Rules to Better Exchange Server - 4 Rules
Do you configure redirection from HTTP to https for Outlook Web App (OWA)? To simplify OWA access for your users, you want to configure the Outlook Web App page to automatically redirect users to https. The HTTP redirect procedure in IIS Manager simplifies OWA URL and forces to SSL connection from mail.domain.com to mail.domain.com/owa .
- Start IIS Manager.
- Expand the local computer, expand Sites, and then click Default Web Site
- At the bottom of the Default Web Site Home pane, click Features View if this option isn't already selected
- In the IIS section, double-click HTTP Redirect
- Select the Redirect requests to this destination check box
- Type the absolute path of the /owa virtual directory. For example, type mail.domain.com/owa
- Under Redirect Behavior , select the Only redirect requests to content in this directory (not subdirectories) check box
- In the Status code list, click Found (302)
- In the Actions pane, click Apply
- Click Default Web Site
- In the Default Web Site Home pane, double-click SSL Settings
- In SSL Settings, clear Require SSL
- Open a Command Prompt window.
Run the following commands:
appcmd set config "Default Web Site/autodiscover" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/ecp" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/ews" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/owa" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/oab" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/powershell" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/rpc" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/rpcwithcert" /section:httpredirect /enabled:false -commit:apphost appcmd set config "Default Web Site/Microsoft-Server-ActiveSync" /section:httpredirect /enabled:false -commit:apphost
Finish by running the command:
- Open Internet Explorer and type in mail.domain.com
- Done - You are then redirected to mail.domain.com/owa
If email is the property of the employer, then it makes sense to monitor the health of your emails and email server.
If you are using Exchange Online as your mail server, you can see a whole dashboard of your current email situation at Office 365 Security & Compliance, including:
- Mail Flow Map - Where are your emails coming from and going to
- Outbound and inbound email count
- Alerts - Is anything wrong happening with my emails?
- Queues - Are any emails pending on a queue (not being delivered)?
Always keep on top of your email health!
It is not a good idea to have Windows Update automatically updating your servers. There are a few reasons.
- The hotfix could bring down a production environment. (This issue previously happened)
- In fact, even in a development environment, this could be hours of lost work as the development team struggles to understand why only some of the developers' servers magically and mysteriously broke overnight.
- Windows Update could restart your server, or put your server in a state where it requires restarting - preventing any urgent MSI installs without bringing down the server.
Windows Update remains the best thing for end-users to protect their systems. But in a server, especially a production server environment - Windows Update patches are just like any new versions of the software that's built internally. It should be tested and then deployed in a controlled manner.
So recommendations for managing updates are as follows:
- Use WSUS to approve/deny updates for your servers.
- Update Staging/Development servers first to see if any issues arise from the updates.
- Roll these updates out to Production once confident there are no issues.
- Windows Updates may be critical and should be kept relatively up to date.
- Do all of this on a schedule - have an email sent to your SysAdmins to remind them to review and reboot needed machines:
- Do you enable automatic Windows Update Installations? [for PCs]
- Do you use Group Policy to manage your Windows Update Policy? [for both PCs and Servers]
The default message size limit in Exchange Online is 25MB. Even though email attachments are not the best way to share a large file, sometimes it is the only option - and these days, 25MB is quite small. This default limit should be increased; it is easy to do so from the Exchange admin center or Exchange Management Shell.
It is important to remember that the maximum email attachment size will also depend on the person receiving the email - their email service will need to accept the larger size. For example, Gmail's default limit is also 25MB.
- Go to Exchange admin center | Recipients | Mailboxes | Set default message size restrictions
- Enter the maximum size you would like to set in KB for both sending and receiving, and click Save. We have it set to 35MB (35,840KB).
Note that this will only apply to new mailboxes. To change the restrictions for existing mailboxes, from the same page you can select one, several or all existing mailboxes, and click Message size restrictions. As above, enter the desired maximums and click Save.
Of course, this can also be done with the Exchange Management Shell, for example:
Set-Mailbox -Identity "Adam Cogan" -MaxSendSize 35mb -MaxReceiveSize 35mb