|

Exchange Online Administration Fundamentals: A Beginner-Friendly Guide for Microsoft 365 Admins

ByTechieGeek

Exchange Online Administration Fundamentals

Exchange Online is the email and calendaring service in Microsoft 365.
You manage it very differently from traditional on-premises Exchange Server.

This guide walks through the core concepts you need as an administrator.

Exchange Online vs Exchange Server

Exchange Online

  • No visible servers
    • Microsoft runs the infrastructure.
    • You manage settings, not hardware or OS.
  • Mailbox size
    • Typically 50 GB (Plan 1) or 100 GB (Plan 2).
    • Size depends on the userโ€™s license.
  • Storage management
    • Microsoft handles disks, databases, and capacity planning.
    • You donโ€™t worry about SANs, LUNs, or database layout.
  • Updates
    • Service is updated automatically.
    • No patch weekends, no rollbacks, no CU planning.

Exchange Server (on-premises)

  • You manage:
    • Hardware or virtual hosts
    • OS and hypervisor
    • Exchange Server roles and databases
    • Storage sizing and growth
  • You must:
    • Plan and test updates
    • Maintain backup and recovery
    • Handle capacity and performance

In short: Exchange Online = managed cloud service; Exchange Server = you run everything.

Exchange Online Plans: Plan 1 vs Plan 2

Exchange Online Plan 1

(Also part of Microsoft 365 Business plans)

  • 50 GB mailbox per user
  • In-place archive mailbox
  • Access via:
    • Outlook desktop
    • Outlook on the web
    • Mobile Outlook apps
  • Individual and shared calendars
  • Exchange Online Protection (EOP) spam and malware filtering

Exchange Online Plan 2

(Part of Microsoft 365 Enterprise plans)

Includes everything in Plan 1, plus:

  • 100 GB mailbox
  • Unlimited archive with auto-expanding archive
  • Unified messaging (legacy voicemail integration)
  • Data Loss Prevention (DLP) for controlling sensitive data in email

Custom Domains and Mail Flow Basics

Custom Domain

You should add a custom domain (e.g., contoso.com) instead of only using tenant.onmicrosoft.com.

  • Email addresses become clearer: user@contoso.com
  • Looks professional and matches your brand
  • Needed for proper mail flow with external organizations

Mail Flow Components

You control how mail enters and leaves Exchange Online using:

  1. Connectors
    • Configure trusted mail paths.
    • Examples:
      • From Exchange Online โ†’ partner organization
      • From partner โ†’ your tenant
      • From Exchange Online โ†’ on-premises Exchange (hybrid)
  2. Mail flow rules (transport rules)
    • Apply conditions and actions to messages.
    • Examples:
      • Add a disclaimer for external emails
      • Route certain messages via a specific connector
      • Reject or redirect emails with specific recipients or keywords
  3. Microsoft Purview DLP
    • Policies that detect and control sensitive data (credit cards, IDs, etc.).
    • Can block, encrypt, or warn when users try to send sensitive info.

Tracking Email with Message Trace

Users will often say: โ€œMy email didnโ€™t arrive. Where is it?โ€

Message Trace helps you answer that.

You can:

  • Run default traces, such as:
    • Messages pending delivery
    • Quarantined messages (last 7 days)
    • Failed messages
  • Build custom queries:
    • Filter by sender, recipient, date range, status
    • Useful when you have a large volume of mail
  • Save frequent queries for reuse
  • Export downloadable reports for deeper analysis

Message Trace is a key troubleshooting tool for Exchange Online.

Admin Tools: Microsoft 365 Admin Center vs Exchange Admin Center

Microsoft 365 Admin Center

  • Best for everyday user management:
    • Create users
    • Assign licenses (including Exchange Online)
    • Basic mailbox settings for a user (aliases, forwarding, etc.)

Often, this is enough for many small environments.

Exchange Admin Center (EAC)

Use the Exchange Admin Center when you need deeper control:

  • Mailboxes, groups, resources, contacts
  • Mail flow and rules
  • Migration settings
  • Mobile device policies (for Exchange ActiveSync)
  • Public folders
  • Organization-wide settings

If something cannot be done in the Microsoft 365 admin center, you usually find it in the EAC.

PowerShell for Exchange Online

Some tasks are faster or only possible using PowerShell.

Required Modules (one-time per admin machine)

Install-Module Microsoft.Graph
Install-Module ExchangeOnlineManagement

Connect for Daily Administration

Connect-MgGraph -Scopes "User.Read.All, Group.ReadWrite.All"
Connect-ExchangeOnline

Once connected, you can use cmdlets like:

  • Get-Mailbox, Set-Mailbox
  • Get-DistributionGroup, New-DistributionGroup
  • New-RoleGroup, Add-RoleGroupMember

PowerShell is powerful for bulk changes and scripted automation.

Exchange Admin Roles and Role Groups

Use roles and role groups to control who can manage what.

Key Entra ID / Exchange Roles

  • Exchange Administrator
    • Full control of Exchange Online.
  • Exchange Recipient Administrator
    • Manage mailboxes and recipients only.
  • Global Administrator (Entra ID)
    • Full control over the entire tenant, including Exchange.
  • Global Reader
    • Read-only view of settings, no changes.

Built-in Role Groups (Exchange)

Examples:

  • Organization Management
  • Recipient Management
  • Compliance Management
  • Discovery Management
  • Help Desk
  • Hygiene Management
  • View-Only Organization Management
  • And more (e.g., Security Administrator, Security Operator, etc.)

Best practice:
Assign roles to groups, not directly to users.
Then add users to those groups so they inherit permissions.

Creating Custom Role Groups

You can create your own role groups for specific scenarios.

Example: Branch Office Admins (PowerShell)

New-RoleGroup -Name "BranchOfficeAdmins" `
  -Roles "Mail Recipients","Distribution Groups","Move Mailboxes","Mail Recipient Creation"

Then assign a member:

Add-RoleGroupMember -Identity "BranchOfficeAdmins" -Member "AdeleV"

In the Exchange Admin Center, youโ€™ll see:

  • The new role group
  • Assigned members
  • The roles (permissions) included

You can adjust permissions either in the EAC or via PowerShell.

Exchange User Roles and Role Assignment Policies

You can also delegate some control to end users:

  • User roles and role assignment policies define what users can manage themselves, such as:
    • Their own mailbox settings
    • Distribution groups they own
    • Some inbox rules, forwarding, etc.

This helps reduce help desk load while still keeping control.

LinkedInCopyPinterestRedditTelegramChatGPTSMS

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *