with the format below.

EmailAddress,UserName,Password
<User>@<Domain name>,<User>@<Domain name>,<Password>
<User>@<Domain name>,<User>@<Domain name>,<Password>

EmailAddress    = Mailbox in Exchange Online
UserName        = IMAP Mailbox
Password        = IMAP Mailbox password.

Select migration.
Click … icon and select Migration endpoint.
Click + icon.
Choose IMAP.

Click Next.

IMAP server:            mail.supremecluster.com
Authentication:         Basic
Encryption:             SSL
□ Accept untrusted certificates
Port:                   993

Click Next.

Migration endpoint name:                Lonex migration
Maximum concurrent migrations:
Maximum concurrent incremental sync:

Click new.
Click OK.
Click Close.
Click + icon and select Migrate to Exchange Online.
Choose IMAP migration (supported by Exchange and other email systems).
Click Next.
Uncheck Allow unknown columns in the CSV file.
Click Browse.
Select your CSV file and click Open.

Click Next.

IMAP server:            mail.supremecluster.com
Authentication:         Basic
Encryption:             SSL
□ Accept untrusted certificates
Port:                   993

Click Next.

New migration batch name:       shoklo-unit.com - Microsoft basic final
Bad item limit:
Large item limit:
Exclude folders:

Click Next.
Click Browse.
Select bhf-it@bhf-th.org.
Click add.
Click OK.
Choose Automatically start the batch.
Click new.
Click OK.
Wait for the sync to finish.
Select Account > Sign out.

5.2. PST file to Exchange Online

Select permissions.
Select admin roles.
Select Organization Management.
Click Edit.
Click Add icon under Rolers.
Select Mail Import Export.
Click add.
Click OK.
Click Save.

Note: Azure Storage Explorer or Azure Storage AzCopy are required.
Note: Make sure the PST files are not in use.
Note: User must be a member of Mailbox Import Export role in Exchange admin center.

Browse to https://protection.office.com.
```
<User>@tbhf.onmicrosoft.com
```
Click Next.
```
********
```
Click Sign in.
Select Information governance > Import
Click New import job.
Type <import job name> in Name field.
Click Next.
Choose Upload your data
Click Next.
Click Show network upload SAS URL.
Click Copy to clipboard and paste it in a save place.
- Start Azure Storage Explorer.
- Choose Use a shared access signature (SAS) URL.
- Click Next.
- Note: the URL is from https://protection.office.com/import that you just copy it to a save place.
  Display name: ingestiondata URL: https://<guid>
- Click Next.
  Display name: ingestiondata SAS: sv=<date and guid> Expiration date: <date and time> Blob endpoint: https://<guid> Resource name: ingestiondata
- Click Connect.
- Select Local & Attached > Storage Accounts > Attached Containers > Blob Containers > ingestiondata (SAS).
- Click New Folder.
- Type Office365 in Name field.
- Click OK.
- Click Upload and select Upload Files.
```
Selected files:         <File name>.pst

Blob type:              Block Blob
■ Upload .vhd/vhdx files as page blobs (recommended)

Destination directory:  /Office365
```
- Click Upload.
- Wait for the upload to finished.
- Note: If the upload failed retry it again with Enable overwrite.
Note: You need to prepare PstImportMappingFile. (can use MailboxGUID instead of email account)
Check I’m done uploading my files.
Check I have access to the mapping file.
Click Next.
Click Select mapping file.
Choose PstImportMappingFile.csv file and click Open.
Click Validate.
Click Save.
Click Close.
Wait till the status is Analysis completed.
Click Ready to import to Office 365.
Click Close.
Click Import to Office 365.
Choose No, I want to import everything.
Click Next.
Click Import data.
Click Close.

6. Connect to Exchange Online

6.1. PowerShell

Old: Install Azure Active Directory module.

Enter the following commands at a PowerShell Command Prompt with administrative privileges.

$Module = Get-InstalledModule -ErrorAction SilentlyContinue -Name ExchangeOnlineManagement
if ($Module -eq $Null) { Install-Module -Force -Name ExchangeOnlineManagement -Scope AllUsers }
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
Disconnect-ExchangeOnline -Confirm:$False

Enter the following commands at a PowerShell Command Prompt.

$Module = Get-InstalledModule -ErrorAction SilentlyContinue -Name ExchangeOnlineManagement
if ($Module -eq $Null) { Install-Module -Force -Name ExchangeOnlineManagement -Scope AllUsers }
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
# Find the MailboxGUID
Get-Mailbox "<User>@<Domain name>" | fl "GUID"
Get-Mailbox "<User name>" | fl "GUID"

Disconnect-ExchangeOnline -Confirm:$False

List all users

See https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps.

$Module = Get-InstalledModule -ErrorAction SilentlyContinue -Name ExchangeOnlineManagement
if ($Module -eq $Null) { Install-Module -Force -Name ExchangeOnlineManagement -Scope AllUsers }
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
$MailBoxes = Get-EXOMailbox -ResultSize Unlimited
$MailBoxStatistics = $Mailboxes | Get-EXOMailboxStatistics

# Get all email addresses sorted by name.
$MailBoxes | Select-Object DisplayName, PrimarySmtpAddress |
    Sort-Object -Property DisplayName
$MailBoxes | Select-Object DisplayName, PrimarySmtpAddress |
    Sort-Object -Property DisplayName |
    Export-CSV "C:\Tmp\Email-Addresses.csv" -NoTypeInformation -Encoding UTF8


# List mailboxes sorted by size.
$MailBoxStatistics |
    Select-Object DisplayName, TotalItemSize, ItemCount |
    Sort-Object -Descending -Property TotalItemSize

# List mailboxes sorted by Name.
$MailBoxStatistics |
    Select-Object DisplayName, TotalItemSize, LastLogonTime |
    Sort-Object -Property DisplayName

Disconnect-ExchangeOnline -Confirm:$False

Calculate the average of the mailbox size

$Module = Get-InstalledModule -ErrorAction SilentlyContinue -Name ExchangeOnlineManagement
if ($Module -eq $Null) { Install-Module -Force -Name ExchangeOnlineManagement -Scope AllUsers }
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

#Get-Mailbox -Resultsize Unlimited | Get-MailboxStatistics | %{$_.TotalItemSize.Value.ToMB()} | Measure-Object -Average
Disconnect-ExchangeOnline -Confirm:$False

Disable Self-service Purchase through PowerShell.

7. List Forwarded Mailboxes

Note: Microsoft Graph does not provide this functionality yet.

Enter the following commands at a PowerShell Command Prompt.

$Module = "ExchangeOnlineManagement"
if (Get-InstalledModule -ErrorAction SilentlyContinue -Name $Module) {
    Update-Module -Force -Name $Module
} else {
    Install-Module -Force -Name $Module -Scope AllUsers
}

Import-Module ExchangeOnlineManagement          # Connect-ExchangeOnline, Disconnect-ExchangeOnline

Connect-ExchangeOnline
# Type "bhf@tbhf.onmicrosoft.com" for the email and click "Next".
# Type the password and click "Sign in".
# Type the 6-digit verification code and click "Verify".

Get-EXOMailbox -Filter { ForwardingSmtpAddress -ne $Null -or ForwardingAddress -ne $Null } `
    -ResultSize Unlimited -Properties ForwardingAddress, ForwardingSMTPAddress, DeliverToMailboxAndForward |
    Select-Object -Property DisplayName, PrimarySmtpAddress, ForwardingSMTPAddress, DeliverToMailboxAndForward |
    Sort-Object -Property DisplayName

$Mailboxes = Get-Mailbox -Resultsize Unlimited
foreach ($Mailbox in $Mailboxes) {
    Get-InboxRule -Mailbox $MailBox |
    Where-Object { $_.ForwardTo -ne $Null -or $_.ForwardAsAttachmentTo -ne $Null -or $_.RedirectTo -ne $Null } |
    Select-Object -Property Name, ForwardTo, ForwardAsAttachmentTo, RedirectTo
}

$Mailboxes = Get-EXOMailbox -Resultsize Unlimited
foreach ($Mailbox in $Mailboxes) {
    Get-InboxRule -Mailbox $Mailbox -IncludeHidden |
        Where-Object { $_.ForwardTo -ne $Null -or $_.ForwardAsAttachmentTo -ne $Null -or $_.RedirectTo -ne $Null } |
        Select-Object -Property DisplayName, ForwardTo, ForwardAsAttachmentTo, RedirectTo
}

Disconnect-ExchangeOnline -Confirm:$False

8. List Inactive Domain Accounts

Type Get-ADInactiveUsers at a Command Prompt with administrative privileges.
See Get account last logon date.

Shown below is the output on 2024-08-23.

Name                      Enabled LastLogonDate
----                      ------- -------------
Saw Moo Khee Lar             True
Wai Yan Naing                True
Nway Nway Paing              True
Verena                      False 2021-10-05 03:38:08
Napat Khirikoekkong         False 2021-12-20 10:55:29
December Chit Yee           False 2021-12-31 14:14:11
Naw Paw Ler Lah              True 2022-06-14 08:23:46
mookhopaw                   False 2022-06-30 12:01:33
Saw Kay Lay                  True 2023-02-01 15:28:03
Sa Ba                        True 2023-03-17 10:09:17
Thae Thae Naing              True 2023-07-17 16:28:35
Naw Say Thwe Paw             True 2023-08-02 11:16:31
Ah cee                       True 2023-08-04 09:31:10
Naw Dah Ray                  True 2023-08-04 09:47:51
Pornpimon Wilaisrisak       False 2023-09-14 09:23:45
Htoo Plo                     True 2023-09-19 09:01:45
Thaku                        True 2023-09-26 16:11:46
Yu Lee                       True 2024-01-23 17:59:34
Saw Wah Ray                  True 2024-01-25 15:15:53
Muesuwa Trakoolcheangkaew    True 2024-01-31 16:04:25
Sawthukha                    True 2024-04-27 19:13:04
Manlika Mansomsakunchai      True 2024-05-04 10:51:43
Saw Taw Tha Pwee             True 2024-05-20 13:07:49
Pimrada                      True 2024-06-06 13:32:22
Yada Wilaisrisak             True 2024-06-14 09:12:32
Saw Donal Htoo               True 2024-06-28 13:59:31
Naw Esther                   True 2024-07-02 13:25:05
Aung Pyae Phyo               True 2024-07-03 15:33:52
Saw Phee Do                  True 2024-07-08 13:30:45
Roosmarijn                   True 2024-07-17 13:22:20
Diluai Laongmekkhajeeprai    True 2024-07-18 15:56:26
Muenopi Sakhonmalee          True 2024-07-22 13:54:01
Siam                         True 2024-07-24 10:47:56

9. List Inactive Mailboxes

Enter the following commands at a PowerShell Command Prompt.

$Modules = @(
    "Microsoft.Graph.Authentication"                    # Connect-MgGraph, Disconnect-MgGraph, Get-MgContext
    "Microsoft.Graph.Groups"                            # Get-MgGroup
#   "Microsoft.Graph.Identity.DirectoryManagement"      # Get-MgOrganization
    "Microsoft.Graph.Users"                             # Get-MgUser
)
Disconnect-MgGraph -ErrorAction SilentlyContinue
foreach ($Module in $Modules) {
    Remove-Module -ErrorAction SilentlyContinue -Force -Name $Module
}
foreach ($Module in $Modules) {
    if (Get-InstalledModule -ErrorAction SilentlyContinue -Name $Module) {
        Update-Module -Force -Name $Module
    } else {
        Install-Module -Force -Name $Module -Scope AllUsers
    }
    Import-Module -Name $Module
}
Get-InstalledModule

Connect-MgGraph -NoWelcome -Scopes "Group.Read.All", "User.Read.All"
# Type "bhf@tbhf.onmicrosoft.com" for the email and click "Next".
# Type the password and click "Sign in".
# Type the 6-digit verification code and click "Verify".
# Optional: Check "Consent on behalf of your organization".
# Optional: Click "Accept".

Get-MgContext
Get-MgContext | Select-Object -ExpandProperty Scopes

$Special = @(
    # Accounts that are forwarded: Microsoft 365 admin center > Users > Active users.
    @{ DisplayName = "Aung Pyae Phyo";                   Mail = "aungpyaephyo@shoklo-unit.com"; UserPrincipalName = "aungpyaephyo@shoklo-unit.com" }    # Aungpyaephyo@tropmedres.ac
    @{ DisplayName = "BHF IT";                           Mail = "bhf-it@bhf-th.org";            UserPrincipalName = "bhf-it@bhf-th.org" }               # smru-it@shoklo-unit.com
    @{ DisplayName = "BHF IT Admin";                     Mail = "bhf@tbhf.onmicrosoft.com";     UserPrincipalName = "bhf@tbhf.onmicrosoft.com" }        # tbhf@bhf-th.org
    @{ DisplayName = "Francois Nosten";                  Mail = "francois@shoklo-unit.com";     UserPrincipalName = "francois@shoklo-unit.com" }        # Francois@tropmedres.ac
    @{ DisplayName = "Germana Bancone";                  Mail = "germana@shoklo-unit.com";      UserPrincipalName = "germana@shoklo-unit.com" }         # germana@tropmedres.ac
    @{ DisplayName = "Inventory";                        Mail = "inventory@shoklo-unit.com";    UserPrincipalName = "inventory@shoklo-unit.com" }       # douwe@shoklo-unit.com
    @{ DisplayName = "Procurement BHF";                  Mail = "procurement@bhf-th.org";       UserPrincipalName = "procurement@bhf-th.org" }          # smru-procurement@shoklo-unit.com
    @{ DisplayName = "Root";                             Mail = "root@shoklo-unit.com";         UserPrincipalName = "root@shoklo-unit.com" }            # smru-it@shoklo-unit.com
    @{ DisplayName = "Shoklo Malaria Research Unit";     Mail = "shokloun@shoklo-unit.com";     UserPrincipalName = "shokloun@shoklo-unit.com" }        # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-HPH";                     Mail = "smru-sfw-hph@shoklo-unit.com"; UserPrincipalName = "smru-sfw-hph@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-MKU";                     Mail = "smru-sfw-mku@shoklo-unit.com"; UserPrincipalName = "smru-sfw-mku@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-MKT";                     Mail = "smru-sfw-mkt@shoklo-unit.com"; UserPrincipalName = "smru-sfw-mkt@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-MLA";                     Mail = "smru-sfw-mla@shoklo-unit.com"; UserPrincipalName = "smru-sfw-mla@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-MRM";                     Mail = "smru-sfw-mrm@shoklo-unit.com"; UserPrincipalName = "smru-sfw-mrm@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-MSL";                     Mail = "smru-sfw-msl@shoklo-unit.com"; UserPrincipalName = "smru-sfw-msl@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-SKK";                     Mail = "smru-sfw-skk@shoklo-unit.com"; UserPrincipalName = "smru-sfw-skk@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-TST";                     Mail = "smru-sfw-tst@shoklo-unit.com"; UserPrincipalName = "smru-sfw-tst@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "SMRU-SFW-WPA";                     Mail = "smru-sfw-wpa@shoklo-unit.com"; UserPrincipalName = "smru-sfw-wpa@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "TBHF-ANC-MRM";                     Mail = "tbhf-anc-mrm@shoklo-unit.com"; UserPrincipalName = "tbhf-anc-mrm@shoklo-unit.com" }    # smru-it@shoklo-unit.com
    @{ DisplayName = "The Borderland Health Foundation"; Mail = "bhf@bhf-th.org";               UserPrincipalName = "bhf@bhf-th.org" }                  # smru-it@shoklo-unit.com

    # Guest users: Microsoft 365 admin center > Users > Guest users.
    @{ DisplayName = "David Burton";                     Mail = "david@tropmedres.ac";          UserPrincipalName = "david_tropmedres.ac#EXT#@tbhf.onmicrosoft.com" }
    @{ DisplayName = "Francois Nosten";                  Mail = "francois@tropmedres.ac";       UserPrincipalName = "francois_tropmedres.ac#EXT#@tbhf.onmicrosoft.com" }
    @{ DisplayName = "Germana Bancone";                  Mail = "germana@tropmedres.ac";        UserPrincipalName = "germana_tropmedres.ac#EXT#@tbhf.onmicrosoft.com" }
    @{ DisplayName = "Napat Khirikoekkong";              Mail = "napat@tropmedres.ac";          UserPrincipalName = "napat_tropmedres.ac#EXT#@tbhf.onmicrosoft.com" }
    @{ DisplayName = "Pattira Intanil";                  Mail = "pattira@tropmedres.ac";        UserPrincipalName = "pattira_tropmedres.ac#EXT#@tbhf.onmicrosoft.com" }
    @{ DisplayName = "Wanitda Watthanaworawit";          Mail = "wanitda@tropmedres.ac";        UserPrincipalName = "wanitda_tropmedres.ac#EXT#@tbhf.onmicrosoft.com" }
    @{ DisplayName = "Wannee Ritwongsakul (MORU)";       Mail = "wannee@tropmedres.ac";         UserPrincipalName = "wannee_tropmedres.ac#EXT#@tbhf.onmicrosoft.com" }

    @{ DisplayName = "Endian Firewall";                  Mail = "smru_efw@shoklo-unit.com";     UserPrincipalName = "smru_efw@shoklo-unit.com" }                # To be deleted
    @{ DisplayName = "HPH Admin";                        Mail = "hph-admin@shoklo-unit.com";    UserPrincipalName = "hph-admin@shoklo-unit.com" }               # Deleted
    @{ DisplayName = "IT Notify (Shoklo)";               Mail = "it-notify@shoklo-unit.com";    UserPrincipalName = "it-notify@shoklo-unit.com" }               # SMRU IT: Read by System Admins
    @{ DisplayName = "KK Admin";                         Mail = "kk-admin@shoklo-unit.com";     UserPrincipalName = "kk-admin@shoklo-unit.com" }                #
    @{ DisplayName = "MKT Medics";                       Mail = "mkt-medics@shoklo-unit.com";   UserPrincipalName = "mkt-medics@shoklo-unit.com" }              #
    @{ DisplayName = "MKT MT";                           Mail = "mkt-mt@shoklo-unit.com";       UserPrincipalName = "mkt-mt@shoklo-unit.com" }                  #
    @{ DisplayName = "MSL Admin";                        Mail = "msl-admin@shoklo-unit.com";    UserPrincipalName = "msl-admin@shoklo-unit.com" }               #
    @{ DisplayName = "Postmaster";                       Mail = "postmaster@shoklo-unit.com";   UserPrincipalName = "postmaster@shoklo-unit.com" }              # ???
    @{ DisplayName = "Powershell";                       Mail = "powershell@shoklo-unit.com";   UserPrincipalName = "powershell@shoklo-unit.com" }              # SMRU IT: To send email for Delta Windows Tools
    @{ DisplayName = "PSEA SMRU";                        Mail = "psea@shoklo-unit.com";         UserPrincipalName = "psea@shoklo-unit.com" }                    # Check with Thomp and Wayne
    @{ DisplayName = "Relay";                            Mail = "relay@shoklo-unit.com";        UserPrincipalName = "relay@shoklo-unit.com" }                   # SMRU IT: ???
    @{ DisplayName = "sharepoint admin";                 Mail = "";                             UserPrincipalName = "sharepoint-admin@shoklo-unit.com" }        # Undeliverable: ???
    @{ DisplayName = "SMRU-SFW-MRH";                     Mail = "smru-sfw-mrh@shoklo-unit.com"; UserPrincipalName = "smru-sfw-mrh@shoklo-unit.com" }            # To be deleted
    @{ DisplayName = "SMRU Admin";                       Mail = "admin@bhf-th.org";             UserPrincipalName = "admin@bhf-th.org" }                        # SMRU IT: ???
    @{ DisplayName = "SMRU Finance";                     Mail = "smru_finance@shoklo-unit.com"; UserPrincipalName = "smru_finance@shoklo-unit.com" }            # To be deleted
    @{ DisplayName = "Test";                             Mail = "test@shoklo-unit.com";         UserPrincipalName = "test@shoklo-unit.com" }                    # SMRU IT: For testing
    @{ DisplayName = "Training HPH";                     Mail = "training-hph@shoklo-unit.com"; UserPrincipalName = "training-hph@shoklo-unit.com" }            # Check with Dr. Thaw
    @{ DisplayName = "Training MKU";                     Mail = "training-mku@shoklo-unit.com"; UserPrincipalName = "training-mku@shoklo-unit.com" }            # Check with Dr. Thaw
    @{ DisplayName = "Training MKT";                     Mail = "training-mkt@shoklo-unit.com"; UserPrincipalName = "training-mkt@shoklo-unit.com" }            # Check with Dr. Thaw
    @{ DisplayName = "Training MSL";                     Mail = "training-msl@shoklo-unit.com"; UserPrincipalName = "training-msl@shoklo-unit.com" }            # Check with Dr. Thaw
    @{ DisplayName = "Training SKK";                     Mail = "training-skk@shoklo-unit.com"; UserPrincipalName = "training-skk@shoklo-unit.com" }            # Check with Dr. Thaw
    @{ DisplayName = "Training WPA";                     Mail = "training-wpa@shoklo-unit.com"; UserPrincipalName = "training-wpa@shoklo-unit.com" }            # Check with Dr. Thaw
    @{ DisplayName = "Wannee Ritwongsakul (BHF)";        Mail = "wannee@bhf-th.org";            UserPrincipalName = "wannee@bhf-th.org" }                       # Check with Wannee, no reads
    @{ DisplayName = "Wannee Ritwongsakul (SMRU)";       Mail = "wannee@shoklo-unit.com";       UserPrincipalName = "wannee@shoklo-unit.com" }                  # Check with Wannee
    @{ DisplayName = "WPA Medics";                       Mail = "wpa-medics@shoklo-unit.com";   UserPrincipalName = "wpa-medics@shoklo-unit.com" }              #
)

# Todo: sharepoint-admin@shoklo-unit.com: Mail property is empty !!!
#       DisplayName      Id                                   Mail UserPrincipalName
#       -----------      --                                   ---- -----------------
#       sharepoint admin bed9f973-f838-47d7-9b9c-6cedddcc4cd3      sharepoint-admin@shoklo-unit.com

# $Users | Sort-Object -Property UserPrincipalName | Select-Object -ExpandProperty UserPrincipalName

# List all mailboxes with last logon time older than 30 days.
$Users = Get-MgUser -All -Property SignInActivity | Sort-Object -Property DisplayName, Mail
$Users.Count

$InactiveUsers = $Users |
    Where-Object { $Special.DisplayName -notcontains $_.DisplayName } |
    Where-Object { $_.SignInActivity.LastSuccessfulSignInDateTime -lt (Get-Date).AddDays(-30) }

foreach ($User in $InactiveUsers) {
    $LastSuccessfulSignInDateTime = $User.SignInActivity.LastSuccessfulSignInDateTime
    $User | Add-Member -Force -MemberType NoteProperty -Name LastSuccessfulSignInDateTime -Value $LastSuccessfulSignInDateTime
}
#$InactiveUsers |
#    Select-Object -Property DisplayName, Mail, LastSuccessfulSignInDateTime |
#    Sort-Object -Property LastSuccessfulSignInDateTime

$InactiveUsers | Select-Object -Property DisplayName, Mail, LastSuccessfulSignInDateTime


foreach ($Module in $Modules) {
    Remove-Module -ErrorAction SilentlyContinue -Force -Name $Module
}
Disconnect-MgGraph -ErrorAction SilentlyContinue

Log on to Microsoft 365 Admin Center and select Users > Active Users to delete an email account.

Select the email account to delete.
Select Licenses and apps.
Uncheck Microsoft 365 Business Basic.
Click Save changes.
Select Delete user.
Click Delete user to confirm.

Click Close.

DisplayName                Mail                         LastSuccessfulSignInDateTime  AD Account      Resigned  Comment
-----------                ----                         ----------------------------  ----------      --------  -------
December Win               decemberwin@shoklo-unit.com                                No              No                                DO NOT DELETE
Diluai Laongmekkhajeeprai  diluai@shoklo-unit.com        2024-07-18 09:04:09
Hser Gay Paw               hsergaypaw@shoklo-unit.com                                 No              ?
Hser Khu Moo               hserkhumoo@shoklo-unit.com                                 No              ?
Htun Htun Win              htunhtunwin@shoklo-unit.com                                No              ?
Khinsan Myint              khinsanmyint@shoklo-unit.com                               No              ?
Kle Ba Wah                 klebawah@shoklo-unit.com                                   No              ?
Lay Lay Wah                laylaywah@shoklo-unit.com    2024-07-03 16:40:48           No              ?
Mithan                     mithan@shoklo-unit.com                                     No              ?
Mushell Darakamon          siam@shoklo-unit.com                                       Yes             No
Naw Dah                    nawdah@shoklo-unit.com                                     No              ?
Naw Gay                    nawgay@shoklo-unit.com                                     No              ?
Naw Lae Lai                nawlaelai@shoklo-unit.com                                  No              ?
Naw Paw Kmoo Eh            nawpawkmooeh@shoklo-unit.com                               No              Yes
Naw Paw Ler Wah            nawpawlerlah@shoklo-unit.com                               Yes             No                                DO NOT DELETE
Naw Paw Mu                 nawpawmu@shoklo-unit.com                                   No              ?
Naw Pay                    nawpay@shoklo-unit.com                                     No              ?
Naw Poe Dah                nawpoedah@shoklo-unit.com                                  No              ?
Naw Ta Mlar Paw            nawtamlarpaw@shoklo-unit.com                               No              ?
Naw Yeh Htoo               nawyehhtoo@shoklo-unit.com                                 No              ?
Naw Yu Lee                 nawyulee@shoklo-unit.com      2024-06-23 08:55:25
Nawcicelia                 nawcicelia@shoklo-unit.com                                 No              ?
Nawpic                     nawpic@shoklo-unit.com                                     No              ?
Nway Nway Paing            nwaynwaypaing@shoklo-unit.com
Paw Paw                    pawpaw@shoklo-unit.com                                     No              ?
Pway Mu Paw                pwaymupaw@shoklo-unit.com                                  No              ?
Rosy Soe                   rosysoe@shoklo-unit.com                                    No              ?
Saw Wah Ray                sawwahray@shoklo-unit.com                                  Yes             ?
SMRU Veeam                 SMRU-Veeam@shoklo-unit.com
Sylverine                  sylverine@shoklo-unit.com                                  No              ?
Than Than Oo               thanthanoo@shoklo-unit.com                                 No              ?
Thaw Wah Paw               thawwahpaw@shoklo-unit.com                                 No              ?
Thida Zin                  thidazin@shoklo-unit.com                                   No              ?

tbhf-it@bhf-th.org      Fortinet + TBHF CrowdStrike

9.1. List Groups

Enter the following commands at a PowerShell Command Prompt.

$Groups = Get-MgGroup -All | Sort-Object -Property DisplayName
$Groups = $Groups | Select-Object -Property DisplayName, MailNickname, Description, MailEnabled, SecurityEnabled, GroupTypes
$Groups | Where-Object { $_.MailNickname -eq "smru-it" }

$DistributionLists = $Groups | Where-Object { $_.MailEnabled -eq $True -and $_.SecurityEnabled -eq $False -and $_.GroupTypes -notcontains "Unified" }
$SecurityGroups = $Groups | Where-Object { $_.SecurityEnabled -eq $True -and $_.GroupTypes -notcontains "Unified" }
$TeamsAndMicrosoft365Groups = $Groups | Where-Object { $_.MailEnabled -eq $True -and $_.GroupTypes -contains "Unified" }


$TeamsAndMicrosoft365Groups.Count
$TeamsAndMicrosoft365Groups | Format-Table
$DistributionLists.Count
$DistributionLists | Format-Table
$SecurityGroups.Count
$SecurityGroups | Format-Table

# Teams & Microsoft 365 Groups with Security disabled.
$Groups | Where-Object { $_.SecurityEnabled -eq $False -and $_.GroupTypes -contains "Unified" }
# Teams & Microsoft 365 Groups with Security enabled.
$Groups | Where-Object { $_.SecurityEnabled -eq $True  -and $_.GroupTypes -contains "Unified" }

10. List Mailboxes for John Bleho

11. Mailbox Retention

See https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-user-mailboxes/change-deleted-item-retention.

Enter the following commands at a PowerShell Command Prompt.

# Check deleted items retention days for a user.
Get-Mailbox surachard@shoklo-unit.com | Format-List RetainDeletedItemsFor

# Set deleted items retention days to 30 for a user.
Set-Mailbox -Identity surachard@shoklo-unit.com -RetainDeletedItemsFor 30
Get-Mailbox surachard@shoklo-unit.com | Format-List RetainDeletedItemsFor

# Check deleted items retention days for all users.
Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Format-List Name,RetainDeletedItemsFor

# Set deleted items retention days to 30 for all users.
Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Set-Mailbox -RetainDeletedItemsFor 30
Get-Mailbox -ResultSize unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Format-List Name,RetainDeletedItemsFor

12. Duplicate Mailbox

Note: Adding or removing a user for allowing to use a distribution group fails when someone has duplicate mailboxes.

Enter the following commands at a PowerShell Command Prompt.

# Fix duplicate mailboxes alias.
# This fixes the "Delivery management" issue for the SMRU-ALL distribution group
# and any PowerShell setting for all users.
Get-Mailbox wannee@bhf-th.org
Set-Mailbox wannee@bhf-th.org -Alias "wannee_r"
Get-Mailbox wannee@bhf-th.org

13. SMTP Relay

Note: Make sure that the domain MX record (at Settings > Domains > shoklo-unit.com > DNS records) is set to shoklounit-com01e.mail.protection.outlook.com.

Select Mail flow.
Select Connectors.
Click Add a connector icon.
Choose Your organization’s email server under Connection from.
Choose Office 365 under Connection to.
Click Next.
Type Microsoft 365 SMTP relay in Name field.
Check Turn it on.
Check Retain internal Exchange email headers.
Click Next.
Choose By verifying that the IP address of the sending server matches one of the following IP addresses, which belong exclusively to your organization.
Type 110.77.148.10 in the IP address field.
Click the Plus icon.
Click Next.
Click Create connector.
Click Done.

Enter the following commands at a PowerShell Command Prompt.

. 'C:\Program Files\Delta Software Labs\Windows-Tools\Debug.ps1'
[System.Net.ServicePointManager]::SecurityProtocol
Send-InsecureEmail

Failed: Mailbox unavailable.
The server response was: 5.7.1 Service unavailable, Client host [110.77.148.10] blocked using Spamhaus.
To request removal from this list see https://www.spamhaus.org/query/ip/110.77.148.10
AS(1450) [HK2PEPF00006FB3.apcprd02.prod.outlook.com 2024-05-10T04:33:49.549Z 08DC6E24F378BC96]

Email From:             powershell@shoklo-unit.com
Email To:               smru-it@shoklo-unit.com
Email Subject:          SMRU Test
Email Server:           shoklounit-com01e.mail.protection.outlook.com
Send-MailMessage:       Passed

14. Turn Focused Inbox On or Off

Enter the following commands at a PowerShell Command Prompt.

$Module = Get-InstalledModule -ErrorAction SilentlyContinue -Name ExchangeOnlineManagement
if ($Module -eq $Null) { Install-Module -Force -Name ExchangeOnlineManagement -Scope AllUsers }
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

Get-OrganizationConfig
Set-OrganizationConfig -FocusedInboxOn $false           # Turn Off
Set-OrganizationConfig -FocusedInboxOn $true            # Turn On
Disconnect-ExchangeOnline -Confirm:$False

15. Disable Remote PowerShell Access

Enter the following commands at a PowerShell Command Prompt.

$Module = Get-InstalledModule -ErrorAction SilentlyContinue -Name ExchangeOnlineManagement
if ($Module -eq $Null) { Install-Module -Force -Name ExchangeOnlineManagement -Scope AllUsers }
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

# Display the remote PowerShell access status for all users.
Get-User -ResultSize Unlimited | Format-Table Name,DisplayName,UserPrincipalName,RemotePowerShellEnabled -AutoSize

# Disable access to remote PowerShell for all user except "bhf@tbhf.onmicrosoft.com" and "bhf-it@bhf-th.org" users.
$Users = Get-User -ResultSize Unlimited
Foreach ($User in $Users) {
    if (( $User.UserPrincipalName -ne "bhf@tbhf.onmicrosoft.com") -and ( $User.UserPrincipalName -ne "bhf-it@bhf-th.org")) {
#       $User.UserPrincipalName
#       $User.Identity
#       $UserIdentity = $User.Identity
#       Set-User -Identity $UserIdentity -RemotePowerShellEnabled $false
        Set-User -Identity $User.Identity -RemotePowerShellEnabled $false
    }
}

# Display the remote PowerShell access status for all users.
Get-User -ResultSize Unlimited | Format-Table Name,DisplayName,UserPrincipalName,RemotePowerShellEnabled -AutoSize
Disconnect-ExchangeOnline -Confirm:$False

16. Junk E-Mail

Disable the junk email rule on mailbox.

Enter the following commands at a PowerShell Command Prompt.

$Module = Get-InstalledModule -ErrorAction SilentlyContinue -Name ExchangeOnlineManagement
if ($Module -eq $Null) { Install-Module -Force -Name ExchangeOnlineManagement -Scope AllUsers }
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

Get-MailboxJunkEmailConfiguration -Identity "<user name>" | Format-List Enabled
Set-MailboxJunkEmailConfiguration -Identity "<user name>" -Enabled $false
Get-MailboxJunkEmailConfiguration -Identity "<user name>" | Format-List Enabled

# On all user mailboxes but failed with duplicate mailboxes.
$All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited; $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -Enabled $false}
$All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited; $All | foreach {Set-MailboxJunkEmailConfiguration $_.Identity -Enabled $false}

# On all user mailboxes.
$MailBoxes = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
$AllMailBoxes = Foreach ($Mailbox in $MailBoxes) {$MailBox.EmailAddresses -match 'sip' -replace 'sip:',''}
$JunkMailBoxes = Foreach ($AllMailBox in $AllMailBoxes) {Get-MailboxJunkEmailConfiguration -Identity $AllMailBox}
$JunkMailBoxesEnabled = Foreach ($JunkMailbox in $JunkMailBoxes) {$JunkMailBox.Identity + ": " + $JunkMailBox.Enabled}
$JunkMailBoxesEnabled | sort > C:\Tmp\JunkMailBoxesEnabled.txt
Foreach ($AllMailBox in $AllMailBoxes) {Set-MailboxJunkEmailConfiguration $AllMailBox -Enabled $false}
# Show JunkMailBoxes enabled.
#Foreach ($AllMailBox in $AllMailBoxes) {Get-MailboxJunkEmailConfiguration -Identity $AllMailBox | Format-List Enabled}
$JunkMailBoxes = Foreach ($AllMailBox in $AllMailBoxes) {Get-MailboxJunkEmailConfiguration -Identity $AllMailBox}
$JunkMailBoxesEnabled = Foreach ($JunkMailbox in $JunkMailBoxes) {$JunkMailBox.Identity + ": " + $JunkMailBox.Enabled}
$JunkMailBoxesEnabled | sort > C:\Tmp\JunkMailBoxesEnabled.txt

# Need to test the following command
Get-Mailbox | Set-MailboxJunkEmailConfiguration -Enabled $False

Disconnect-ExchangeOnline -Confirm:$False

17. EOP

Browse to https://admin.microsoft.com.
```
<User>@tbhf.onmicrosoft.com
```
Click Next.
```
********
```
Click Sign in.
Click Show all.
Select Admin centers > Exchange.
Select Protection.
Select spam filter.

Click New.

Name:                                   SMRU Spam Filter
Description:
Spam:                                   Prepend subject line with text
High confidence spam:                   Move message to Junk Email folder

Bulk email:                             ■ Mark bulk email as spam
7 (Default)

Quarantine                              15
Add this X-header text:
Prepend subject line with this text:    [Spam-Check-SMRU-IT] □
Redirect to this email address:

block lists
BLOCK SENDER

Domain block list
BLOCKED DOMAIN

allow lists
ALLOWED SENDER

Domain allow list
ALLOWED DOMAIN

international spam
□ Filter email messages written in the following languages

□ Filter email messages sent from the following countries or regions

Advanced option
Image links to remote sites:                    Off
Numeric IP address in URL:                      Off
URL redirect to other port:                     Off
URL to .biz or .info websites:                  Off

Mark as Spam
Empty messages:                                 Off
JavaScript or VBScript in HTML:                 Off
Frame or IFrame tags in HTML:                   Off
Object tags in HTML:                            Off
Embed tags in HTML:                             Off
Form tags in HTML:                              Off
Web bugs in HTML:                               Off
Apply sensitive word list:                      Off
SPF record: hard fail:                          Off
Conditional Sender ID filtering: hard fail:     Off
NDR backscatter:                                Off

Test Mode Options
● None
○ Add the default test X-header text
○ Send a Bcc message to this address:

Applied To
If…
  The recipient domain is                       'bhf-th.org' or 'shoklo-unit.com' or 'tbhf.onmicrosoft.com'
  add condition
Except if…
  add exception

Click Save.
Click OK.

17.1. Allowed Senders

Browse to https://protection.office.com.
Login with Microsoft 365 Admin account.
Select Threat management > Policy.
Select Anti-spam.
Select SMRU anti-spam inbound policy.
Scroll down and click Edit allowed and blocked senders and domains.
Click Manage # sender(s).
Click + to add senders.

Type the sender address in Enter a sender address field.

FSRM@shoklo-unit.com
john=tropmedres.ac@mail275.bms6.bmsend.com

Click Add senders.
Click Done.
Click Save.
Click Close.

17.2. Spoofed Senders

See https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/learn-about-spoof-intelligence?view=o365-worldwide.

17.2.1. PowerShell

List all allowed and blocked senders in spoof intelligence.

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Get-PhishFilterPolicy -AllowedToSpoof Yes -Detailed -SpoofType Internal | Format-Table
Get-PhishFilterPolicy -AllowedToSpoof No  -Detailed -SpoofType Internal | Format-Table
Get-PhishFilterPolicy -AllowedToSpoof Yes -Detailed -SpoofType External | Format-Table
Get-PhishFilterPolicy -AllowedToSpoof No  -Detailed -SpoofType External | Format-Table

17.2.2. GUID

Allow or block senders to spoof.

Browse to https://protection.office.com.
Login with Microsoft 365 Admin account.
Select Threat management > Policy.
Select Anti-spam.
Expand Spoof intelligence policy.
Click Review new senders.
Internal: Select Your Domains tab.
External: Select External Domains tab.
Allow: Click <user@domain> | No and select Yes.
Block: Click <user@domain> | Yes and select No.
Click Save.
Click Close.
Select Account manager > Sign out.
Close Browser.

18. Quarantine Emails

18.1. Release Message

Browse to https://protection.office.com.
Login with Microsoft 365 Admin account.
Select Threat management > Review.
Select Quarantine.
Select quarantine message(s) you need to release.
Click Release message.
Check Report messages to Microsoft for analysis.
Choose Release messages to all recipients.
Click Release message.
Click Close.
Select Account manager > Sign out.
Close Browser.

19. Connectors

19.1. Mimecast to Microsoft 365 (Inbound)

Select Mail flow.
Select Connectors.
Click Mimecast to Microsoft 365 (Inbound)
Select Edit restrictions.
Check Reject email messages if they aren’t sent over TLS.
Uncheck And require that the subject name on the certificate that the partner uses to authenticate with Office 365 matches this domain name.

Add the following 10 IP addresses as at 2025-06-04 for Europe (Excluding Germany) that can be found at Administration - Data Centers & URLs in the Always allow messages from the following IP addresses or address range field.

193.7.204.0/24, 193.7.205.0/24, 195.130.217.0/24, 91.220.42.0/24, 185.58.84.0/24,

185.58.85.0/24, 185.58.86.0/24, 185.58.87.0/24, 207.82.80.0/24, 146.101.78.0/24

Mail flow scenario
From: Parter organization
To:Office 365


Name
Mimecast to Microsoft 365 (Inbound)

Status
On
Edit name or status


How to identify your partner organization
Identify the partner organization by verifying that messages are coming from these domains: *
Edit sent email identity


Security restrictions

Reject messages if they aren't encrypted using Transport Layer Security (TLS)

Reject messages if they don't come from within these IP address ranges:
146.101.78.0/24, 207.82.80.0/24, 185.58.87.0/24, 185.58.86.0/24, 185.58.85.0/24,
185.58.84.0/24, 91.220.42.0/24, 195.130.217.0/24, 193.7.205.0/24, 193.7.204.0/24.

Edit restrictions

Click Save.

Exchange Admin Center

Home

1. Logon

2. Manage role groups in Exchange Online

2.1. Create role

2.2. Allow limited sender to email group

3. Mail Flow

3.1. Message Trace

4. Mail Flow Rules

4.1. Block sending email to external

4.2. Block sending email to internal

5. Migration

5.1. IMAP to Exchange Online

5.2. PST file to Exchange Online

6. Connect to Exchange Online

6.1. PowerShell

7. List Forwarded Mailboxes

8. List Inactive Domain Accounts

9. List Inactive Mailboxes

9.1. List Groups

10. List Mailboxes for John Bleho

11. Mailbox Retention

12. Duplicate Mailbox

13. SMTP Relay

14. Turn Focused Inbox On or Off

15. Disable Remote PowerShell Access

16. Junk E-Mail

17. EOP

17.1. Allowed Senders

17.2. Spoofed Senders

17.2.1. PowerShell

17.2.2. GUID

18. Quarantine Emails

18.1. Release Message

19. Connectors

19.1. Mimecast to Microsoft 365 (Inbound)