Tag: #MicrosoftEntra

Transfer Exchange State of Authority to the Exchange Online!!!

Managing remote Exchange Online hosted mailboxes post migration has been a pain for some time. Some attributes are managed in the cloud, others on premises, and to do it right you needed to keep an Exchange Server around… Well Microsoft has a new feature which allows admins to manage the Exchange properties of directory-synchronized users with remote mailboxes directly from the cloud and THIS jaw dropper is today’s #MicrosoftCloudQuickFix !!!

Microsoft Cloud Quick Fix

A new capability in preview for Exchange Online allows administrators to manage Exchange attributes for directory-synchronized users with mailboxes hosted in Exchange Online. With the update, the Source of Authority (SOA) for Exchange-specific attributes can be transferred to the cloud, while the SOA for identity-related attributes remains under the control of Windows Active Directory.

After moving the SOA for Exchange-specific attributes to Exchange Online / Entra ID, these attributes can be managed using EXO PowerShell, the Microsoft 365 Admin Centre, or the Exchange Admin Centre with future support for write-back support of designated attributes via Entra Cloud Sync.

Microsoft is providing this feature in two phases:

Phase 1 (Preview): allows admins to enable cloud management of Exchange attributes per mailbox by setting IsExchangeCloudManaged to true. Mailboxes can be reverted to on-premises management by resetting IsExchangeCloudManaged to false.

Phase 2: will include write-back support for specified attributes and Entra Cloud Sync integration. During this phase, updates to key Exchange properties made in Entra ID will be automatically synchronized with the on-premises Windows Active Directory. This process keeps the on-premises AD current; for example, changes to a proxy address in Exchange Online will be updated in Active Directory. To access write-back functionality, customers must implement Entra Cloud Sync.

The new cloud-managed mailbox capability allows organizations that use on-premises Windows Active Directory for identity to manage their Exchange Online mailbox attributes in the cloud. As a result, it is no longer necessary to maintain an Exchange server or management tools on-premises for routine Exchange administration tasks!

For more information see:

#MicrosoftCloudQuickFix #Microsoft365 #MicrosoftCloudSecurity #MicrosoftEntra #MicrosoftEntraID #WindowsActiveDirectory #ActiveDirectory #SecurityGroups #IdentityAccessManagement #IdentityGovernance #ExchangeOnline #ExchangeServer

Transfer an AD Group Source of Authority to the Entra ID!!!

Still using on premises Security Groups to manage access to apps? Do you have old Distribution Lists from a legacy Exchange environment and cringing recreating them in Exchange Online? Or worst you still have the dreaded Mail-enable Security Groups kicking around? Well Microsoft has finally come up with a solution to transfer these to Entra ID and THIS game changer is today’s ‘Bonus Edition’ #MicrosoftCloudQuickFix !!!

Bonus Edition

Contained within the July 31, 2025 Microsoft Entra Connect Update 2.5.76.0 is the listing for the added Group Source of Authority conversation feature (Public Preview) which will allow on a per Active Directory Group basis an administrator to transfer the Group Source of Authority from Windows Active Directory to Microsoft Entra ID. The per group basis allows for a nicely phased approach for the transfer!

You will need to make sure you upgrade your production and staging Microsoft Entra Connect servers in order to utilize this new capability which was also announced this week during the Microsoft Entra Suite Summer Camp

Screenshot from Entra ID Connect

Note: For Entra ID Cloud Sync you must be at minimum version 1.1.1370.0

Once you move the Active Directory Group Source of Authority to Entra ID you gain the ability to use the advanced modern identity governance capabilities such as Access Reviews, Entitlement Management, Group Expiration and Naming Policies, and Dynamic Group membership assignment all in that single Entra ID pane. You can then use Group Writeback if the group is needed to govern any on premises applications / resources. If need be you can rollback the Group Source of Authority from Entra ID back to Active Directory!

See what I mean about THIS is a game changer!

You can watch the demo from #Microsoft here:

This new capability is in Public Preview and rolling out worldwide in August 2025 and is included in Entra ID Free and Basic (and above) licensing however to take advantage of Access Reviews and Entitlement Management capabilities an Entra ID P2 license is needed.

I am certain I will have more to discuss about this new capability so stay tuned!

For more information see:

#MicrosoftCloudQuickFix #Microsoft365 #MicrosoftCloudSecurity #MicrosoftEntra #MicrosoftEntraID #WindowsActiveDirectory #ActiveDirectory #SecurityGroups #IdentityAccessManagement #IdentityGovernance #ExchangeOnline #ExchangeServer #DistributionList #MailEnabledSecurityGroup

Sept 2, 2022 – New Podcast Available

In this episode Ryan McKay and Andrew Lowes look at new Microsoft Entra portal for modern identity and access solutions.

URLs shown in today’s video podcast include:

Microsoft Entra | Microsoft Docs
Microsoft Entra – Secure Identities and Access | Microsoft Security
Microsoft Entra Datasheet
Microsoft Entra Admin Center

#Microsoft #Microsoft365 #MicrosoftEntra #MicrosoftIdentityandAccess #MicrosoftCloudSecurity #MicrosoftCloudQuickFix