Exchange Kiosk POP Settings

Exchange Kiosk POP Settings

Exchange Kiosk is a bolt-on for Office 365 Enterprise licenses. Exchange Kiosk suits mobile users who do not use permanent workstation services but need mobile access to email, and optionally Sharepoint. The service does not include Office applications, and although Kiosk connects to tablets and mobile phones with ActiveSync, workstation and laptop access via Outlook uses POP3 settings.

The service is a useful way to reduce licensing costs for small businesses who have a PC at home, but need enough licenses to provide two or three independant licenses. In this case, Kiosk can be added to an Office 365 tenancy, whereas Hosted Exchange licenses require their own tenancies.

Exchange Kiosk is not available to Small Business Premium or domestic Office 365 licenses. Kiosk is designed for Active Directory, and is only available to Enterprise licenses (E1, E3, etc.). These screenshots display Kiosk POP3 settings for Outlook:

general pop settings

 

pop_settings_exchange_kiosk_2

pop authentication

Using Shared email accounts in OWA

Using Shared email accounts in OWA

If you have full privileges to a shared mailbox that appears in an Exchange address book, you can use Outlook Web App or a desktop version of Outlook (for example, Outlook 2013), to open that mailbox.

Shared mailboxes allow a group of people to monitor and send email from a public email alias, like info@contoso.com or contact@contoso.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user. You can also use the shared mailbox as a shared team calendar.

The admin for your organization has to create the shared mailbox and add you to the group of users before you can use it.

Display a shared mailbox using OWA

Use this method to monitor email from your primary mailbox and the shared mailbox at the same time. After you complete this task, each time you open Outlook Web App, the shared mailbox and its folders will display in the left navigation in Outlook Web App.

  1. Sign in to your account in Outlook Web App.
  2. Right-click your primary mailbox in the Folder pane, and then click Add shared folder.
  3. In the Add shared folder dialog box, type the name of the shared mailbox, select the name, and then click Add.

The shared mailbox displays in your Folder list in OWA. The shared mailbox will appear there each time you access OWA. You can expand or collapse the shared mailbox folders like you can your with your primary mailbox. You can remove the shared mailbox if you no longer want to view the shared mailbox in your folder list. To remove it, right click the shared mailbox, and then click Delete.

Display a shared mailbox in standalone mode

Use this method if you want to view and manage email for a shared mailbox in a its own browser window, rather than rendering the shared mailbox folder in OWA’s navigation tree.

  1. Sign in to your account in Outlook Web App.
  2. In the Navigation bar on the top of the Outlook Web App screen, click on your name. A drop-down list will appear.
  3. Click Open another mailbox.
  4. Type the email address of the other mailbox that you want to open. Another Outlook Web App session will open in a different window allowing access to the other mailbox.

Tip    If you mistype the email address of the mailbox, a second window will open up stating that the webpage can’t be found. Try retyping the email address again.

Note also that shared mailboxes also attach to a calendar function. A shared calendar is established when administrators create a shared mailbox so that group members have mutual access and privileges to a shared calendar.

Office 365 Message Encryption – configuration

Office 365 Message Encryption – configuration

This article explains how to configure Exchange Online for Office 365 Message Encryption. Office 365 Message Encryption is an encryption system delivered via Microsoft’s Information Rights Management (IRM) framework using “transport rules”. When emails meeting criteria, for instance subject headers, are met, the encryption service is run on outgoing email. This means users do not have to deploy services on individual hosts to use encryption services. As long as one or more metrics meet established criteria, email sent from any device will be encrypted when it is processed by the server.

Please read the whole article before beginning work. Configured hosts can be used to manage customers’ servers provided the network administrator has a customer’s global administrator rights.

Powershell users may like to approach this manually, however using the automated approach set out here, users avoid the problem of having to configure a “Trusted Publishing Domain“. Without a Trusted Publishing Domain, IRM services cannot be enabled manually.

Office 365 Message Encryption relies on IRM services which in turn depend on Azure Directory Services (ADS) which is available with E* subscriptions, and possibly with Business Premium. ADS must still be manually activated by going to: Admin – Office 365 – Service Settings – Rights Management.

Once Azure Directory Services are active, IRM can be enabled on Exchange Online Server in a one-off modification, and then users can establish “rules” for Microsoft Office 365 Message Encryption in Admin – Exchange – Mail Flow – Rules.

Workstation Prerequisites:

Office 365 Message Encryption requires IRM services to be enabled on Exchange Online. Although ADS is enabled using the portal, IRM is enabledd via a Powershell remote session to invoke a script provided by Microsoft called EnableIRMforEXO. The remote session requires the four applications to be installed on the local host:

Install the applications in the order listed. Note also that Powershell (PS) mus run in Administrator mode.

PS runs in a restricted mode by default that prohibits the execution of unsigned scripts. If PS has not been modified, users will typically get a PS error message like:

File C:\Common\Scripts\hello.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.
At line:1 char:13
+ .\hello.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException

To enable scripting, open PS and run the following command. This is a one time command, and can be disabled.

set-executionpolicy remotesigned

Enabling IRM on Exchange Online

Using the unzipped script – EnableIRMforEXO – Powershell establishes a remote session with Exchange Online Server, and on confirmation of location and user credentials, executes the necessary server modifications. The command can be fully executed with strings for “location” and “get-credentials”, however the cmdlet works more reliably if it is left to call for location and credentials itself. These instructions assume the script is installed in c:\scripts\

  • open Powershell
  • enter c:\scripts\EnableIRMforEXO
  • when prompted for location, input European Union
  • complete when prompted for user name etc.

The process will execute and return results. This should be adequate for enabling Office 365 Message Encryption.

Mobile device management for Office 365

Mobile device management for Office 365

mdm for office 365

Microsoft is expanding its built-in mobile device management (MDM) features built for Office 365.

Small businesses tend to adopt a BYOD (bring your own device) policy to mobile devices when granting email and in-house business information to its employees. However, as this article explains, giving employees wider access to business IT networks poses serious data protection and security risks.

The new tools enable network administrators to selectively restrict senstitive business information so that in the event of, for instance, a temporary loss emails and Word docs can be wiped from a mobile device while leaving an end user’s personal data and apps in place.

Large businesses use applications like Microsoft Intune to automate deployments and management of large mobile device fleets. Office 365 includes provisions for basic device management in its business and enterprise Office 365 services. In early 2015, these tools are being expanded to include:

  • configurable security policies on devices that connect to Office 365 to ensure that Office 365 business email and documents are synchronized only on phones and tablets that are managed by your company. For instance, whereas employees could potentially connect multiple devices including home PCs to services, Office 365 administrators can manage which devices a user can authenticate.
  • configurable security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is misplaced, lost or stolen.
  • remove Office 365 corporate data from authenticated devices when an employee leaves an organization, while leaving their personal data, photos and apps intact.

MDM for Office 365 is built directly into the productivity apps like Word, Excel, Outlook, etc., and mobile device policies can be managed with MDM within the Office 365 administration portal using the Office 365 user interface and wizard-based workflows. MDM generates ueful management reports detailing information about connected devices, including automated Wi-Fi, VPN and email profiles. Intune also provides bulk tools for pre-configuring large scale application delpoyment and can provide users with a self-service portal where they can enroll their own devices and install corporate apps.