Office 365 Mail flow Rules/ SPF Failed / Does not designate

SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from getting flagged as spam before they reach your recipients. Email spoofing is the creation of email messages with a forged sender address something that is simple to do because many mail servers do not perform authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message, using the following method you can block such forged senders.

Login in to office 365 Portal (https://login.microsoftonline.com)

Click on “Admin”  >> Exchange from the Exchange admin center

Click on “Mail Flow” >>  Rules >> Click on “+” and select “Create a new rule….”

Edit the Rule

Rule Name : (The purpose of the filter)

*Apply this rule if: The sender if located

Add condition another condition

Type the header includes and words

NOTE:

You could add multiple actions, Also you can specify exceptions

Rule mode should be Enforce

Save the changes and exit.

NOTE:

Headers that you could use for the filers

Header Name

Resent-From

Message-ID

Date

From

User-Agent

MIME-Version

To

Subject

Content-Type

Content-Transfer-Encoding

Return-Path

Received-SPF

X-Auto-Response-Suppress

X-OrganizationHeadersPreserved

X-EOPAttributedMessage

X-MS-Exchange-Organization-MessageDirectionality

X-Forefront-Antispam-Report

X-MS-Exchange-Organization-PRD

X-MS-Exchange-Organization-Antispam-Report

X-MS-Exchange-Organization-SCL

X-MS-Exchange-Organization-SenderIdResult

X-CrossPremisesHeadersPromoted

X-CrossPremisesHeadersFiltered

X-MS-Exchange-Organization-Network-Message-Id

X-Microsoft-Antispam

X-MS-Exchange-Organization-AVStamp-Service

X-Exchange-Antispam-Report-Test

X-MS-Exchange-Organization-AuthSource

X-MS-Exchange-Organization-AuthAs

X-OriginatorOrg

-Thanks

@Roshan

Recover Purge Items in Office 365 \ On Cloud \ Retention Policy

If a user purges an e-mail message from the Recoverable Items folder, by what is called a hard delete, the purged message is moved to the Purges subfolder, which isn’t accessible to and can’t be recovered by the user. Only an administrator can recover a purged e-mail message.
Note:   Because items in the Purges subfolder in the Recoverable Items folder are indexed and discoverable, administrators or discovery managers can use Multi-Mailbox Search to search for purged items. Administrators aren't assigned this role by default. To search multiple mailboxes, add yourself as a member of the Discovery Management role group.

After you have installed and configured Windows PowerShell and Windows Remote Management (WinRM) on your computer, you have to connect the Windows PowerShell on your local computer to the cloud-based service to perform tasks in your cloud-based organization.

Step – 1

Click Start, point to All Programs, click Accessories, click Windows PowerShell, and then click Windows PowerShell.

1.    $Cred=Get-Credential (Type cloud admin credentials)

2.    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection

3.    Import-PSSession $Session

Once you successfully connected to cloud use following Search-Mailbox to Search e-mail messages.

Examples: Recovering,

1. This example searches the mailbox of User Name and copies the search results to the DiscoverySearchMailbox in the folder RecoveryItems.

Search-Mailbox "User Name" -SearchDumpsterOnly -SearchQuery "Subject:Happy Birthday!" -TargetMailbox "DiscoverySearchMailbox" -TargetFolder "RecoveryItems" -LogLevel Full.

This example searches User Name’s mailbox for messages that contain the phrase "Subject:Happy Birthday!" in the subject and logs the result in the “RecoveryItems” folder in the DiscoverySearchMailbox's mailbox. Messages aren't copied to the target mailbox.

Search-Mailbox "User Name" -SearchDumpsterOnly -SearchQuery "Subject:Happy Birthday!" -TargetMailbox "DiscoverySearchMailbox" -TargetFolder "RecoveryItems" -LogOnly -LogLevel Full

This example searches all mailboxes in your organization for messages that contain the words "Spam", "Email", or "Download". The search results are copied to the Discovery Search Mailbox in the folder AllMailboxes-Election.

Get-Mailbox | Search-Mailbox -SearchQuery 'Spam OR Email OR Download' -TargetMailbox "Discovery Search Mailbox" -TargetFolder "AllMailboxes-Election" -LogLevel Full

Examples: Deletes the Messages,

This example searches April Stewart's mailbox for messages that contain the phrase " Massive Inventory Blowout!" in the subject and deletes the messages from the source mailbox.

Search-Mailbox -Identity "User Name" -SearchQuery 'Subject:"Massive Inventory Blowout!"' -DeleteContent

User Name: Mailbox that you want to search for the purge items

SearchQuery: Searching Critiria "Subject:Happy Birthday!"

TargetMailbox: Mailbox that you want the search items to be listed

TargetFolder: Name of the Folder

   Once the above steps completed use Remove-PSSession $Session to exit from the session.

Step – 2

   Assign yourself full permission to the Mailbox (Discovery Search Mailbox)

Open Emc

Add the user account that you want to assign permission to

Step - 3

Open Outlook and Look for the Purges folder under RecoveryItems. You can copy the purge items to .PST and send them to the user.

More information about Search-Mailbox cmdlet

You can use the Search-Mailbox cmdlet to search messages in a specified mailbox and perform any of the following tasks:

• Copy messages to a specified target mailbox.
• Delete messages from the source mailbox.
• Copy messages from the source mailbox and delete them from the target mailbox.
• Perform single item recovery to recover items from a user's Recoverable Items folder.
• Clean up the Recoverable Items folder for a mailbox when it has reached the Recoverable Items hard quota.

Parameter	Required	Description
EstimateResultOnly	Required	The EstimateResultOnly switch specifies that only an estimate of the total number and size of messages returned by the search be provided. Messages aren't copied to the target mailbox. You can't use this switch with the TargetMailbox parameter.
Confirm	Optional	The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.
DeleteContent	Optional	The DeleteContent switch specifies that the messages returned by the search be permanently deleted from the source mailbox. When used with the TargetMailbox parameter, messages are copied to the target mailbox and removed from the source mailbox. If you set the logging level for the search to Basic or Full, you must specify a target mailbox and a target folder to place the log in. To delete messages from the source mailbox without copying them to the target mailbox, don't specify theTargetMailbox, TargetFolder, and LogLevel parameters. Important: You need to be assigned the Mailbox Import Export management role to use this switch. By default, this role isn't assigned to any role group. Typically, you assign a role to a built-in or custom role group. Or you can assign a role to a user, or a universal security group. Before you use the DeleteContent switch to delete content, we recommend that you test search parameters by using the LogOnlyparameter, as shown in Example 2.
DoNotIncludeArchive	Optional	The DoNotIncludeArchive switch specifies that the user's archive mailbox shouldn't be included in the search. You don't need to specify a value for this switch.
Force	Optional	The Force switch overrides the confirmation prompt displayed when your use the DeleteContent switch to permanently delete messages.
IncludeUnsearchableItems	Optional	The IncludeUnsearchableItems switch specifies whether to include items that couldn't be indexed by Exchange Search. When set to $true, theIncludeUnsearchableItems switch specifies that items that couldn't be indexed by Exchange Search should be included in the search results.
LogLevel	Optional	Suppress - No logs are kept. Basic - Information about the query and who ran it is kept. Full - In addition to the information kept by the Basic log level,
LogOnly	Optional	The LogOnly switch specifies that a search be performed and only a log be generated. Messages returned by the search aren't copied to the target mailbox. The logging level is specified by using the LogLevel parameter.
SearchDumpster	Optional	The SearchDumpster parameter specifies whether to search the Recoverable Items folder, which is the storage location in which items deleted from the Deleted Items folder or hard-deleted items are stored until they're purged from the mailbox database. By default, the Recoverable Items folder is always searched. To exclude the folder from the search, set the SearchDumpster switch to $false, for example,-SearchDumpster:$false
SearchDumpsterOnly	Optional	The SearchDumpsterOnly switch specifies that only the Recoverable Items folder of the specified mailbox be searched. You can also use this switch with the DeleteContent switch to delete messages from the Recoverable Items folder and reduce the size of the folder.
SearchQuery	Optional	The SearchQuery parameter specifies a search string or a query formatted using Keyword Query Language (KQL). For more details about KQL, see Keyword Query Language syntax reference. If this parameter is empty, all messages are returned.
WhatIf	Optional	The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

-Roshan

Email Migration to Office 365 Flowchart

Installing SQL Failover Cluster and Prerequisites / MSDTC Service

Installing SQL Failover Cluster and Prerequisites

Installing MSDTC Service (is required to install before installing the sql server failover cluster)

Installing Application Server @ Distributed Transaction

Add Role and Features >>

Select the Server from the pool

Tick the “Application Server”

Select “Incoming Network Transactions” and “Outgoing Network Transactions”

Install .Net 3.5 using add Roles and Features

You’ll need the windows 2012 installation disk for this task

Click on the “Specify an alternate source patch” and give sources\sxs from your installation media

Installing MSDTC Service

Open Failover Cluster Manager >>

Select “DTC” and next to continue..

Type a name and IP address for DTC service and Next to continue

Select the storage for the msdtc service

Setup Failover Cluster SQL Server

Insert the SQL 2012 Server Installation media >> run the setup

From the setup click on installation >> New SQL Server failover cluster installation

Click show details

Enter the Key or Use Evaluation

Accept the license agreement

Check the Warnings and Errors >> following warnings can be ignored

Click next to continue

Select the SQL features that you want to install,

Click show details

You can use the Default instance or Named Instance and Instance ID:

Click next to continue

Can change the Resource group name if needed:

Select the Disks that you are going to use for sql

Type the cluster IP address

It is good idea to enable mixed mode and if you not required you can disable it later.

Also add “Current User” to the SQL Server Administrators click next to continue

Change the Log Directory a new disk

Click next to continue

Click Install to install the cluster

Click close, you have now installed sql failover cluster successfully

Adding secondary node to the SQL Failover Cluster

Click on Details for more information, if found errors resolve them and continue

Enter the product key or use evaluation

Accept the license agreement

You’ll get following error if you are having internet connectivity issue. You can ignore it

If you are run into critical errors please resolve them before continuing but some warnings can be ignored

Select the cluster Instance and click next

Click next to continue

Specify service accounts that you are going to use

Click next to continue

Click next to continue

Click Close to End the Wizard,

-Roshan