Overview
Contoso, Ltd. is a consulting organization that provides services to manufacturing businesses. Contoso is a business partner with Fabrikcom, Inc. and Trey Research.
Current environment
Deployment
- Contoso uses a Microsoft Exchange Server hybrid deployment. The company recently upgraded the Exchange Server environment from Exchange Server 2013 to Exchange Server 2016. - The existing deployment uses a Microsoft 365 Enterprise E3 subscription. - Email messages that Contoso, Ltd. sends to Fabrikcom, Inc. and Trey Research use send connectors that are deployed on the Exchange server.
Mailbox locations
- Mailboxes for users in the corporate environment are hosted on Exchange Server 2016 servers. - Mailboxes for members of the sales and marketing teams are hosted in Exchange Online.
Backup and retention
- Exchange data is backed up every night. Backups are stored in a Microsoft Azure storage account. - The mailbox retention period for mailboxes is 60 days. - The company has a retention policy that moves all email from the inbox of executives to an archive mailbox.
Identity and authentication
- The company configures Azure Active Directory (Azure AD) Connect by using express settings. - The Active Directory root domain is Contoso.com. There is another Active Directory (AD) tree named Tailspin.com.
- The Azure AD tenant name is contoso.onmicrosoft.com. - Contoso.com is a verified custom domain in Azure AD. - Contoso adds the primary contacts for each of their client companies as external recipients in Azure AD.
- The company uses self-signed certificates on all Exchange servers.
Policies
The Exchange server uses a custom email address policy for all recipients of smtp:Xg.Xsgcontoso.com.
Authentication
Fabrikcom, Inc. and Trey Research require that all inbound email must originate from an independently authenticated source. All synchronized Azure AD accounts must correspond to an existing AD account. You must remove any accounts from Azure AD that cannot be synchronized.
Retention
- On-premises mailboxes must apply retention policies that the company configures in Exchange Online.
- Audit logs must be retained for five years.
- All new mailboxes must be configured to move mail from the inbox that are older than 60 days to an archive in Exchange Online.
- Members of the compliance team must be able to retain email indefinitely. This must apply to inactive mailboxes of the compliance team.
- All email sent between members of the executive team must be encrypted with S/MIME. - Administrative operations on mailboxes for members of the executive team must be audited. This includes audits for operations that move email.
- All deleted messages must be completely removed from mailboxes 180 days after deletion for items not covered by a retention policy.
Sharing
- Users must be able to share calendar information with any other user in the organization. - Users must be able to share only free/busy information with external recipients. The information must not include the name or location for meetings.
Outgoing email
All email sent to external recipients must display a corporate disclaimer. Incoming email - All email attachments from external senders must be manually inspected by a moderator if they are unrecognized by Exchange Online. The moderator email address is moderator@contoso.com. - Recipients must be able to receive unrecognized email attachments from Fabrikcom, Inc. senders.
Hosting
All public folder content must be stored on the Exchange Server.
Team issues
Accounting team
Accounting team users report that they cannot send emails to mail-enabled public folders. Sales team
Sales team users report that they cannot send emails to mail-enabled public folders. Marketing team - A marketing team user named User1 is deleted. The user is rehired 45 days later in the same position and department. An administrator restores the User1 account. User1 reports that they cannot access their previous email.
- Corporate users are attempting to schedule meetings with marketing team members. When users attempt to add members of the marketing department, they are unable to view when they are available.
Executive team
- A user named Excel is unable to send an S/MIME encrypted email to a user named Exec2. - Email messages in the executive team mailboxes that are larger than 5 MB are not moved to their archive mailbox.
- Audit logs for Executive mailboxes are being deleted after 90 days.
Other issues
Retention policies
- The default retention policies are not being applied to new mailboxes that the company creates in the on-premises environment.
- The system deletes audit logs for executive mailboxes after 90 days. Audit logs do not record operations for email that is moved.
- Members of the compliance team report they are unable to retain messages for more than 60 days.
Microsoft Outlook
- Users with accounts in the Tailspin AD tree report Outlook is not set up automatically. - Contoso users report that Outlook takes a long time to reconnect to Exchange after a computer resumes from hibernation.
Compliance
Users report that they can view items older than 180 days in the Recoverable items folder. Email to and from external partners
- A Fabrikcom, Inc. administrator reports that a disclaimer is not appended to email received from Contoso, Ltd.
- A user named User2 reports receiving an email attachment that is not recognized by Exchange Online from an external sender.
Azure AD
A user named Admin 1 reports issues synchronizing accounts to Azure AD.
Calendar sharing
Users are unable to share calendar information with external recipients.