Sending M365 mail from your all-in-one scanner/printer

Precursor

Imagine the following : you recently migrated your mail platform from the “classic” POP/IMAP mailbox setup towards Microsoft 356’s mail solution.

If you’ve done the M365 setup correctly and migrated everything towards your new cloud environment (see tons of previous posts 😉) you’ll soon run into some issues when trying to send an e-mail from your super-cool all-in-one printer/scanner/copy/fax machine, which is hooked up to the network and ready to send scanned documents in your (domain) name.

One of these issues being that you receive a NDR from your recipient relating to something like “Error 550 5.7.1 The user or domain that you are sending to (or from) has a policy that prohibited the mail that you sent” or anything basically that falls back to “we don’t trust this e-mail, because you smell of spam/phishing/malconfigured SMTP/…

Your printer – in this example – still has port 25 and (for instance) uit.telenet.be as outgoing mail server (yes, I’m Belgian – hence the .be TLD on my site)

(PS : don’t want to read this entire story ? CTRL-F your way to “How do I set this thing up ?”)

Behind the scenes

What happened behind the scenes before and after your migration, concerning mail flow ?

Before your migration,

you used to have and old-school mail provider that allowed a lot.
Your recipients didn’t care much or already added your scanned mails with PDF’s in them in their white allow-list.
Maybe your mails got through, maybe they didn’t.

Your outgoing mail provider (let’s say it’s Telenet nv for the sake of the already mentioned example above) doesn’t really care what you send over their mail server, as long as you send it from an IP address on their network.

(a small note : at the time of this writing Telenet no longer accepts anonymous port 25; they need authentication through an @telenet.be address and use port 587 with TLS encryption)
(another small sidenote : Proximus still allows anonymous port 25 at this time *cough*)

Whatever the case, it would allow senders to send any mail they want from any e-mail address they want, as long as they use their own internet provider’s mail address.

After migrating to M365,

Microsoft kind of enforces you to add certain DNS records, before 100% completing the setup wizard of their Online Exchange offer.
✅ green ticks tick my own boxes as well, so as an OCD-enjoying IT guy, I can’t not complete this wizard :p

One of these records you have to create is an SPF record, which partly regulates the mail flow for your domain by defining. (more on the SPF record on [this page])
Microsoft is also kind enough to allow you to send over their own SMTP servers (good guy MS !!!) and provides certain regulations in order to be able to do so.

Server/Smart Host: smtp.office365.com
Port: 587
TLS/Start TLS: Enabled
Username/Email address and password: pretty obvi what this is….

In a perfect world, you’d be able to just enter these settings in your super-duper all-in-one printer and you’d be good to go. 👌

HOWEVER…

On the dreaded day of June 30, 2023 Microsoft disabled out-of-the-box support for a tiny little protocol we know as TLS.
Specifically, they disabled support for TLS 1.0 and 1.1 (fear not).
A lot of these printers use this “older” protocol and – as you might already guess – this complicates the entire sending-of-mail process.

Never fear, though !

Microsoft built in a backdoor/workaround in their own security enforcement and still allows you to send mails like you would in “days of olden”.

 

How do I set this thing up ?

We’ll take this random internet screenshot from the mail settings tab in an OKI printer as an example :

Following all instructions you find on the internet, this would be the way to go.
And it is.

Using these settings in 2024 will result in a “cannot send mail” error on the printer.

Did you misconfigure something on this printer ?
NO.

Here’s what you need to change on the Microsoft side :

  • Through https://admin.microsoft.com browse your Users > Active Users and click the mail enabled user for your all-in-one device (Yes, you need to have a mail-enabled user for this)
  • On the screen that appears on the right, go to the “Mail” tab and click “Manage email apps
  • By default “Authenticated SMTP” is not active.
    Activate it and press “save changes
  • That’s not where it stops, though.
    Microsoft, sneaky as they are, still disable SMTP AUTH on a more global level.
    So just activating the above, will result in the same sending error on your device.
    sooooo, let’s go to https://admin.exchange.microsoft.com for part 2 of the config.
  • On the Exchange Online admin center go to Settings (in the left) column and pick “Mail Flow” (not to be confused the the “Mail Flow” fold-out menu in the left column).
  • One thing that needs to be de-activated is the “Turn off SMTP AUTH protocol for your organization“. (the tick needs to be unticked – super confusing option – double negatives and all)
    Depending on the type of device, you may or may not need to opt-in the tick “Turn on use of legacy TLS clients“.
    Even though Micro$oft disabled TLS 1.0 and 1.1, they still allow older TLS versions to communicate with the SMTP AUTH endpoint “smtp.office365.com”.
  • Press “Save”, give it a couple of hours tops and BAM, send at will with your Brother MFC something something, your mail enabled camera system, CRM software, …

I’ll leave the “plus addressing” tick for you to Google. It’s a cool feature, with little use-case.
Still cool though.

I haven’t talked about using an account that uses MFA, where you could use “app passwords” up to 2024, but due to security reasons Microsoft is discontinuing this feature

Peace out.
Happy mailing !

DKIM simplified and how it works (but not for beginners)

Lifting shrouds from IT-related mysteries is what we do here.

DKIM… yet another mys(t)ery to so many, but actually not that much rocket science as it seems.
Let me explain : 

Simplified as an acronym, DKIM stands for “Domain Keys Identified Mail” and is nothing more than “just another TXT record” in your DNS.
In a previous post, you could read up about SPF records and how they can diminish the amount of spam being sent FROM your domain name. DKIM takes this to a next step.
It’s the implementation of DKIM that will require some extra feedback from me, though.

Extremely simplified

Woodpecker.co explains DKIM as following :

“Take Game of Thrones to get the bigger picture of DKIM. Ned Stark is sending a raven with a message to king Robert. Everyone could take a piece of paper, write a message and sign it Ned Stark. But there’s a way to authenticate the message – the seal. Now, everyone knows that Ned’s seal is a direwolf (that’s the public key). But only Ned has the original seal and can set it on his messages (that’s the private key).”

Quite the analogy, if you’ve seen GoT (and no spoilers, even !)

 

What happens when using DKIM ?

The entire concept is based on encryption of a specific value that uses a public and a private key, that are generated in pairs and therefore cannot exist apart from each other.

The public value is stored (obviously) in a public location where all e-mail servers and clients can access it : the DNS server that holds your domain name (OVH, Skynet, Godaddy, Combell, …)

The private value is sent in an encrypted way over internet and can be verified through means of that private key, to check if it used the original correct signature.
It’s comparable to how an MD5 checksum works

(with the exception that at the time of this writing, DKIM can not yet be broken and it’s possible to “fake” an MD5 lol)
Image courtesy of postmarkapp.com

This hidden signature is then verified by the mail server, through which you send your signed mail, as well as all other mail servers where this message passes (in its original form).

Because…. the signature is added to the mail headers and is completely independant from how SPF records work, a proxy’ing mail server that just passes on your message, retains headers.
Theoretically, your mail could fail on an SPF, but could be perfectly valid on a DKIM basis !

 

Fool-proof ?

Is this method a fool-proof way of confirming ALL mails from your domain are safe now ?

A simple answer : NO.

DKIM is kind of the reverse of SPF, whereas SPF tells the receiving mail server what mail NOT to trust.
DKIM tells the receiving mail server that this specific mail, sent from this specific source is – in fact – OK to receive. DKIM does not guarantee that mails from your domain name, sent from a source other than the one defined in the key verification, are in fact safe, because the key in the verified mail message only counts for the specified source.

“Should I not bother to use DKIM, then ?”

You should still try to implement DKIM wherever possible, as all methods of securing your mail flow and getting spam/phishing mails out of this digital world, are most welcome.

 

What does DKIM look like & “comment ça marche” ?

Enough with the theory; let me explain how (and when) this works.

First of all, your own mail server, through which YOU send outgoing mail, has to have support for DKIM key generation.
Most ISPs (I think we can say “all ISPs”) will not use DKIM, as this would mean having to sign every friggin mail message that the millions of their customers send out on a daily basis.
All mail software would first have to talk on an encrypted basis to a public SMTP server to stuff that signed key in the mail header of their own mail message.
Seeing as most ISPs allow sending over their mailservers, without any authentication whatsoever, except for sending from their IP address range, this can ony mean : a big no-no.

Onward.

If your mail server supports DKIM (we’ll be using Microsoft 365 as an example), we can go ahead and create a DKIM.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dkim-configure?view=o365-worldwide  explains in heavy detail how to create a DKIM pair on a M365 mail-based subscription (Exchange Online in short).
Go ahead and read the article.
The come back here, for a small moment of enlightenment.

All caught up?
Good.

The original private key is never shown and is only known to your very own mailserver.
You get to see – usually in the form of a next-next-next wizard – the entries you have to add as a CNAME record in your own DNS server that hosts the domain name from which you’re sending mail.

As cryptography goes, the mailserver recieves your request to send a mail to somebody.
Next, it adds a specific unique mail header to your outgoing mail, based on its own private key, in combination with the key known to the public (and thus shown in your DNS records, for others to reverse verify)

Before showing the layout of the DKIM record, let me show you what a signed mail header looks like.
If you’ve been following my instructions, you’ve already seen a DKIM record on the Microsoft website mentioned above, by the way :p

DKIM-Signature: v=1; a=rsa-sha256; d=example.net; s=newyork;
c=relaxed/simple; q=dns/txt; t=1117574938; x=1118006938;
h=from:to:subject:date:keywords:keywords;
bh=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI=;
b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZVoG4ZHRNiYzR

Analysis time :

  • Every DKIM signed mail starts with “DKIM-Signature:”
  • The obvious part “v=1” defines the versioning (duh). Ironically at the time of writing, the version will always be “1”
  • “a” defines the signing algorithm, usually RSA-SHA or RSA-SHA256
  • “d” stands for the domain name of the sender
  • “s” is short for “selector” which can be found in the corresponding DNS record (in this case) newyork._domainkey.example.net 
  • “c” is the abbreviation for “canonicalization algorithm”. A tricky one to explain, but I’ll try my best.
    You can see it contains 2 values. They represent header/body and define the (dis)allowing of slight header changes in mail forwarding.
    “Relaxed” allows a certain change in the header (for instance when forwarding a mail).
    “Simple” just tells the receiving mail server, that no change in the mail header part is allowed for it to still be a trusted DKIM key.
  • “q” is for “query” and tells the receiving end how to perform the DKIM check.
    The q-part is optional. At the time of writing, the only valid entry here is “DNS/TXT”, which defines that a DNS lookup needs to be done, looking into a certain TXT field.
  • “t” is the timestamp
  • “x” falls together with the timestamp and stands for “expiration”, in case you have a fast-rotating key-pair in your DKIM setup and want to assure the receiving end of a higher security level.
  • h” lists the signed header fields …
  • …while “bh” is the hash for the body part of the mail
  • “b” is the actual signature data.

Should you totally want to geek out more on the RFC for DKIM, you can get your groove on at https://dkim.org/specs/rfc4871-dkimbase.html

 

The DNS record(s)

Why did I keep this part for last ?
You could see in the above example, that the RFC leaves space for a different way of reading your DKIM record.
For now, we don’t have a different technology other than DNS to exchange DKIM data, but if DKIM were to be upgrading, so to speak, the possibilities would not be limited to DNS.

 

The actual public key would look like this :

NAME : 
nameofyourselector._domainkey.example.net

TYPE : 
TXT

CONTENTS OF RECORD : 
v=DKIM1; k=rsa; p=KLJHLHkjhkhkluhiukhjiulYUHKJUIYUYNJKHLKHIOUHJhjkhkjhklhjkh

The content of this record will be provided by your mail server, when you go through the DKIM generating process

 

A different approach is the use of a CNAME record instead of a TXT record, where your key is stored elsewhere.
Depending on the suggestion your mail server gives you, you’ll implement one or the other.

Your CNAME record could look like this :

NAME : 
nameofyourselector._domainkey.example.net

TYPE : 
CNAME

CONTENTS OF RECORD : 
heresmykey.something.anotherdomain.com

 

There we have it.
Theory and samples.

If you have any questions, don’t hesitate to contact me by mail, postal pigeon, smoke signal, …

Zuper out

 

Handy websites concerning this subject :

  • https://mxtoolbox.com/
  • https://easydmarc.com/tools/dkim-record-generator

 

O365 product training

Good news

Microsoft just recently sent me one of their spammy messages that I usually overlook.
Instead, this time, it was a bringer of good tidings. Finally, Microsoft will force-feed you or your users with documentation, tips and tricks on how to use your Office 365 products and get the most out of it.  There has been a built-in training centre for admins as well as regular users in the portal.microsoftonline.com landing page for a while now, but – speaking out of personal experience – not a lot of end-users visit this page.

Kindly read the message below, that contains the interesting part of the original mail :

The mail :

We’re pleased to announce that starting on November 29, 2018, all users of Microsoft 365 and Office 365 will receive helpful product training and tips for services in their subscriptions via email. This feature has administrative controls to enable and disable.

[How does this affect me?]
After this change takes place, email communications will be enabled-by-default for your organization’s users, allowing us to provide product training and tips aimed at helping them increase their productivity and to maximize their utilization of the products and services they use most. End users will only receive emails regarding services that they have been enabled for, and you can control whether or not your users receive these communications in the End User Communication tab in your Office 365 admin center. Your users also have the ability to opt-out of receiving these emails on an individual basis by accessing the Security and Privacy pane of their My Account Portal.

This feature will be on-by-default for all Office 365 and Microsoft 365 organizations on November 29, 2018.

If you wish to disable this service for your users, you can do so between now and November 29, 2018 and your settings will be honored.

[What do I need to do to prepare for this change?]
If you prefer your users receive product training and tips that are all tailored to the services in their subscription, then there’s nothing you need to do to prepare for this change.

If you do not want us to send product training and tips to your end users, please follow these steps to disable:

  1. Log into the Office 365 admin center
  2. Click on Services & Add-ins
  3. Click on End User Communication
  4. Flip toggle to “Off”

 

 

Sharepoint (online) for beginners (2)

Preparation (again) is everything

Should you eventually still be interested in Sharepoint Online after reading all the horror-stories and getting yourself mentally up to the task of making this key decision, prepare yourself for a lot more decisions 😉

If you’re a Belgian SME, you can probably skip most of this thought process. If you’re a somewhat larger company or an SME according to American standards, you’re in for a treat if you love planning things.
Consider the following tasks, depending on the size of you IT implementor and the size of the Sharepoint customer :

  • Plan hub sites 
    In short, hubs connect your libraries and sites into one easy-to read-and-manage central entity with its own look and feel.
    The example picture (for a larger company) shows a specific hub (in green) for the HR department, where all department libraries are centralized.
    The general idea behind this is to create a seperate hub for (e.g.) Finance, Marketing, Sales, …It’s common practice for smaller companies to put everything in one hub (with maybe the IT documentation in a separate one)
  • Managing your Search and Discovery result sets.
    You can take feature this as far as you want. Managing search results in a Sharepoint environment and administring keywords can either be something you completely let live a life of its own OR you can fully manage your keywords, result templates OR anything in between.
  • Actually creating the site and developing graphical layout, customizing content.
  • Will you be sharing your documents externally to users not in your organization ?
  • Mentioned before in the previous post : plan the physical content of the Sharepoint site.
    What will you be showing your users ? Will your SP environment become a complete file archive of all your documents or will you just be using the platform’s collaboration function on a project-basis ?

I won’t go as far as explaining everything in detail, seeing Microsoft has done this for me already.
You can find a very extensive planning overview on https://docs.microsoft.com/nl-be/sharepoint/introduction

As mentioned before, small enterprises are likely to use 1/10th of Sharepoint and might require a very limited amount of planning, to the point where it even comes down to replicating the original folder structure of a to-be-decomissioned on-premise server.
Sounds like a mouth-full, but practically speaking this is nothing more than a copy-paste action (albeit a tad more technical in the background)

On a note of keeping things simple and understandable, I’ll provide examples for an imaginary small company that starts using Sharepoint for the first time, so we can skip the whole larger planning phase and go straight to using Sharepoint Online (SPO).

 

Situation sketch

Remember our straw-producing company in an earlier example ?
They’ve gotten inspired by the entire Office 365 thing after experiencing the fun technical advantages of their mail and decided to move their data to ‘the cloud‘ as well.

Being the Belgian SME that they are, Shortstraw LLC has data hanging all over the place, spread among various computers, USB disks, cell phones and tablets.

They started out without a centralized server and are now ready to move to Sharepoint as a data storage platform. (or at least, that’s what they told you   *dramatic music*)

Questions, questions, questions …

You, as IT partner for Shortstraw, can now start a limited amount of planning and meet up with CEO and CFO Oliver and Annie.
There’s a certain amount of practical questions you will need answers to, before even starting your move to SPO.

  • Total amount of data in GB/TB ?
    This M$ page will tell you more about these limits.
  • Do they want all data synchronized on their computer(s) as local files ?
  • Who REALLY shot JFK ?
  • Will they be sharing files through SPO (especially to external sources) ?
  • What files will you split up into a personal Onedrive for Business account and a Sharepoint library?
  • How fast is the internet on-premise ?
  • Free disk space and operating system on the machine(s) that holds the data.
    In case you’re wondering : Windows 10’s native Onedrive has support since halfway 2018 for so-called ‘streaming files’, which downloads your files on-the-go when you open it from Onedrive. Windows 8/7/… all need an actual physical copy on the disk when synchronising.

 

Setting it up. Getting started. Doing your thing.

The right tools for the job.

When starting a migration to Sharepoint Online, a couple of tools come to mind. There are a few nifty pieces of software that can do the job quite well.

I’ll be discussing the last three, as they are free of charge (not counting the actual license cost of your O365 subscription obviously) and have little to no learning curve.

For the ease of this example, I’ll just assume we have some structurally placed files and folders on an on-premise file server/NAS/other easily accessible location for a Windows computer.

More prep !

Nothing ever comes easy (except for your mom – obligatory mom joke, couldn’t resist). More prep work is required before we can move our files to SPO.

A small theoretical explanation (practical examples will follow, don’t worry) :

First of all we’re going to want to create the location(s) where we want to store the files online. This is usually done by creating one or more document libraries. Simplified, you could compare them to shared folders on a file server.
Best practices tell us to set your initial user rights (more on this later) on a library basis, if necessary.
In a more extreme manner, you could even create Sharepoint subsites or Site Collections.

Secondly, you’re going to need to create security groups to apply to your libraries, where we’ll be removing the default security settings, in order to set specific rights to specific libraries.
This can either be done in Azure AD or straight from Sharepoint.

My n°1 suggestion is to keep the admin user as an owner of your libraries – or at least as power user – as we’ll be needing a specific user account for the automated migration process anyway.
If you’re into manual labor, you can have your users perform their own migration, but this is ill-advised.

My three free tools

Before you start to panic, I promise I’ll get more into detail about every method mentioned. The examples below will just give you a sneak peek on the easy of use.

Sharepoint out-of-the-box upload/drag-and-drop

Quite straightforward.
You either choose ‘Upload’ in the menu above your library or just drag and drop your file to where the library is located on-screen.

Screenshot of the open Upload menu in a document library.

OneDrive synchronisation

Same approach, different method.
You select the ‘synchronize’ button above the library, whereas you’ll get a verification from OneDrive to see if you really want to start a synchronization between your computer and this specific library.

Sychronizing will require a significant amount of disk space if you’re not working on Windows 10 (W10 uses the aforementioned file streaming method)

Microsoft Sharepoint Migration Tool

This tool automates the uploading (and pre-analysis) for your data towards the Microsoft Cloud.
Preferably, use the migration tool, when all your local data is stored somewhat centralized. This tool is best run from the (Windows) server itself where the data is held, for speed reasons, among others.

Microsoft SPMT has a very easy and intuitive look and feel, but will require you to create the libraries before starting the migration process.
Also make sure you have sufficient disk space, as this tool creates a temp folder as large as the entirety of the data to be transferred. (temp folder can be selected in the migration options)

SharePoint Migration Tool

That’s all folks.

Prepare for a hands-on moment in the next Sharepoint post  !

Sharepoint (online) for beginners (1)

What the flip ?

Introducing “Sharepoint” is always a tricky one.

Microsoft simply puts it down as an “Online Collaboration Platform”, which is actually one of the most simple ways of explaining the whole thing.
Sharepoint can be used as a sort of online organized file dump, but that would be something like using only the glove compartment of a Ferrari.

It’s often compared to a mixture of “Google Drive”, “Huddle” and a WYSIWYG website editor like WordPress, where you can manage all of your corporate content (to a certain limit), create intranet webpages, automate business processes through workflows, build custom apps etc.

I’ll mainly be talking about Sharepoint Online (SPO) , from hereon. Know that there exists an on-premise version as well, that had its root somewhere between the year 2003 and 2007, but still exists on current-gen Windows servers.

 

Is Sharepoint the right product for you ?

As with all products, it’s best to perform a study on why you would need it and if it’s the best solution for you, before you actually buy it. There’s a very big change SPO might not be exactly what you need and there’s that other chance, you’ve struck gold and it fits your needs perfectly.

A 30 day demo can be obtained through various means, of which the classic Microsoft demo environment is the most popular one : https://products.office.com/nl-be/try
If in doubt –> always demo it first.

Consider the following questions before usage :

  • Do your employees work remotely?
  • Do your employees often move from one client location or meeting to another?
  • Do your employees need access to various devices so they can do their jobs?
  • How are your employees currently accessing the content that they need?
  • Do you have customer-facing requirements, like a place to share information, an online catalogue, an online Request for Information form, or an online Request for Quote form that your customers need to fill out?
  • Do you share documents with your customers often?
  • Are you using USBs to transport and work on presentations, requests for information, or marketing collateral?
  • Does your staff ever complain that they wish there was an easier way to access your content?

You might have guessed, from the commercial way these questions have been formed (thank you, proserveit.com) , that Sharepoint will be a fitting answer for all of them.

 

I’ll also gladly push away some common misconceptions surrounding Sharepoint and its use, since potential users will start Googling and will eventually find articles that scare them away from this online platform.

Sharepoint is just a place to store your files

NO!
It’s a friggin’ collaboration platform. You’ll be able to work on project-based or group-based items, follow up your colleagues, create automated tasks, …

The IT department will be in charge of setting up our environment and maintaining it

NO!
Maybe the IT department will need to explain the very concept of Sharepoint and set up the initial workspace environment a bit, but you as a user will be very able to create your own project pages, invite colleagues, change the look and feel of your SP workplace and much more.

You can’t customize Sharepoint. It will look like any other SP environment

NO!
Sharepoint (Online as well as the on-premise version) has a relatively easy way of customizing every page and/or creating templates based on your company colors or personal preferences. Not only the page theme, but also the way your libraries are shown and much more can be fully customized.

SP is not user-friendly

NO!
C’mon, really ? You’ve worked with Microsoft products before, right?
Can you really say Microsoft’s end-user products are not user-friendly ? And be honest !
If you can actually find a software package by M$ that you find to be user-unfriendly, try to find an alternative and tell yourself again how great that alternative works out for you, will you ?
As with all new software, you might have to learn the basics, but even creating a new Sharepoint project or page just feels like typing a Word document or creating a flyer in Publisher.

 

 

I’m pumped! Let’s do this!

Before you get all over-hyped, there’s a few things to take into consideration before moving your data to the cloud and de-comissioning your old server(s).
Doing so, will avert potential headache afterwards, for either the IT implementor as for the users that will actually be … using … Sharepoint.
The baseline here is : “Don’t do a full copy-paste”

Just in case, we might need this document…

Take a breather and think about how much data you’d like to move over to SPO.
Do you really want to bring over all those old archived files, that you will never ever be looking into?
There’s no real harm in actually copying them over to SPO, but wouldn’t you rather work in a clean and clutter-free environment than be surrounded by piles of old paperwork ?

 

New document (1)(1)(2)-final_by_john.docx

The various options for versioning
Various options for versioning

For the love of God/Allah/Vishnu/The Flying Spaghetti Monster/…
Having a document like this is bad enough practice as it is, but don’t bring this over to your new Sharepoint environment.
Judging by this filename, there have been tons of new versions of this document created over time, while keeping the original ones around for … I don’t know … archiving ?

Sharepoint has built-in versioning, that can be customized to your heart’s content : approval options, type of numbering, amount of copies to keep, …

You’ll only end up using more storage than you actually need as well as creating a chaotic and unstructured work environment.

Next to all that, the above filename situation might be created by multiple users trying to access the same file and saving it as their own version.
Again in Sharepoint, you can actually co-author a document or even set a certain lock notification on the document for obligatory check-out of the document before editing it.

No more excuses 😉

 

Don’t think “Files and Folders” anymore

If you know how a database structure works, you’ll have better insight in why and how you shouldn’t be using the classic files and folders layout anymore, because Sharepoint, when you simplify it, is just one giant database.
Don’t feel bad if you don’t know what the internal workings of a database server are. I’ll gladly explain the Sharepoint way of thinking, so that you get the most out of your new structural storage.

First of all, keep in mind that Sharepoint is a collaboration platform. The essential part here is that one word : “collaboration“.
Obviously there’s still a need for rights and structural placement of folders, but the main idea is the working-together part.

You can create cross-functional groups, completely separate from your existing classic company structure where you now have a CEO > Management Group > Employees rights piramid.
Consider the people who own the file content, as opposed to the ones that get to “use” it and base yourself on “projects” instead of folders. Create Sharepoint pages per project, for instance.

Try to add as much logical keywords to your documents instead of categorizing in one single folder. Remember those many times you thought about that one file that was good for folder A , folder B and even folder C, and you had to make the decision of putting it at least somewhere?
Well, Sharepoint uses sort of a labeling system called Enterprise Keywords, where the actual location of your file matters less than the correct label(s) you attach to it.
Just make sure that the users who need this file, have access to the file, folder or library it’s in and you’re good to go. The Sharepoint search function will do all the work for you.
Not even to mention the awesomess of the program called “Delve“, that digs deeper in projects, files, statistics etc.

 

Planning your libraries

The Internet, Jen !In Sharepoint everything is divided into lists and libraries. Remember my database reference above ? Well, a list or library is nothing more than a database table.
As with all database systems, there’s a certain limit to what you can do. In this case, the often discussed 5000-items limit in a Sharepoint library is to be taken with a grain of salt.

You might have heard from the above mentioned item limit.
The number of items in a Sharepoint library should not exceed 5000 according to Microsoft advice. So, what happens if you get you 5001st item in a library ? Does the internet explode ?

Let me elaborate on this.

First off, the Sharepoint definition of an item is either a folder or a file, meaning that if you have 200 subfolders that contain 1 file in total, you have 201 items.

This whole limit thing has to do with the indexing speed for the software that runs in the background.
In order to quickly find your data, your server environment needs to read and analyze your data first, after which this analyzer-process writes something like a table of contents.
This table of contents is then used for search actions, because a ToC reads faster than actually having to scan your documents on-the-fly.

Microsoft has set a pretty round number on this, so it is easily remembered.

Should you go over the limit of 5000, the automatic indexing process simply becomes not-so-automatic and will take around 24 hours, depending on the process timing by Microsoft, which is something you yourself cannot change.
There’s actually another limit : 20000 items. Here, the indexing starts to go wrong and may start reporting faulty results or missing files.

What I’m saying is : “DON’T PANIC ; don’t limit yourself to the 5000 items barrier if indexing within 24 hours is good enough”

 

Onward !

Hopefully, I didn’t scare you too much here on the whole Sharepoint thing.
If you’re still planning to move your data to Microsoft’s cloud environment, keep reading on the entire process of migrating and what tools to use best in a next post.

Peace out!

Public Contact Folder in an Office 365 environment

Get global

Imagine coming from an obscure mail system in which you got a couple of public folders, such as a Public Address Book (not to be confused with the GAL – Global Address List) or some public Agenda.
Basically, this could also be a non-obscure system, as even the most generic or widely-used mail systems provide this functionality.

Having heard so much about Office 365, you decide to take the leap towards the cloud and start migrating all you mailboxes, only to find no default out-of-the-box public folder.

Fear not, as the functionality is still there. Even though it was rumored Microsoft was going to stop support for public folders in an Exchange environment. User pressure caused M$ to re-evaluate their choice, thus public folders are here to stay (at least for 3 years minimum).
This also applies to Exchange Server 2016, by the way.

 

Howstuffworks.com

I’m going to assume you follow the necessary steps to set up a working O365 environment

In the admin menu

  1. Open the Admin > Exchange menu in your O365 admin page
  2. Once inside the Exchange Control Panel, select ‘Public Folders’ in the leftmost menu or on the dashboard.
  3. A new menu will appear, where you are to select “Public Folder Mailbox” in the topmenu.
    For some reason yet unknown to me, you have to create a public folder mailbox first before you can actually create a public folder.
    One would expect this to have all of this process automated…
    Oh well, best go with the flow.
  4. Click the little “Plus” icon and fill out the necessary info.
  5. Once this is done, you get to create the actual shared folder in that same top menu, by selecting *insert drum roll* “Public Folders”.
    Click the little “Plus” icon in order to start creating your first Public Folder and name it as such.
  6. Click save and *BOOM* your folder has been created.
    Now you should be assigning user rights to this folder, as you’re not going to be admin’in this folder yourself as global admin for this O365 tenant.
    Ideally leave the administration of public folders for contacts, agenda’s etc. to the end-customer as this is a specific task for a specific kind of manager.
    If you’re reading this as the IT guy/girl for a small company, you’re probably screwed and get to do this task yourself.
    Click the newly created folder once so that the focus is on its name and next click on “Manage” in the right column.
  7. You can choose who you want to allow specific rights to this folder, by clicking the necessary rights ticks or selecting prefab permission levels in the dropdown menu.
    Press “Save” when done.

 

 

Actually creating contacts

  1.  Start by opening Outlook as a user that has owner rights (or sufficient rights to create folders) to your public folder and go to “Folder View” (that’s the three little dots in the bottom of your left column, in case you don’t have a 4K screen)
  2. Next, open the new public folder by expanding “All public folders” until you’ve reached your root folder (which should just be one click, normally)
  3. Right click the root folder and select “New folder”, after which you give it an appropriate name and select “This folder contains Contact Items”
    As you see, other options are available, such as a public agenda etc.
  4. We’ve already set the rights for admin, but as an owner, you can easily set other user’s rights afterwards through Outlook, instead of having to run over to your Exchange Control Panel as the global admin user.
    In any case, you can right click your newly created folder, that will now have a Contact icon and select “Properties”
    …where you can tick the option  “Show this folder as an e-mail address book”, so that Outlook (and you mobile as well as webmail) will be able to display this list for you to search through.
    Confirm with OK.
  5. Clicking the “To” button in your Outlook, will now let you select your newly created address book.
    Everybody happy !
  6. Now either import your PST file from the previous public contact list or start typing.
    Good luck !

 

 

 


Many thanks to Peter from Kalmstrom.com for providing the necessary ‘missing links’ in my to-do list. I also shamelessly took the imagery from his website, as my own O365 30-day demo was expired ;).
In my defense, it looks like the Pakistani Rimza.com domain in the example is possibly not Peter’s domain either :p

Thanks, Microsoft – CredSSP error when connecting to a terminal server

Halp ! My RDP connection can no longer connect.

Imagine doing your Windows updates, like a good boy, when suddenly you get this nice little error.

An authentication error has occurred.
The function requested is not supported.
Remote computer : <insert remote desktop server name>

This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

What happened ?

Microsoft has patched a security thingie, recently on all recent server OS’es.
Every good citizen, using the default Remote Desktop software, has a big chance to be screwed.

Quick fix –>

Create a DWORD registry entry as follows :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] “AllowEncryptionOracle”=dword:00000002

Even more “lazy mode” –>

Download and unzip credssp file.

Doubleclick the REG file after unzipping.

No matter which solution you’ve chosen, reboot the client PC.

Weird folder properties or invisible mails in Outlook after importing IMAP mails (what’s in a a title ?). Say, how much info can you actually cram in this specific title field ? Still not running out of space. Ah well, here’s the post…

Situation sketch

You’ve just imported somebody’s mailbox in a lovely new Office 365 or local Microsoft Exchange Server, coming from a somewhat older system running on IMAP or an other cool 80’s-90’s e-mail protocol.

After struggling with all the necessary issues you run into (getting rid of Mozilla Thunderbird, convincing the local Linux user that he should indeed run Windows for him to receive proper support from you, updating everything to the latest released patches, …), you finally get a version of Outlook up and running, with all mails, calendar and contacts.
Also, don’t forget your auto-complete list ! (NO THIS ISN’T YOUR ADDRESS BOOK)

WHEN SUDDENLY one of the following complaints come your way :

  • I can’t delete a certain folder in my Outlook !
  • One or more of my folders is empty, even though it says “xxx number of items in this folder” !
  • What is “FILTER APPLIED” on the bottom bar of my freshly installed Outlook and why can’t I reset my “Views” in the “Change View” menu ?

In this specific case, after a copy or import from an IMAP mailbox, there’ s a huge possibility that the properties of your folder that houses these mail messages is set to something faulty.

In most of these cases, it’s the so-called Container Class that still thinks that we’re working in an IMAP folder instead of a regular “Note” folder. (I didn’t invent the name)

 

Solving the actual problem

Before we start, I’d like to add a little disclaimer here, saying you can seriously mess up your mail folders if you just fiddle around without knowing what you’re doing in the software we’ll be using.

This magical piece of software is called “MFCMAPI” and can be downloaded from https://github.com/stephenegriffin/mfcmapi

Can’t find the executable ? That’s normal, it’s GitHub. You’re supposed to become depressed here.

https://github.com/stephenegriffin/mfcmapi/releases is the place to be 😉

I’ve made a personal package for your ease here –> MFCMAPI pack v18.2

Download the version corresponding to your OFFICE VERSION (not your Windows version), 32 or 64 bit, unpack the zipfile and run the package.

  1. Go to Session > Logon 
  2. Select your Outlook profile (if any)
  3. Double-click the data store (possibly just one, depending on the rights you have to other mailboxes or extra added PST files)
  4. Expand Root – Mailbox (or whatever it’s called in your Office installed language)
  5. Expand the Top of Information Store or the IPM_Subtree folder
  6. Select Inbox (language-specific name) and browse to the folder containing the problem
  7. Doubleclick PR_CONTAINER_CLASS in the right column and change the value in the ANSI field to IPF.Note.
    If my predections were correct, it used to say IPF.IMAP.
    If this is not the case, stop what you’re doing and roll back your changes, as there’s a different issue.