Jet Mariano

Tag: redacted

  • Exchange Online: Mailbox Used/Quota/Available (Redacted)

    Excerpt

    Exchange Online sometimes reports mailbox sizes with “Unlimited” wrappers that break simple math. Today I built a one-liner-friendly PowerShell snippet that returns Used GB, Quota GB, and Available GB—even when EXO wraps values in Unlimited<T>.

    Intro

    I needed the available mailbox size for [mailbox]@[domain] without exposing tenant internals. The usual TotalItemSize parsing failed because EXO returned Unlimited<ByteQuantifiedSize>. Here’s the redacted approach that works reliably and falls back cleanly.

    Notes from {Speaker}

    • Context: Exchange Online + PowerShell; target was [mailbox]@[domain].
    • Constraint: TotalItemSize and ProhibitSendQuota show Unlimited wrappers or localized strings.
    • Goal: Get UsedGB / QuotaGB / AvailableGB with no tenant secrets.

    Perspective (direct quotes)

    “If it’s Unlimited<T>, ask for .Value—and always guard with IsUnlimited.”
    “When objects don’t expose bytes, regex the (123,456 bytes) pattern as a fallback.”

    Practice (today, not someday)

    Use this redacted snippet. It works with Get-EXO* and falls back to classic cmdlets:

    # EXO connection (redacted UPN)
Connect-ExchangeOnline -UserPrincipalName [me] -ShowBanner:$false

$upn = '[mailbox]@[domain]'   # e.g., [email protected]

try {
  $stat = Get-EXOMailboxStatistics -Identity $upn -ErrorAction Stop
  $mbx  = Get-EXOMailbox           -Identity $upn -PropertySets Quota -ErrorAction Stop

  $usedBytes = if ($stat.TotalItemSize.PSObject.Properties.Name -contains 'Value') {
    [int64]$stat.TotalItemSize.Value.ToBytes()
  } else {
    [int64](([regex]::Match($stat.TotalItemSize.ToString(), '\(([\d,]+)\sbytes\)')).Groups[1].Value -replace ',','')
  }

  $quotaBytes = if ($mbx.ProhibitSendQuota -and `
                    ($mbx.ProhibitSendQuota.PSObject.Properties.Name -contains 'IsUnlimited') -and `
                    -not $mbx.ProhibitSendQuota.IsUnlimited) {
    [int64]$mbx.ProhibitSendQuota.Value.ToBytes()
  } elseif ($mbx.ProhibitSendQuota.ToString() -notmatch 'Unlimited') {
    [int64](([regex]::Match($mbx.ProhibitSendQuota.ToString(), '\(([\d,]+)\sbytes\)')).Groups[1].Value -replace ',','')
  } else { $null }
}
catch {
  $stat = Get-MailboxStatistics -Identity $upn
  $mbx  = Get-Mailbox           -Identity $upn
  $usedBytes  = [int64](([regex]::Match($stat.TotalItemSize.ToString(), '\(([\d,]+)\sbytes\)')).Groups[1].Value -replace ',','')
  $quotaBytes = if ($mbx.ProhibitSendQuota.ToString() -match 'Unlimited') { $null }
                else { [int64](([regex]::Match($mbx.ProhibitSendQuota.ToString(), '\(([\d,]+)\sbytes\)')).Groups[1].Value -replace ',','') }
}

$usedGB  = [math]::Round($usedBytes/1GB, 2)
$quotaGB = if ($quotaBytes) { [math]::Round($quotaBytes/1GB, 2) } else { $null }
$availGB = if ($quotaBytes) { [math]::Round(($quotaBytes-$usedBytes)/1GB, 2) } else { $null }

[pscustomobject]@{
  Mailbox            = $upn
  UsedGB             = $usedGB
  QuotaGB            = $quotaGB
  AvailableGB        = $availGB
  StorageLimitStatus = $stat.StorageLimitStatus
}

    Final Reflection

    EXO’s objects are powerful but quirky. Guarding for IsUnlimited, using .Value.ToBytes(), and keeping a regex fallback turns a flaky one-off into a repeatable tool.

    Pocket I’m Keeping

    Parse what’s there, not what you expect.” When APIs return wrapped or localized strings, a small fallback (regex for (#### bytes)) saves the day.

    What I Hear Now (direct quotes)

    “Measure in bytes, report in GB.”
    “Handle Unlimited first, then do math.”
    “One clean object out—every time.”

    Link to the Script

    Microsoft Exchange Online PowerShell (Get-EXOMailbox, Get-Mailbox) — official docs

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

  • Restoring Delivery Safely: SCL-1 + Tenant Allow/Block List

    Message trace + quarantine check (redacted): verified deliveries and deployed a Priority-0 SCL-1 allow rule for [partner-domain]

    Excerpt

    When a trusted partner’s emails started landing in spam (or nowhere at all), I traced the path, set a top-priority allow rule, and used Defender’s Allow/Block list to force clean delivery—without exposing internal details.

    Intro

    Today’s note is for admins who wear the on-call hat. Messages from [partner-domain] weren’t reaching our users. Some were quarantined as spam; others never showed. I documented the exact, reversible steps I used to restore delivery while keeping our environment safe and auditable. All vendor names, mailboxes, IPs, and hostnames are redacted.

    Notes from {Speaker}

    • Symptom: Mail from [partner-domain] was flagged/filtered; end users reported “not delivered” or “went to Junk.”
    • Tools used: Exchange Admin Center, Microsoft 365 Defender, Exchange Online PowerShell.
    • Constraints: Multiple legacy transport rules; need a change that’s surgical, auditable, and easy to roll back.
    • Guardrails: Prefer allowlisting at the domain + spoof layer (not blanket bypass for everything). Keep headers/SPF/DKIM intact for future tuning.

    Perspective (direct quotes)

    “No decision is a decision—so we’ll choose the safe, reversible one.”
    “Top-priority SCL-1 with Stop processing beats noisy downstream rules.”
    “If spoof intelligence is tripping, meet it where it lives: Tenant Allow/Block.”

    Practice (today, not someday)

    1) Triage — see what actually happened

    Connect-ExchangeOnline -UserPrincipalName [me] -ShowBanner:$false
Get-MessageTrace -StartDate (Get-Date).AddDays(-2) -EndDate (Get-Date) `
  -SenderAddress *@[partner-domain] |
  Select Received,SenderAddress,RecipientAddress,Status

# If quarantined:
Connect-IPPSSession
Get-QuarantineMessage -StartReceivedDate (Get-Date).AddDays(-2) `
  -EndReceivedDate (Get-Date) -SenderAddress *@[partner-domain]

    2) Create a top-priority transport rule to force deliver

    • Condition: Sender domain is [partner-domain]
    • Action: Set SCL to -1
    • Option: Stop processing more rules
    • Priority: 0 (top)

    PowerShell (redacted names):

    New-TransportRule -Name "Allow [partner-domain] (SCL-1)" `
  -SenderDomainIs "[partner-domain]" -SetSCL -1 -StopRuleProcessing $true -Priority 0

    3) Add an org-wide Allow (Defender)

    • Defender → Policies & rules → Tenant Allow/Block List
    • Domains & addresses → Add → Allow → [partner-domain]
    • If Message Trace shows Spoof/High Confidence Phish, also allow under Spoofing for the exact sending pair.

    4) (Optional) Anti-spam policy allow list

    • Anti-spam inbound policy → Allowed domains → add [partner-domain].

    5) Verify

    Get-TransportRule "Allow [partner-domain] (SCL-1)" |
  fl Name,Priority,State,SenderDomainIs,SetSCL,StopRuleProcessing

# Send a new test; re-run Get-MessageTrace to confirm Status = Delivered

    6) Longer-term hygiene (ask the sender)

    • Ensure SPF passes (include correct outbound hosts).
    • Turn on DKIM for their domain.
    • Align DMARC policy gradually (none → quarantine → reject) once stable.

    Final Reflection

    Most “email is broken” moments aren’t outages—they’re safety systems doing their job a bit too eagerly. The win is balancing protection with precision so real mail flows and risky mail doesn’t.

    Pocket I’m Keeping

    Put the SCL-1 allow rule with Stop Processing at the top. It’s decisive, reversible, and neutralizes noisy legacy rules downstream.

    What I Hear Now (direct quotes)

    “Measure twice, move to Priority 0 once.”
    “Don’t fight spoof intelligence—configure it.”
    “Document the rollback the same minute you deploy the fix.”

    • Microsoft 365 Defender — Tenant Allow/Block List (TABL)
    • Exchange Online — Transport rules (mail flow rules)
    • Message trace in the modern EAC
      (references listed for context; links omitted for privacy—add your preferred docs when publishing)

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

error: Content is protected !!