Connecting to SharePoint Online with PowerShell


In my last post, I covered the basics of connecting to Exchange Online with PowerShell, including some optional modules to handle Azure Active Directory Rights Management and the Rights Management service.

Another module you might have to load allows you to manage SharePoint Online. I don’t use this very often because the PowerShell support for SharePoint Online (including OneDrive for Business) is a lot less functional (IMHO) than the Exchange equivalent. Thus, I find that most SharePoint management operations are directed towards the GUI.

The first thing to do is to download and install the SharePoint Online management shell. This package appears to assume that it will run on its own and not inside a PowerShell session where other tasks are performed. To get the SharePoint cmdlets to load, you need to include a line like this in your session (or PowerShell profile).

Import-Module “C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell”

Once that’s done, you can connect to SharePoint Online with a command like this:

Connect-SPOService –URL “https://office365exchangebook-admin.sharepoint.com/” –Credential $O365Cred

Notice that I use the same variable containing my Office 365 credentials as I use to connect to Exchange Online and Microsoft Online Services (see the previous post).

A list of the SharePoint Online cmdlets is available in TechNet. Don’t get too excited now..

Follow Tony @12Knocksinna

Posted in Cloud, Office 365, SharePoint | Tagged , | 1 Comment

How I connect to Exchange Online with PowerShell


Nearly five years ago, I wrote a post describing how to connect to Exchange 2010 with PowerShell. That post remains very popular, which indicates that lots of people still seek help to understand how to accomplish the task. Technology has moved on and while the Exchange 2010 post remains valid for Exchange 2013, many companies now use Exchange Online and Office 365. However, PowerShell still remains the best way to accomplish many tasks, even if the data you’re now working with is in the cloud.

I get questions about how to connect to Exchange Online all the time, so this post provides a brief overview of what I do.

First, many blogs and other sources state that you have to install the Microsoft Online Services Sign-in Assistant RTW. I have run PCs with and without this component being installed and have not noticed a difference. I’m sure that I am overlooking something, but the lack of the software doesn’t get in the way of what I do.

Next, if you don’t have a PowerShell profile, we need to create one. The profile is used to load in commands that you commonly want to use in PowerShell sessions and is stored in a text file pointed to by the $Profile variable. Usually, the profile is stored in a file called \WindowsPowerShell\Microsoft.PowerShell_profile1.ps1 under the My Documents folder. The PS1 extension tells you that the profile is no more than a PowerShell script that is automatically invoked at the start of each session.

In any case, if you don’t have a profile, you can create one by running the PowerShell command:

[PS] C:> New-Item -Type File -Force $Profile

Once the file exists, you can edit it with NotePad by using the command:

[PS] C:> NotePad $Profile

Running the Connect-ExchangeOnline function

Running the Connect-ExchangeOnline function

Now to the commands in the profile. I have a function called Connect-ExchangeOnline that contains the following commands:

  1. Enter my Office 365 account credentials (Get-Credential).
  2. Connect to Exchange Online using the credentials. The connection point is https://ps.outlook.com/PowerShell/
  3. Import the remote PowerShell session connected to Exchange Online. This will load in the cmdlets needed to manage Exchange Online and make them available.
  4. Import the MSOnline module. This is to allow me to manage Azure Active Directory (AAD objects. To manage AAD, you need to have the Azure Active Directory Module for Windows PowerShell installed on your PC.
  5. Some other commands are commented out. These are the commands necessary to import the Rights Management Service (RMS) module and Azure Active Directory Rights Management (AADRM) module and connect to the AADRM service. I don’t use these commands all the time but keep them in the profile as a reminder of what I need to do if I need to work with Rights Management.

function Connect-ExchangeOnline
{
$global:O365Cred = Get-Credential
$global:Session365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $global:Session365
Import-Module MsOnline
Connect-MSOlService -Credential $O365Cred


#  Import-Module RMSProtection
#  Import-Module AADRM
#  Connect-AADRMService -Credential $O365Cred
}

And that’s about it. The screen shot below shows that I can interact with Exchange Online as if I were connected to an on-premises server. The available set of cmdlets is much smaller because Exchange Online doesn’t make cmdlets like those needed for server or database management available (Microsoft does this work for you).

Running Exchange Online cmdlets after a connection is made

Running Exchange Online cmdlets after a connection is made

As to the clock running in the title bar? Well, I’ve used this function (which I found somewhere on the net) for years. Here it is:

function Add-Clock {
$code = {
$pattern = ‘\d{2}:\d{2}:\d{2}’
do {
$clock = Get-Date -Format ‘HH:mm:ss’
$oldtitle = "Tony's PowerShell Console"
if ($oldtitle -match $pattern) {
$newtitle = $oldtitle -replace $pattern, $clock
} else {
$newtitle = “$clock $oldtitle”
}
[System.Console]::Title = $newtitle
Start-Sleep -Seconds 1
} while ($true)
}
$ps = [PowerShell]::Create()
$null = $ps.AddScript($code)
$ps.BeginInvoke()
}
Add-Clock

Have fun!

Follow Tony @12Knocksinna

Posted in Cloud, Office 365 | Tagged , , , | Leave a comment

Second edition of “Office 365 for Exchange Professionals” due September 14


When we began working on the “Office 365 for Exchange Professionals” eBook, we knew that this was not a once-off effort. The dynamic nature of Office 365 and the number of changes that appear I the service means that books that are just a few months old start to become obsolete. Those that appeared in 2012 or 2013 are now ancient and don’t reflect what users or administrators see today.

We set out on this project with the intention of keeping the book up to date through a series of regular releases. With that commitment in mind, the team is working hard to produce the 2nd edition of “Office 365 for Exchange Professionals” to meet a target delivery date of September 14. This happens to be the first day of the IT/DEV Connections conference in Las Vegas (check out the Office 365 sessions in the Enterprise Collaboration track) and will mark the first time in a year that three authors and our technical editor will be together in the same physical place. Some of our MVP colleagues who have helped us by reviewing chapters of the book will also be at the conference, so we might just have a small celebration to mark the release of the 2nd edition.

But before we can crack open the champagne, we have to update the book’s 18 chapters and appendix (covering directory synchronization). Some of the chapters don’t need major updates but dramatic shifts have occurred in the content of others, either in terms of software that is now available or in the form of new information gained from Microsoft at events such as the Ignite conference in May. For example, directory synchronization has changed significantly since the formal release of the AADConnect tool, Office 365 Groups have been transformed with new PowerShell cmdlets and a new object type, Outlook 2016 is close to being released, and lots of change has happened in Delve. And that’s just a hint of the sixty-odd changes we have tracked since we stopped writing the content of the original release on April 15 last.

Apart from changes originating inside Microsoft, we also have had the chance to assess and re-evaluate different components running inside Office 365 and incorporate those thoughts into the flow of the book. “Best practice” is an ethereal notion because it evolves over time and with experience. We hope that we can capture the developing state of knowledge and expertise around Office 365 by keeping our ears open for news, assessing that news in the light of our experience, and testing in practice.

The current eBook will remain available until we launch the new edition. The PDF and EPUB versions will be available first on ExchangeServerPro.com. It will take us a little longer to generate the Kindle (MOBI) format for Amazon.com. We still have not decided how to price the 2nd edition. With over 100 pages of new content, it seems like this is much more of a new book than an update. In any case, we have time to figure this out over the next month or so. Now back to the writing…

Follow Tony @12Knocksinna

Posted in Cloud, Office 365 | Tagged , , , , , , | 5 Comments

Exchange Unwashed Digest – June 2015


Sorry for the delay in publishing the June 2015 digest for my “Exchange Unwashed” blog on WindowsITPro.com. Travel and the need to crank up the organization of updates for the 2nd edition of the “Office 365 for Exchange Professionals” eBook (available in PDF and EPUB formats on ExchangeServerPro.com and for Kindle on Amazon.com) got in the way. We plan to have the 2nd edition out for IT/DEV Connections in Las Vegas in September (the complete writing team will be participating at the conference) and there’s lots of change within Office 365, so that took precedence. But, excuses aside, here’s what happened in June 2015.

Clutter and Groups killed Office 365’s People View (June 30): As you all know, once an organization replaces an on-premises service with a cloud service, a lot of control is ceded to the cloud provider. This is a great example. Microsoft launched People View in 2014 as an example of how automation and machine learning would help us take control of our inboxes and then removed it (quietly) because of changing circumstances. I can defend the action on technical grounds, but the communications around the removal could have been improved.

VMware tells Microsoft that they don’t know anything about Exchange 2013 performance (June 25). An interesting debate erupted when a VMware evangelist seized on some EHLO blogs and attempted to use their content to prove that the Exchange development group really doesn’t know what they are talking about when it comes to sizing and performance of virtualized systems. Oh well…

The value of First Release to Office 365 tenants (June 23): Office 365 offers tenants the ability to see new functionality early by signing up for “First Release”, which typically means that you see new features appear in places like Outlook Web App or the Office 365 Admin Center a few weeks in advance. Or six months in advance when it comes to something complex like Delve. There is much value to be gained from knowing what’s coming, especially when you can’t control the fact that eventually features will be seen by your users when they become part of the standard release.

Using intelligent capture and analysis tools to eliminate PSTs (June 18): Everyone got quite excited when Microsoft launched the Office 365 Import service to allow PSTs to be ingested into online mailboxes (including archives). But ingestion is only the end of a long process of finding PSTs, capturing them, fixing errors, removing duplication, and managing the entire process. Which is why you need intelligence, as provided by the tools I mention in this article.

Exchange 2013 CU9 appears alongside roll-up updates for Exchange 2007 SP3 and Exchange 2010 SP3 (June 15): All software becomes boring after a while. Exchange 2013 is in that category now because attention has shifted to Exchange 2016. But the development group still has to provide updates to fix bugs and support security bulletins. So the ninth cumulative update appeared on June 15 and the very good news is that it seems to have been absorbed by customers without too many problems. Some glitches, but nothing at all like previous updates.

Microsoft updates Exchange ActiveSync to ensure that mobile clients stay connected (June 11): Exchange ActiveSync, or EAS, is one of the huge success stories of Exchange over the last decade. No one could have predicted the massive success of mobile devices after Apple released the original iPhone in 2007 or the impact of Android. All of these devices depend on EAS to connect to Exchange. The protocol hasn’t been updated in a while, but it is for Office 365 and Exchange 2016, mostly to sort out some calendaring glitches.

How Exchange’s new ever-expanding archive mailbox works (June 9): The introduction of the Office 365 Import service probably means that a lot of data is heading towards Exchange Online. Hopefully that data, which is probably old-ish, will end up in archive mailboxes and not primary mailboxes – you wouldn’t want to synchronize all that old stuff back to Outlook after it has been ingested. Archive mailboxes can grow pretty big now, but the new expanding mechanism allows them to get even larger. I wonder when we will see the first 1 TB archive mailbox. It will be a logical entity as the data will be split across 20 physical mailboxes, but that doesn’t matter…

Granular administrative roles appear in Office 365 (June 4): Over 1.2 million tenants run inside Office 365 and the administrative needs vary greatly across that collection. Some are quite happy with the basic out-of-the-box admin experience while others, mainly the larger tenants, want more granularity in permissions. After all, who’s to say that the most skilled SharePoint administrator possesses the same ability to manage Exchange or vice versa? So we now have granular administrative roles. Which is nice!

Managing user mailboxes to specific quotas with retention policies (June 2): Proving that good ideas should be discussed in many places, MVP Jeff Guillet and I both wrote about this concept. Basically, a PowerShell script controls the assignment of retention policies to mailboxes to control their growth. If the mailbox approaches its limit, a more restrictive policy is applied, etc. It might have value for some.

It was an interesting month. Spats with VMware, a new type of mailbox, progress towards eliminating PSTs, and an update for ActiveSync after many, many months. Let’s see what July brings!

Follow Tony @12Knocksinna

Posted in Cloud, Exchange, Exchange 2013, Office 365 | Tagged , , , , , , , , , , , , , , , | 2 Comments

Visiting Omaha Beach (WN62 and the American Military Cemetery)


For anyone interested in military history, a visit to Normandy provides an excuse to visit some of the World War II sites in the area. I have been visiting the area on and off since 1973 and think I have seen most of what is available to see (like St Marie-du-Mont, but there’s always something to be found.

Last year, we stayed at the Casino hotel at the western end of Omaha Beach (in Vierville-sur-Mer, the end closest to Pointe du Hoc) and enjoyed wandering the beach there. This is the part of Omaha captured in the film “Saving Private Ryan”, which forms the basis of many opinions about the battle. The film was actually made using Curracloe Strand in County Wexford, Ireland as a substitute for Omaha Beach.

This week I was passing and decided to explore the other end of Omaha Beach and so found my way to Colleville-sur-Mer, the location of the American Military Cemetery and the site of some of the fiercest fighting on D-Day.

In part, I was motivated by reading “Omaha Beach: D-Day, June 6, 1944” by Joseph Balkoski (a great overview from the American side) and “The Dead and Those About to Die: D-Day: The Big Red One at Omaha Beach” by John C. McManus, which provides detailed accounts of the fighting around the positions close to where the American cemetery is now.

Google Maps overview of WN62 position on Omaha Beach

Google Maps overview of WN62 position on Omaha Beach

The best German account I have read of these actions is “WN 62: A German Soldier’s Memories of the Defence of Omaha Beach, Normandy, June 6, 1944” by Hein Severloh, who manned one of the MG42 machine guns in a foxhole in the Widerstandsnest “literally, resistance nest” 62 (WN62) fortified position directly opposite the Easy Red and Fox Green sectors. Omaha was protected by a set of these nests from WN60 in the east to WN74 in the west. WN62 was perhaps the largest and most effective of the positions in terms of the damage inflicted on the invaders. Together with WN61, WN62 protected the “E-3″ (Colleville) draw or gap, one of the few ways off the beach that could be navigated by wheeled vehicles (after the engineers had created the necessary roads).

WN62 observation post (rear entrance to the left) facing Omaha Beach

WN62 observation post (rear entrance to the left) facing Omaha Beach

Severloh claimed to have fired over 13,500 MG42 rounds and 400 rifle rounds at the attacking forces to great effect. He was eventually forced from WN62 and was captured in Colleville-sur-Mer on June 7. No one can be certain as to exactly how many casualties were caused by his fire, but given the elevated position of WN62 and the command it had over the beach, it’s likely that he killed and wounded many of those who landed in the Easy Red and Fox Green sectors on D-Day.

American Military Cemetery, Colleville-sur-Mer

American Military Cemetery, Colleville-sur-Mer

Lots of people go to visit the American Military Cemetery, which occupies a fine position overlooking Omaha Beach and has a nice visitor center. All of the areas can be crowded on sunny days, especially when a few tour buses arrive together, but that’s no reason to miss seeing the impressive layout and serenity found at the cemetery.

Memorial to the U.S. 1st Division at Omaha Beach

Memorial to the U.S. 1st Division at Omaha Beach

Following a tour of the cemetery, it seems like relatively few of the visitors go on to visit the site of WN62, which is now dominated by a memorial to the U.S. 1st Division (the “Big Red One”). If you do visit, it is well worth your while to stroll down the hill towards the beach to view what remains of the German installations. Two H669-class casemates are still there. These originally were the base of 75mm guns, but only one was present on D-Day. Both casemates show evidence of being hit by many U.S. missiles, most probably a combination of offshore shelling by destroyers, the guns of the Sherman tanks (only two of the Duplex Drive tanks were able to swim ashore to support the first wave of the 1st division, but several other Shermans were landed later) that were operating in the sector, and mortars.

View from one of the WN62  casemates towards the western part of Omaha Beach with Pointe du Hoc in the distance

View from one of the WN62 casemates towards the western part of Omaha Beach with Pointe du Hoc in the distance

Various other installations can be explored including a bunker where the troops rested and some observation posts, potentially used to fire upon the attacking forces. A number of Tobruks are present (small fortified positions to hold a machine gun or mortar) and concrete platforms where guns were positioned before the casemates were completed. The lines of trenches that connected the various positions are also visible.

Front of lower casemate at WN62 showing evidence of shell damage

Front of lower casemate at WN62 showing evidence of shell damage

Although cramped at times, it’s relatively easy to get into the casemates and observation posts. The bottom casemate is flooded with a couple of inches of water, a fact that is all too easy to miss until you plonk your feet down into the pool. Apart from some swallows nesting in gaps in the corroding steel reinforcing girders, there’s not much to be seen inside the casemates, but the views that they have demonstrate just how dangerous these guns were to the D-Day invaders. Notice that the casemates do not face onto the beach. They are positioned to provide flanking fire along the beach and their openings are not exposed to direct fire from the sea.

Remains of a WN62 concrete gun platform. Note the magnificent view over the landing beach at Omaha

Remains of a WN62 concrete gun platform. Note the magnificent view over the landing beach at Omaha

You can also walk down to Omaha Beach from WN62 (and walk back up again) to gain a view of the ground that the attacking forces had to cover to get to grips with the defenses. The weak spot was to the west of WN62 where the Americans found it possible to exploit some narrow trails through minefields to get around WN62 and reach the top of the bluff where the military cemetery is now located.  It is also possible to walk up to the cemetery from the beach and arrive at the platform viewing area. This path essentially follows the original track taken by the first American forces (under the command of Lt. John Spalding) to penetrate the German defenses and get behind WN62.

Omaha Beach cliffs cleared of vegetation on D-Day

Omaha Beach cliffs cleared of vegetation on D-Day

Of course, the area around WN62 is quite different to the way it looked on D-Day as the vegetation has been allowed grow to cover the gullies and bluffs. Paths are cut through to allow people to walk but it’s nothing like the clearance made by the Germans to open fields of fire, not to mention the effect of the bombardment before and during D-Day.

Apart from its historical resonance, Omaha Beach is a pleasant spot to spend some time. It is sandy and peaceful now and a good place for a picnic, meaning that those in the party who have no interest in military history can be left alone to enjoy other pursuits while you explore the surroundings. All-in-all, a good place to visit.

Follow Tony @12Knocksinna

Posted in Travel, Writing | Tagged , , , , | 2 Comments

The scourge of autosignatures


Have you ever wondered just how much valuable storage is occupied in email databases by totally useless autosignature content? You know, logos and other tasteful adornments to the bottom of email, repeated ad nausem on every message, internal and external, unregarded and unwanted by recipients.

Autosignatures serve a useful purpose when they are used correctly. I don’t have any real problem with simple text blocks containing the sender’s contact details. Things start to become a little hairier when people insist on including corporate logos or other graphic information to tell recipients just how wonderful the sender’s company really is. Or how much better their corporate logo is since the most recent (and expensive) redesign.

Things can be taken to the extreme, as in the case of the senior executive at Digital Equipment who insisted on including a digital snapshot of his most recently arrived child in his autosignature. Of course, senior executives tend to have larger brains than the norm and the thought of sharing his good fortune with all and sundry seemed a good one, until someone (bravely) pointed out that the 1 MB graphic was slowing email down.

That, of course, was in the world of the late 1990s when email flowed across less capable networks, but the point is that users can insert just about anything they care to in an autosignature and email will continue to work as long as the graphic isn’t extraordinarily large. Administrators have no idea of what users do in this respect unless they receive a graphically-intense missive from someone.

Looking through recent messages in my inbox I conclude that a large percentage of email is infected with graphic autosignatures. The latest fashion appears to include Twitter and Facebook links in an attempt to demonstrate that the company has mastered social media. In any case, it’s all too much and the average size of messages continues to grow.

The economic downside of this phenomena is the cost of storing all the duplicated graphic rubbish cluttering up user mailboxes. How much does it cost to provide the extra 10-15% of storage necessary to hold literally millions of corporate logos in email autosignatures? And to back them up, if that’s what you choose to do, or to have the additional database copies if you elect to invest in Exchange native data protection. Or even to move the blessed logos around from database to database in mailbox moves. Or, if you’ve decided to embrace the cloud, to migrate your logo collection from on-premises mailboxes to the cloud. Think of how much longer a migration takes to transfer all those graphics across the Internet. Not good.

But there is a better way. Exchange 2010, Exchange 2013, and Exchange Online support access to Active Directory information from transport rules. If you have a well-maintained Active Directory that holds information such as telephone numbers about users, you can build a transport rule to automatically apply a standardized, low-impact autosignature to outgoing messages. Even better, the same rule can check for the presence of an autosignature in a message thread and not add it again if the information is already present, thus avoiding the stupidity of multiple instances of “graphicitis” in a thread.

Here’s an example taken from my Exchange 2010 Inside Out book of a transport rule to apply a standard autosignature based on Active Directory data. (I didn’t cover this in my Exchange 2013 Inside Out book because that volume is focused on managing mailboxes and high availability; Paul Robichaux covers transport in Exchange 2013 Inside Out: Connectivity, Clients, and UM). However, the code works for Exchange 2010, Exchange 2013, and Exchange Online.

New-TransportRule -Name 'Company disclaimer' 
-Comments 'This transport rule applies the approved company disclaimer to every outgoing message' –Priority ‘0’ -Enabled $true -SentToScope 'NotInOrganization'
-ApplyHtmlDisclaimerLocation 'Append' -ApplyHtmlDisclaimerText
'<h4 style="font-family:verdana">Contoso Corporation</h4>
<p>
<p style="font-family:verdana; font-size:70%;color:green">
This message is the property of <b>Contoso Corporation.</b> If you receive this message in error, please delete it <u>immediately</u> and inform us at 827-1176 about its delivery.
<p>
<p style="font-family:Arial; font-size:80%; color:blue">
<i>%%FirstName%% %%LastName%%</i>
<p style="font-family:Arial; font-size:70%; color:red">
Phone: %%PhoneNumber%%
<p style="font-family:Arial; font-size:70%; color:red">
Email: %%Email%%' -ApplyHtmlDisclaimerFallbackAction 'Wrap'
-ExceptIfSubjectOrBodyContainsWords 'This message is the property of Contoso Corporation'

The rule only fires for messages sent outside the organization (the scope is set to ‘NotInOrganization’). It applies even if a user has their own autosignature as it would be terribly difficult to detect the many varied types of autosignature that might be inserted by a human. Feel free to customize it as you like. There are no prizes for being inventive, just satisfaction. Reply to this post with whatever you come up so that others share your innovation.

Other options such as incorporating a graphic file (if you must) or time-limiting a particular form of an autosignature are also possible. In fact, I bet there are lots of possibilities available with transport rules that you might not have considered. And if you don’t feel that you want to meddle with rule magic yourself, commercial products such as Exclaimer Signature Manager or Code Two’s Exchange Rules Pro are available.

Users like autosignatures because they can put what they want into their messages. It can be a struggle to move to an automated standardized version, but wouldn’t it be a good thing if doing so saved some disks as well as sparing our eyeballs from yet more corporate logos and other offending nonsense?

Follow Tony @12Knocksinna

Posted in Cloud, Email, Exchange, Exchange 2010, Exchange 2013, Office 365 | Tagged , , , , , , , , | Leave a comment

Managing offline access for Outlook Web App


Offline access is one of the premier new features offered by Outlook Web App (OWA) in Exchange 2013 and Exchange Online. I have had the need to use OWA offline many times and think it is a very usable client, especially over low-speed or flaky Wi-Fi connections. Of course, Outlook’s adoption of MAPI over HTTP is an effort to improve that client’s ability to cope with the same kind of connections. It remains to be seen how this really works out in practice, but first signs are promising.

When I first wrote about OWA offline in December 2012, I described how different browsers implement the databases used to cache mailbox data and how this information needed to be protected because it could be exposed by an attacker who managed to gain access to a PC. BitLocker, which can be enabled on a PC even if the system is not equipped with a Trusted Platform Module (TPM) chip, provides a certain level of protection, but it’s still true that someone who gains access to a logged-in PC will be able to access the data. Then again, the same is true for Outlook.

User awareness is therefore an important part of deploying OWA offline. As is the case for all software, there’s no point in letting people use a new feature if it creates a security risk.

The warning that something will be stored on your computer

In any case, unless you disable the option to use OWA offline, users will be able to turn on the feature themselves by clicking “Offline options” in the drop-down menu to the right of the screen. The process of setting up offline access is very straightforward and the only thing that might cause a user any concern is the request to allow the browser to use some extra storage. I don’t think the words used really explain the need. For example, IE11 asked if Office365.com could use additional storage. I understood the request, but would the average user? Chrome, on the other hand, saw no need to request any storage.

Once enabled, OWA will download data from mailbox folders. Up to 150 most recent items are cached for folders accessed in the last week (this EHLO post explains what data is downloaded), so the amount on disk differs according to user behavior. Each browser has its own implementation of how data is stored on disk and I was curious whether this made a difference, so I compared how much data was downloaded from my Office 365 mailbox by IE11 and Chrome (version 43). The results were interesting.

OWA offline databases

On the surface, IE uses an ESE database – like Exchange, but it is very different because it supports the HTML5 standard. The database (Internet.edb) occupied 22,592 KB. Chrome stores its data in a WebSQL database splendidly named “9” and took just 36,696 KB. This information was extracted at the same time when the mailbox was as static as I would make it (a Sunday afternoon) after enabling offline access for both browsers and leaving them to download the data.

Your mileage might vary and the storage requirements of Safari (for Mac) or Firefox (for Mac or Windows) might also differ as I did not test these platforms (this page describes the current OWA support status for different browsers). The point is that OWA allows each browser to use its own storage in its own way and hides the difference from users.

You can stop individuals or groups of users accessing OWA offline mode. The easiest method is to create a new OWA mailbox policy (using EAC) that doesn’t allow offline access and then apply the policy to whatever mailboxes you want to restrict. Alternatively, you can disable offline access for an OWA mailbox policy by running the EMS Set-OWAMailboxPolicy cmdlet (the same settings work for both Exchange 2013 and Exchange Online in Office 365). For instance:

Set-OWAMailboxPolicy –Identity “Default OWA Mailbox Policy”       –AllowOfflineOn NoComputers

Once an OWA mailbox policy is amended to prevent offline access, you can apply it through EAC or by using the Set-CASMailbox cmdlet. For example:

Set-CASMailbox –Identity TRedmond –OWAMailboxPolicy ‘Restricted’

Note that if someone else logs onto a different account with a browser that is configured for offline access, offline access is disabled to ensure that the person who has just connected is unable to access the data in the offline cache.

OWA offline access is a useful feature. Make sure that you use it in a safe manner and it is even better.

Follow Tony @12Knocksinna

 

 

Posted in Cloud, Email, Exchange, Exchange 2013, Office 365 | Tagged , , , , , , , | 1 Comment