1- Exchange online clients

1.1 POP3 and IMAP4

Exchange Online

Applies to: Exchange Online

Topic Last Modified: 2017-10-27

Summary: An overview of POP3 and IMAP4, and the differences between them.

By default, POP3 and IMAP4 are enabled for all users in Exchange Online.

 To enable or disable POP3 and IMAP4 for individual users, see Enable or Disable POP3
or IMAP4 access for a user.
 To customize the POP3 or IMAP4 settings for a user, see Set POP3 or IMAP4 settings
for a user.
 After POP3 and IMAP4 are enabled, guide people to the instructions for setting up POP3
or IMAP4 at Use IMAP or POP email programs and Settings for POP and IMAP access.

Users can use any email programs that support POP3 and IMAP4 to connect to Exchange
Online. These programs include Outlook, Microsoft Outlook Express, Entourage, and many
third-party programs, such as Mozilla Thunderbird and Eudora. The features supported by each
email client programs vary. For information about features offered by specific POP3 and IMAP4
client programs, see the documentation that's included with each application.

POP3 and IMAP4 provide access to the basic email features of Exchange Online and allow for
offline email access, but don’t offer rich email, calendaring, and contact management, or other
features that are available when users connect with Outlook, Exchange ActiveSync, Outlook
Web App, or Outlook Voice Access.

Note:
Each time a person accesses a POP-based or IMAP-based email program to open his or her
Office 365 email, that user will experience a delay of several seconds. The delay results from
using a proxy server, which introduces an additional hop for authentication. The proxy server
first looks up the assigned pod server (client access server) and then authenticates against that.

Contents
Settings users use to set up POP3 or IMAP4 access to their Exchange Online mailboxes

Understanding differences between POP3 and IMAP4

Send and receive options for POP3 and IMAP4 email programs

Settings users use to set up POP3 or IMAP4 access to their

Exchange Online mailboxes
After you enable POP3 and IMAP4 client access, you have to give users the information in the
following table so that they can connect their email programs to their Exchange Online
mailboxes.

POP3 and IMAP4 email programs don’t use POP3 and IMAP4 to send messages to the email
server. Email programs that use POP3 and IMAP4 rely on SMTP to send messages.

Server name Port Encryption method

POP3 Outlook.office365.com 995 TLS
IMAP4 Outlook.office365.com 993 TLS
SMTP Smtp.office365.com 587 TLS

Understanding the differences between POP3 and IMAP4

By default, when POP3 email programs download email messages to a client computer, the
downloaded messages are removed from the server. When a copy of your user's email isn't kept
on the email server, the user can't access the same email messages from multiple computers.
However, some POP3 email programs can be configured to keep copies of the messages on the
server so that the same email messages can be accessed from another computer. POP3 client
programs can be used to download messages from the email server to only a single folder
(usually, the Inbox) on the client computer. POP3 can't synchronize multiple folders on the email
server with multiple folders on the client computer. POP3 also doesn't support public folder
access.

Email client programs that use IMAP4 are more flexible and generally offer more features than
those that use POP3. By default, when IMAP4 email programs download email messages to a
client computer, a copy of each downloaded message remains on the email server. Because a
copy of the user’s email message is kept on the email server, the user can access the same email
message from multiple computers. With IMAP4 email, the user can access and create multiple
email folders on the email server. Users can then access any of their messages on the server from
computers in multiple locations. For example, most IMAP4 programs can be configured to keep
a copy of a user's sent items on the server so that he or she can view the sent items from any
other computer. IMAP4 supports additional features that are supported by most IMAP4
programs. For example, some IMAP4 programs include a feature that lets users view only the
headers of their email messages on the server—who the messages are from and the subjects—
and then download only the messages that they want to read.

Send and receive options for POP3 and IMAP4 email

programs
POP3 and IMAP4 email programs let users choose when they want to connect to the server to
send and receive email. This section discusses some of the most common connectivity options
and provides some factors your users should consider when they choose connection options
available in their POP3 and IMAP4 email programs.

Common configuration settings

Three of the most common connection settings that can be set on the POP3 or IMAP4 client
application are:

 To send and receive messages every time the email application is started. When this
option is used, mail is sent and received only on starting the email application.
 To send and receive messages manually. When this option is used, messages are sent and
received only when the user clicks a send-and-receive option in the client user interface.
 To send and receive messages every set number of minutes. When this option is used, the
client application connects to the server every set number of minutes to send messages
and download any new messages.

For information about how to configure these settings for the email application that you use, see
the Help documentation that's provided with the email application.

Considerations when selecting send and receive options

The default setting on some email programs is to not keep a copy of messages on the server after
they're retrieved. If the user wants to access messages from multiple email programs or devices,
they should keep a copy of messages on the server.

If the device or computer that's running the POP3 or IMAP4 email application is always
connected to the Internet, the user might want to configure the email application to send and
receive messages every set number of minutes. Connecting to the server at frequent intervals lets
the user keep the email application up-to-date with the most current information on the server.
However, if the device or computer that's running the POP3 or IMAP4 email application isn't
always connected to the Internet, the user might want to configure the email application to send
and receive messages manually.

Note:
If the user is using an IMAP4-compliant email application that supports the IMAP4 IDLE
command, the user might be able to send email to and receive email from the Exchange mailbox
in nearly real time. For this connection method to work, both the email server application and
the client application must support the IMAP4 IDLE command. In most cases, users don't have
to configure any settings in their IMAP4 programs to use this connection method.

1.2 Exchange ActiveSync in Exchange Online

Exchange Online

Topic Last Modified: 2013-10-10

Exchange ActiveSync is a client protocol that lets you synchronize a mobile device with your
mailbox.

Contents

Overview of Exchange ActiveSync

Features in Exchange ActiveSync

Managing Exchange ActiveSync

Overview of Exchange ActiveSync

Exchange ActiveSync is a Microsoft Exchange synchronization protocol that's optimized to work
together with high-latency and low-bandwidth networks. The protocol, based on HTTP and
XML, lets mobile phones access an organization's information on a server that's running
Microsoft Exchange. Exchange ActiveSync enables mobile phone users to access their email,
calendar, contacts, and tasks, and to continue to access this information while they're working
offline.

Features in Exchange ActiveSync

Exchange ActiveSync provides the following:

 Support for HTML messages

 Support for follow-up flags
 Conversation grouping of email messages
 Ability to synchronize or not synchronize an entire conversation
 Support for viewing message reply status
  Support for fast message retrieval
 Meeting attendee information
 Enhanced Exchange Search
 PIN reset
 Enhanced device security through password policies
 Autodiscover for over-the-air provisioning
 Support for setting automatic replies when users are away, on vacation, or out of the
office
 Support for task synchronization
 Direct Push
 Support for availability information for contacts

Managing Exchange ActiveSync

By default, Exchange ActiveSync is enabled. All users who have an Exchange mailbox can
synchronize their mobile device with the Microsoft Exchange server.

You can perform the following Exchange ActiveSync tasks:

 Enable and disable Exchange ActiveSync for users

 Set policies such as minimum password length, device locking, and maximum failed
password attempts
 Initiate a remote wipe to clear all data from a lost or stolen mobile phone
 Run a variety of reports for viewing or exporting into a variety of formats
 Control which types of mobile devices can synchronize with your organization through
device access rules

Managing mobile device access in Exchange ActiveSync

You can control which mobile devices can synchronize. You do this by monitoring new mobile
devices as they connect to your organization or by setting up rules that determine which types of
mobile devices are allowed to connect. Regardless of the method you choose to specify which
mobile devices can synchronize, you can approve or deny access for any specific mobile device
for a specific user at any time.

Device security features in Exchange ActiveSync

In addition to the ability to configure security options for communications between the Exchange
server and your mobile devices, Exchange ActiveSync offers the following features to enhance
the security of mobile devices:

 Remote wipe If a mobile device is lost, stolen, or otherwise compromised, you can
issue a remote wipe command from the Exchange Server computer or from any Web
browser by using Outlook Web App. This command erases all data from the mobile
device.
  Device password policies Exchange ActiveSync lets you configure several options for
device passwords. These options include the following:
o Minimum password length (characters) This option specifies the length of the
password for the mobile device. The default length is 4 characters, but as many as
18 can be included.
o Minimum number of character sets Use this text box to specify the
complexity of the alphanumeric password and force users to use a number of
different sets of characters from among the following: lowercase letters,
uppercase letters, symbols, and numbers.
o Require alphanumeric password This option determines password strength.
You can enforce the usage of a character or symbol in the password in addition to
numbers.
o Inactivity time (seconds) This option determines how long the mobile device
must be inactive before the user is prompted for a password to unlock the mobile
device.
o Enforce password history Select this check box to force the mobile phone to
prevent the user from reusing their previous passwords. The number that you set
determines the number of past passwords that the user won't be allowed to reuse.
o Enable password recovery Select this check box to enable password recovery
for the mobile device. Users can use Outlook Web App to look up their recovery
password and unlock their mobile device. Administrators can use the Exchange
admin center to look up a user's recovery password.
o Wipe device after failed (attempts) This option lets you specify whether you
want the phone's memory to be wiped after multiple failed password attempts.
 Device encryption policies There are a number of mobile device encryption policies
that you can enforce for a group of users. These policies include the following:
o Require encryption on device Select this check box to require encryption on
the mobile device. This increases security by encrypting all information on the
mobile device.
o Require encryption on storage cards Select this check box to require
encryption on the mobile device’s removable storage card. This increases security
by encrypting all information on the storage cards for the mobile device.

2.0 Collaboration in Exchange Online

Exchange Online

Applies to: Exchange Online

Topic Last Modified: 2016-12-09

Office 365 and Exchange Online provide the following rich features that can help your end users
easily collaborate in email:

 Site mailboxes
 Public folders
 Shared mailboxes
 Groups

Each of these features has a different user experience and feature set and should be used based
on what the user needs to accomplish and what your organization can provide. For example, site
mailboxes provide great documentation collaboration features. However, site mailboxes rely on
SharePoint, so if you aren’t planning on subscribing to SharePoint, you can use public folders to
share documents.

This topic compares these collaboration features to help you decide which features to offer your
users.

Site mailboxes
A site mailbox is functionally comprised of a SharePoint site membership (owners and
members), shared storage through an Exchange mailbox for email messages, and a SharePoint
site to store and share. Essentially, site mailboxes bring Exchange email and SharePoint
documents together. For users, a site mailbox serves as a central filing cabinet for the project,
providing a place to file project email and documents that can be accessed and edited only by site
members. In addition, site mailboxes have a specified lifecycle and are optimized to be used for
projects that have set start and end dates. To fully implement site mailboxes, end users must use
Outlook 2013.

To learn more, see Prepare for using Site Mailboxes in Office 365.

Public folders
Public folders are designed for shared access and provide an easy and effective way to collect,
organize, and share information with other people in your workgroup or organization.

Public folders organize content in a deep hierarchy that’s easy to browse. Users discover
interesting and relevant content by browsing through branches of the hierarchy that are relevant
to them. Users always see the full hierarchy in their Outlook folder view. Public folders are a
great technology for distribution group archiving. A public folder can be mail-enabled and added
as a member of the distribution group. Email sent to the distribution group is automatically added
to the public folder for later reference. Public folders also provide simple document sharing and
don’t require SharePoint to be installed in your organization. Finally, end users can use public
folders with the following supported Outlook clients: Outlook 2007, Outlook 2010, Outlook
2013, and Outlook Web App, but with some limitations.
To learn more, see Public folders in Office 365 and Exchange Online.

Shared mailboxes
A shared mailbox is a mailbox that multiple designated users can access to read and send email
messages and to share a common calendar. Shared mailboxes can provide a generic email
address (such as [email protected] or [email protected]) that customers can use to inquire
about your company. If the shared mailbox has the Send As permission assigned when a
delegated user responds to the email message, it can appear as though the mailbox (for example,
[email protected]) is responding, not the actual user.

To learn more, see Shared mailboxes.

Groups
Groups (also called distribution groups) are a collection of two or more recipients that appears in
the shared address book. When an email message is sent to a group, it’s received by all members
of the group. Distribution groups can be organized by a particular discussion subject (such as
“Dog Lovers”) or by users who share a common work structure that requires them to
communicate frequently.

To learn more, see Recipients in Exchange Online.

Which one to use?

The following table gives you a quick glance at each of the collaboration features to help you
decide which one to use.

Site mailboxes Public folders Shared mailboxes Groups

With the proper
permissions,
everyone in your
organization can
Users who work Delegates working on Users who need
access and search
together as a team behalf of a virtual identity, to send email to
public folders.
Type of on a specific and they can respond to a group of
Public folders are
group project with email as that shared recipients with a
ideal for
definitive start and mailbox identity. Example: common interest
maintaining
end dates. [email protected] or characteristic.
history or
distribution
group
conversations.
Ideal
Small Large Small Large
group size
For distribution
Users can be granted Full groups, members
Access and/or Send As must be
permissions. If granted Full manually added.
Site mailbox Accessible by
Access permissions, users For dynamic
Access owners and anyone in your
must also add the shared distribution
members. organization.
mailbox to their Outlook groups, members
profile to access the shared are added based
mailbox. on filtering
criteria.
Shared
No Yes Yes No
calendar?
Email Yes. Email
arrives in No. Email arrives No. Email arrives in the arrives in the
No. Email arrives
user’s in the public Inbox of the shared Inbox of a
in the site mailbox.
personal folder. mailbox. distribution
Inbox? group member.
 Outlook  Outlook
2013 2013
 Outlook  Outlook  Outlook 2013  Outlook
2013 Web App  Outlook Web App Web App
Supported
 SharePoint  Outlook  Outlook 2010  Outlook
clients
Online 2010  Outlook 2007 2010
 Outlook  Outlook
2007 2007

3.0 Spam confidence levels

Exchange Online

Applies to: Exchange Online, Exchange Online Protection

Topic Last Modified: 2017-10-02

When an email message goes through spam filtering it is assigned a spam score. That score is
mapped to an individual Spam Confidence Level (SCL) rating and stamped in an X-header. The
service takes actions upon the messages depending upon the spam confidence interpretation of
the SCL rating. The following table shows how the different SCL ratings are interpreted by the
filters and the default action that is taken on inbound messages for each rating.

SCL
Spam Confidence Interpretation Default Action
Rating
Non-spam coming from a safe sender, safe Deliver the message to the
-1
recipient, or safe listed IP address (trusted partner) recipients’ inbox.
Non-spam because the message was scanned and Deliver the message to the
0, 1
determined to be clean recipients’ inbox.
Deliver the message to the
5, 6 Spam
recipients’ Junk Email folder.
Deliver the message to the
7, 8, 9 High confidence spam
recipients’ Junk Email folder.

Tip:
SCL ratings of 2, 3, 4, 7, and 8 are not set by the service. An SCL rating of 5 or 6 is considered
suspected spam, which is less certain to be spam than an SCL rating of 9, which is considered
certain spam. Different actions for spam and high confidence spam can be configured via your
content filter policies in the Exchange admin center. For more information, see Configure your
spam filter policies. You can also set the SCL rating for messages that match specific conditions
by using Transport rules, as described in Use mail flow rules to set the spam confidence level
(SCL) in messages. If you use a transport rule to set SCL of 7, 8, or 9 the message will be treated
as high confidence spam.

4.0 Security and permissions cmdlets in

Exchange Online

Role based access control (RBAC) cmdlets

Management role cmdlets

Get-ManagementRole

New-ManagementRole

Remove-ManagementRole
Role assignment cmdlets

Get-ManagementRoleAssignment

New-ManagementRoleAssignment

Remove-ManagementRoleAssignment

Set-ManagementRoleAssignment

Role assignment policy cmdlets

Get-RoleAssignmentPolicy

New-RoleAssignmentPolicy

Remove-RoleAssignmentPolicy

Set-RoleAssignmentPolicy

Role entry cmdlets

Add-ManagementRoleEntry

Get-ManagementRoleEntry

Remove-ManagementRoleEntry

Set-ManagementRoleEntry

Role group cmdlets

Get-RoleGroup

New-RoleGroup

Remove-RoleGroup

Set-RoleGroup

Add-RoleGroupMember

Get-RoleGroupMember

Remove-RoleGroupMember
Update-RoleGroupMember

Role scope cmdlets

Get-ManagementScope

New-ManagementScope

Remove-ManagementScope

Set-ManagementScope

Partner application cmdlets

Get-AuthServer

Test-OAuthConnectivity

Get-PartnerApplication

New-PartnerApplication

Remove-PartnerApplication

Set-PartnerApplication