The post from Sean Erp says it all, good to have in mind when you try to explain to customers!
Source: https://blogs.technet.microsoft.com/ptsblog/2013/06/20/office-365-mail-flow-troubleshooting/
To make sure that the emails is sent secure, Microsoft recommend to Authenticate the Application or Device which is going to send email.
I always recommend the customers to create one or several specific Office 365 Accounts with a Exchange Online license.This way you can set password never expire and choose a complex password with 16 characters.
Configure the Application or Device with the following settings:
SMTP Server: smtp.office365.com
Encryption/TLS: YES
Port: 587
And of course, make sure to enter the specific account under username and password.
Of course you can test the connection and the credentials before you deploy this solution.
I’ve created a simple Powershell script that can test this:
$smtpcred = Get-Credential
Send-MailMessage –From SMTP@thecloudgeek.net –To Administrator@thecloudgeek.net –Subject “Testing SMTP” –Body “This email is sent from Office365 SMTP server for test purpose” -SmtpServer smtp.office365.com -Credential $smtpcred -UseSsl -Port 587
This script can come in handy when some customer call you to report that the email from the Applications/Devices isn’t working correctly. You can test the connection and the credentials easily.
Make sure that you change the mail-addresses, the Subject and Body after your needs.
For more informations about other solutions and limits, visit Technet
Go to Microsoft Office 365 setup guide for E3 licenses here.
Enter the information as required:
Be sure to select the correct country, so the tenant is provisioned in the correct datacenter for your location and then press next.
(If you want to choose witch license to get started with, you can do this at https://products.office.com/en-us/business/compare-office-365-for-business-plans Select the subscription you would like to try by clicking “Free trail”)
Now its time to enter the information for the first Office 365 account in your tenant.
Normally, you would like to create a account named “Admin” of some sort.
Be sure to double-check the “Company name” that creates the first account.
This name cannot be changed later on. This name will also appear in the tenant, for example thecloudgeek.sharepoint.com.
Also make sure to save the credentials you insert!
Confirm you´re not a robot:
Enter the code, and press “Create my account”
The tenant will now be provisioned, it make take a couple of minutes before all services are functional and working as planed.
The tenant will now be provisioned, it make take a couple of minutes before all services are functional and working as planed.
4. Add your domain by following the guide.
You will need to verify that you own the domain before you can start using it.
This is normally done by adding a TXT record into your dns zone.
It regularly looks something like this:
| TXT name | TXT value | TTL |
|---|---|---|
| @ | MS=ms35523824 | 3600 |
5. When the domain is verified, you can add all those records that actually will make office 365 work:
| CNAME RECORDS | ||||||
| Host name | Points to address or value | TTL | ||||
| autodiscover | autodiscover.outlook.com | 3600 | ||||
| sip | sipdir.online.lync.com | 3600 | ||||
| lyncdiscover | webdir.online.lync.com | 3600 | ||||
| msoid | clientconfig.microsoftonline-p.net | 3600 | ||||
| enterpriseregistration | enterpriseregistration.windows.net | 3600 | ||||
| enterpriseenrollment | enterpriseenrollment.manage.microsoft.com | 3600 | ||||
| TXT RECORDS | ||||||
| TXT Name | TXT value | TTL | ||||
| @ | v=spf1 include:spf.protection.outlook.com -all | 3600 | ||||
| SRV RECORDS | ||||||
| Service | Protocol | Port | Weight | Priority | Name | Target |
| _sip | _tls | 443 | 1 | 100 | @ | sipdir.online.lync.com |
| _sipfederationtls | _tcp | 5061 | 1 | 100 | @ | sipfed.online.lync.com |
| MX RECORDS | |||||
| Priority | Host name | Points to address or value | TTL | ||
| 0 | @ | testcompany-com.mail.protection.outlook.com | 3600 | ||
6. When all above records is tested, your Office 365 services will be online and all functional!
7. Now you need to create some new users and assign some licenses, and you are good to go with a basic office 365 tenant
Remove the users “Full permission” to the “shared mailbox” witch isn’t syncing.
Make sure the “Shared mailbox” disappears from the users outlook client.
(You might speed up the process by restarting outlook.)
Disable the automapping function and add FullAccess to the specific shared mailbox through powershell:
Add-MailboxPermission -Identity “shared mailbox name” -User ‘Users name’ -AccessRight FullAccess -InheritanceType All -Automapping $false
Add the shared mailbox manually through the following steps:
Right-click on your main account and select “Data file properties” -> “Advanced” -> “Advanced” -> Press “Add” and type the emailadress of the “shared mailbox”
The mailbox will now start to sync as it should.
Be aware of “Use cached exchange Mode” This might take up alot of disk space in the user profile disk or on C:\ depending on setup and environment.
