Office 365 Interview Questions and Answers 8

January 16th, 2020 | Posted by admin in Exchange | Exchange Online | Office 365

On a hybrid exchange environment, on-premise recipient is set as a moderator and when an office 365 user send an email to that moderated distribution group, on-premise moderator not able to see approve or reject option. What could be the issue and how to fix it?


Approve or Reject option supported only when TNEF settings enabled for the remote domain object. For this scenario, the remote domain object of the company.com in Exchange online to be TNEF enabled.

What is Directory Based Edge Blocking?

The Directory Based Edge Blocking (DBEB) feature in Exchange Online Protection (EOP) lets you reject messages for invalid recipients at the service network perimeter. DBEB lets admins add mail-enabled recipients to Azure Active Directory and block all messages sent to email addresses that aren’t present in Azure Active Directory.

If a message is sent to a valid email address present in Azure Active Directory, the message continues through the rest of the service filtering layers (anti-malware, anti-spam, transport rules). If the address is not present, the service blocks the message before filtering occurs, and a non-delivery report (NDR) is sent to the sender informing them that their message was not delivered.

What is Conditional Mail Routing?

Companies will have requirement like you need to route mail differently depending on who the mail is sent to or from, where it’s being sent, the contents of the message, and so on. For example, if you have multiple sites around the world, you might want to route mail to a specific site. You can do this using connectors and mail flow rules called Conditional Mail Routing.

How the Mail flow working in Office 365 or Exchange Online Protection?

MX record point towards Office 365 Tenant -> Exchange Online Protection will receive the email and it will do the Recipient validation using Directory Based Edge Blocking, if the recipient is not available email will be dropped -> Anti-Virus scanning will occur, EOP has 3 AV engines -> Recipient resolution will occur like distribution group expansion -> Transport Rule will be applied, if any marked as SPAM using Transport rule then those emails will be quarantined -> Anti-Spam Protection will occur which includes, content scanning, outlook safe sender validation, URL blocking, bulk mail filtering, international spam filtering – > customer delivery pool and then to On-Premise Server.

When you will enable Centralized Mail Transport?

Centralized Mail Transport is a mail routing control in Exchange Online Protection that will always route the emails to On-Premise Exchange server instead of directly sending that to Internet from Office 365.

Companies having DLP solution in On-Premise want to always route the emails from both On-Premise user and Office 365 via DLP solution in On-Premise. If Centralized Mail Routing not enabled, then the email will directly route to internet and compliance requirement will not met. Companied with similar requirement has to enable this feature when running Hybrid Configuration Wizard.

What are Federation mailbox?

Below are the Federation Mailbox which can be configured in On-Premise Exchange, but we cannot manage \ create federated mailbox in Office 365.

Federation Mailboxes are special type of Mailbox used for system related activities like moderation, OAB generation, federation, storing audit logs, discovery searches and migration batches. Five type of mailbox available in Exchange 2013 and above versions.

SystemMailbox{1f05a927-xxxx-xxxx-xxxx-xxxxxxxxxxxx} moderates messages, i.e., it is used for managing approval workflow. For example, an arbitration mailbox is used for handling moderated recipients and distribution group membership approval. The display name for this account is Microsoft Exchange Approval Assistant and is available since Exchange 2010.

SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} is used in the Offline Address Book (OAB) generation process. This arbitration mailbox, with persisted capability of OrganizationCapabilityOABGen, is called an Organization Mailbox. Administrators can create additional Organization Mailboxes for fault tolerance or for serving users in a geographically disbursed Exchange deployment. As such, to list the arbitration mailboxes with persisted capability of OABGen, user the following cmdlet: Get-Mailbox -Arbitration | Where {$_.PersistedCapabilities -match “oab”}. This mailbox is new in Exchange 2013.

SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} holds administrator audit log reports and stores in-place e-discovery search metadata. The display name for this account is Microsoft Exchange. This mailbox is available since Exchange 2010.

FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 used for federation between different Exchange organizations and available since Exchange 2010. Its display name is Microsoft Exchange Federation Mailbox.

Migration.8f3e7716-2011-43e4-96b1-aba62d229136, new in Exchange 2013, holds details of mailboxes being moved in migration batches.

What is Cloud App Discovery?

Cloud App Discovery is feature in Azure AD that provides visibility into which cloud applications are used within an organization. We can assess risk and remediate by looking at the reports based on users, requests and the volume of data exchanged. Identify Top cloud applications used in the organizations and proceed with the Integration.

What is Muti-Factor Authentication (MFA)?

It is method of authentication requiring the use of more than one verification method to authenticate a user. Available options are Mobile Application, Automated Phone call and Text Message. Microsoft planning to decommission the Text Message option by end of 2018.

What is Access Panel?

Access Panel is where users can discover the applications they have access to. Users can login to myapp.microsoft.com to see the access panel. Access Panel allow users to change their password and can edit multi-factor authentication related contact and preference settings. Users can view details about their account.

On a Hybrid Exchange environment, recently an approved change was done on your exchange online environment and Office user complaining they are not receiving emails from a Partner organization. How you will trouble the mail flow?

We have an option to validate the mail flow by validating connectors on the Connectors page in the Exchange admin center. The built-in validation tests that your mail flow from Office 365 reaches:

  • Your organization’s email server
  • A partner organization.

We can use this option to validate the mail flow using this option.

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply