Notes: 11/21/2020
Just passed with 800.
Went back to dumps and this is valid:
microsoft.examcollection.ms-500.vce.dumps.2020-oct-25.by.paul.77q.vce
SSRP
- Writes-back required P1 or P2 License
- Two authentication methods required for AAD admin role
- Does not need to register least one mobile device (more than 1 way instead of mobile)
- Has to be turned on before to enforce
MD ATP > CAS = MD ATP PORTAL
WD ATP > ATP = Azure Portal
PIM
Acronyms:
Roles that allow view and manage assignments in Azure resource roles in PIM
SUB-RES
- Subscriber Reviewer
- Resource Administrator
Security Admin / Reader and PIM cannot view assignment by default to Azure Resources roles
Four actions you perform in sequence to enable customer lockbox.
ASP-CLA
- Sign into Admin.portal.com
- Select Security and Protection
- Select Customer Lockbox
- Ensure Approval is set to On
Three actions to enable Microsoft Defender ATP settings in SCC Dash
- Open Microsoft Defender Security Center
- Select Settings, General, Advanced Features
- Turn on Office 365 Threat Intelligence Conncetion
DATIC
- Defender
- Advance
- Threat Intelligence Connection
Four actions to provide personal data and providing copy to user.
- Assign eDiscovery permissions to potential case members
- Create DSR case
- Run the search query
- Export the data
ACRE
- Assign
- Create
- Run
- Export
Four actions to protection SPO with Cloud App Security (CAS) Conditional Access App Control (CAAC).
- In Azure Portal, Create Conditional Access Policy
- Set a policy to enforce Conditional Access App Control requirements
- In CAS Portal (CASP), create session
- Set Policy to block document print from non-corporate locations
AP,CAP,CAAC, CASP
- AP,CAP : Azure Portal, Conditional Access Policy
- CAAC: Conditional Access App Control
- CA(S)(P): CAS Portal (Session) (Policy)
Five actions to create schedule in Office 365 SCC to receive malware reports
- Sign into protection.office.com
- Go Reports & Dashboard
- Select Malware detected in email report icon
- Create schedule
- Create schedule and then Finish
P,RD,M, Create , Create , Finish
(PR,DM)
- P, protection.office.com
- RD, Report & Dashboard
- M, Malware
- Create Schedule
- Create Schedule
- Finish
Four actions to temporary unblock MFA request.
- Sign into work account at https://portal.azure.com
- Browse Azure Active Directory and Security
- Go MFA and select Block/Unblock
- Add, populate the replication group, user, and reason field, and click Ok.
PAAS,MBAR
- PA, portal.azure.com
- AS, active directory > security
- MB, MFA > Block/Unblock
- AR, Add user + Reason
Logs:
Security:
Application Logs: view Azure AD Connect events.
Labels:
Creating a Data Subject Request (DSR)
1. Create a Data Subject Request (DSR) case.
2. View the results.
3. Export the results.
4. Download the results. (Export and download are not the same. Export uploads search results to Azure Storage in preparation for downloading)
Records:
- “Records are disposed of after their stated retention period is past.”
- Mark the content as a record as part of the label settings, and always have proof of disposition when content is deleted at the end of its retention period. Source: https://docs.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide
SCC contains permission roles such as: eDiscovery Manager
Principles of retention: –
- Retention wins over deletion
- Longest retention period wins
- Explicit inclusion wins over implicit inclusion
- Shortest deletion period wins
From Microsoft Azure Active Directory (Azure AD), you create a security group named Group1. You add 10 users to Group1.
You need to apply app enforced restrictions to the members of Group1 when they connect to Microsoft Exchange Online from non-compliant devices, regardless of their location.
-
- From Azure portal, create conditional access policy and configure:
- Users and groups”, cloud apps and session settings”.
- From Exchange Online Remote Powershell session, run:
- New-OwaMailbox Police and Set-OWAMailboxPolicy
- How long after the Azure ATP cloud service is updated will Sensor1 be updated? 72Hrs
Setup Azure Advanced Threat Protection (ATP) and VPN
Configure an Accounting Provider : 1813
To Configure RADIUS Accounting on the VPN system, Perform the following steps on your RRAS server.
- Open the Routing and Remote Access console.
- Right-click the server name and click Properties.
- In the Security tab, under Accounting provider, select RADIUS Accounting and click Configure.
To enable VPN integration, make sure you set the following parameters:
- Open port UDP 1813 on your Azure ATP sensors and/or Azure ATP standalone sensors.
Microsoft Office 365 Attack simulator
- Your organization has Office 365 Threat Intelligence, with Attack simulator visible in the Security & Compliance Center (go to Threat management > Attack simulator)
- Your organization’s email is hosted in Exchange Online. (Attack simulator is not available for on-premises email servers.)
- You are a GA
- Your organization is using Multi-factor authentication for Office 365 users
Sign-in activity reports in the Azure Active Directory portal
Where to view which users have used an authenticator app to access SharePoint Online
- AAD-> Monitoring -> Sign-ins
- WHO: GA, Security Admins, Security Reader, Global Reader, Report Reader, SELF
- Enterprise applications blade of the Azure Active Directory admin center, view the sign-ins
Microsoft Defender for Office 365 (Office 365, ATP)
- Who gets access to ATP reports: Security & Compliance Center by going to Reports > Dashboard ?
- Organization Management
- Security Administrator
- Security Operator
- Security Reader
Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
- If no specific/selected approvers are selected, PIM admin or GA will become the default approvers.
- Privileged Role Administrator (default) can approve ALL activations
- GAs are not PIM admins (except for the first one who enabled PIM) and that you have to exclusively assign permissions.
- Only the Privileged Role Admins and the Global Admin who created it (who automatically becomes a PRA) are able to accept requests from eligible users.
Roles
0 – Security : No Data
1 – Basic : App installation / Updates
2 – Enhanced: Logs
3 – Full: Verbose Logs
S – Spam/Malware : 30 Days
M –
F – Mail Flow :
Azure AD Identity Protection (AIP) – MFA
MFA Registration (Azure AD P2 feature)
MFA is disabled. If User1 is part of a enforced group and exclusion group. Exclusion wins.
MFA is disabled. If User2 is part of a enforced group. User2 will be prompted for MFA.
\
Correct! User1: can access without MFA User is in Group2 which is excluded from policy, exclusion wins
User2: will be prompted for MFA Identity Protection or Conditional Access MFA setting override per-User MFA settings
UNC, Local, and Sharepoint
Cloud Access Security Portal > AIP Integration
MS-500 – Microsoft 365 Security Administration
Free course
https://www.fastlane.live/us_en/e-learning/microsoft-365-security-administrator-track.html
-
-
- Sign up and purchase the course (free)
-
Free Practice Test
https://www.examtopics.com/exams/microsoft/ms-500/
https://www.itexams.com/info/MS-500
Free Test Dumps:
https://master-exam.com/Microsoft/MS-500/
MS Office Pratice Test
https://www.measureup.com/ms-500-microsoft-365-security-administration.html
Skills measured
-
-
- Implement and manage identity and access (30-35%)
- Implement and manage threat protection (20-25%)
- Implement and manage information protection (15-20%)
- Manage governance and compliance features in Microsoft 365 (20-25%)
-
[IAM] Explaining Security Assertion Markup Language ( SAML 2.0 )
What is SAML?
Security Assertion Markup Language (SAML) is an open standard federation protocol.
- SAML was introduced in 2001
- SAML 2.0 superseded SAML in 2005
SAML protocol is used for authentication (AUTHN), and authorization (AUTHZ), and is often used for SSO (Single Sign-on) to web-based applications.
The SAML specification defines three entities or roles:
- The principal : typically a human user or USER Agent, such as a user’s internet browser
- Identify Provider (IdP)
- Service Provider (SP) : application or service your trying to access
A SAML federation is established (trust relationship) between the SP and IdP for SAML to work.
How SAML works
- User request access to SP
- SP must first authenticates with IdP
- Once user is successfully authenticated, Idp generates a SAML assertion
- The SAML assertion is then sent to the SP (trusted)
- Based on SAML assertion, SP makes a access control decision to decide to perform the service for the user.
- Since SP trusts the IdP, it will validates the assertion.
- Once SP authenticated to IdP, can SSO to other applications.
SAML flow:
- The IdP knows about your users and their attributes. The SP has its own knowledge about the users.
- When IdP generates an assertion, it populates with a user identifier (UID), and sends over to SP.
- IdP signs the assertion, so SP can verify the issuer of the assertion (trusted party)
- If successful, SP will read the UID and attempt to map session to the user in it’s inventory.
- IDP and SP meta data (XML file) exchange establishes the trust or federation
- The meta is contained in the XML (settings, configurations, and certificate of system)
- IdP dictates UID and SP must agree so SAML assertion can be mapped to user object at SP
- For example if email address is used as user id, SP and IdP must be configured to match to allow access.
SAML initiation flow:
There are two primary initiation SAML flows:
- IDP-Initiated flow.
- User starts by accessing the IDP
- IDP prompt’s user for authentication via User Agent to request service
- If authorized, IDP creates SAML assertion
- Using user agent > assertion is sent to SP via Post message (transport mechanism)
- SP verifies the SAML assertion and maps it to a user in its inventory
- SP than starts the session
- SP-Initiated flow
- User starts by reaching out to SP
- SP will redirect to User Agent for authentication against IDP (Request for authentication)
- Once validated, IDP will generate assertion
- IDP sends assertion to SP (IDP > User Agent > SP)
- SP than starts the session
[EXO] Inbox Rule Issues Post Migration
In some instances, users with client side rules may break as they do not get touched in the migration. For any client rules that reference a specific sender/folder/etc they will normally use X500/LegacyDN to identify conditions and will stop working.
- There is no set limit for the amount of Inbox rules a user can have.
- The amount of rules is dictated more ever by the rule size limit and limited to 256 KB total for all rules.
Each rule you create will take up space. The actual amount of space a rule uses depends on several factors, such as how long the name is and how many conditions you’ve applied. When you reach the 256 KB limit, you’ll be warned that you can’t create any more rules or that you can’t update a rule. You can’t increase the amount of space that’s allocated to store Inbox rules in Exchange Online, but you can decrease it to suit your business needs.
- There is no way to calculate the size for all rules (avg around 3kb for a basic rule)
Options:
- Recreate their rules entirely. Allows user to reorganize and customize their inboxes to their preference.
- Audit, review, and consolidate rules by exporting using below cmdlet:
|
1 |
Get-Mailbox <user> | Get-InboxRule| Select MailboxOwnerID,Name,@{n='Description';e={$_.Description -join ','}},Enabled,RedirectTo, MoveToFolder,ForwardTo| Export-Csv C:\temp\Output.csv -NoTypeInformation |
[EXO] Identifying Validation Errors
$errors = (Get-MsolContact –ObjectID <Object_ID>).Errors
$errors | foreach-object {“nService: " + $_.ErrorDetail.Name.split("/")[0]; "Error Message: "+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}
$errors = (Get-MsolGroup –ObjectID <Object_ID>).Errors
$errors | foreach-object {"nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: “+ $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}
$errors = (Get-MsolUser -UserPrincipalName “<User_ID>”).Errors
$errors | foreach-object {“`nService: ” + $_.ErrorDetail.Name.split(“/”)[0]; “Error Message: ” + $_.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription}
Get-MsolUser -HasErrorsOnly -All | ft DisplayName,UserPrincipalName,@{Name=”Error”;Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}} -AutoSize -wrap
https://support.microsoft.com/en-au/help/2741233/you-see-validation-errors-for-users-in-the-office-365-portal-or-in-the
|
1 2 3 4 5 6 7 8 9 |
$output = @() $usererr = Get-MsolUser -HasErrorsOnly Foreach ($user in $usererr) { $output += New-Object psobject -Property @{ user = $user.UserPrincipalName errordetail = $user.Errors.ErrorDetail.Name.split("/")[0] details = $user.Errors.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription} } $output | export-csv c:\temp\outpute.csv -NoTypeInformation |
|
1 2 3 4 5 6 7 8 |
function Get-MSOLUserWithValidationError { $usererr = Get-MsolUser -HasErrorsOnly Foreach ($user in $usererr) { Write-output $user.UserPrincipalName; "Service: "+ $user.Errors.ErrorDetail.Name.split("/")[0]; "Error Message: "+ $user.Errors.ErrorDetail.ObjectErrors.ErrorRecord.ErrorDescription +"`n" } } |
[EX2010] Identifying Cmd-let associated with Role, and who has it.
$Perms = Get-ManagementRole -Cmdlet remove-remotemailbox
$Perms | Foreach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-Table -Auto Role,RoleAssigneeType,RoleAssigneeName}
Role RoleAssigneeType RoleAssigneeName
—- —————- —————-
Mail Recipient Creation RoleGroup Recipient Management
Mail Recipient Creation RoleGroup Organization Management
Get-ManagementRoleAssignment -Role “Mail Recipient Creation”
get-rolegroupmember “organization management”
[EXO] The client and server cannot communicate, because they do not possess a common algorithm
- Windows Server 2008 can’t do beyond TLS 1.0.
- Newer versions can, but don’t have TLS 1.1 or 1.2 turned on by default.
- Best pratice to disable 1.0, 1.1 – mostly depreciated and not supported
Check supported protocols:
https://www.ssllabs.com/ssltest/index.html
Turn off TLS 1.0.1.1 and SSL
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 |
Enabling TLS 1.2 Use
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SystemDefaultTLSVersions with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v3.0 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.23026 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.5.1 REG_DWORD value of: SchUseStrongCrypto with a value of 1 HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 REG_DWORD value of: SchUseStrongCrypto with a value of 1 |
[EXO][EX2010] Removing dual mailboxes
Ensure you have a user mailbox backup prior to starting the following process as there is potential risk of data loss. Options are to have a third party solution to perform a mailbox backup or export to PST (see new-mailboxexport cmdlet).
- Capture relevant information from on-premise exchange and exchange online.
- Grab the mailbox information (primary and archive) to help determine which mailbox is active and which one to disable (remove)
- get-mailboxstatistics <user>
- get-mailboxstatistics <user> -archive
- get-exomailboxstatistics (exo ps v2)
- Grab the x500 address (legacydn)
- Grab GUID information
- get-recipient <user> | fl *guid*
- Grab the mailbox information (primary and archive) to help determine which mailbox is active and which one to disable (remove)
- Determine which mailbox is active and which one to disable (remove) –
- Removing the on-premise mailbox will require you to delete and recreate the remote mailbox – an object on-premise will need to represent the object on exchange for remote routing.
- Disable the on-premise mailbox – do not remove, or you will remove the AD user object:
- disable-mailbox <user>
- If litigation hold is enabled, you will need to disable the hold, then disable the mailbox.
- Recreate the remote mailbox on-premise
- Enable-RemoteMailbox -Identity <user> -RemoteRoutingAddress “<user>@<tenant>.mail.onmicrosoft.com”
- Associate the GUID and x500 for sync and mail routing:
- Set-RemoteMailbox -exchangeguid <exchange guid> -archiveguid <archive guid> -EmailAddresses X500: <x500>
- Disable the on-premise mailbox – do not remove, or you will remove the AD user object:
- Removing the cloud mailbox
- Remove the user from Office 365 and resync with AD sync.
- remove-msoluser <user>
- remove-msoluser <user> -removefromrecyclebin -force
- Clearing the previous mailbox information
- Set-User <user> -PermanentlyClearPreviousMailboxInfo
- Remove the user from Office 365 and resync with AD sync.
- Removing the on-premise mailbox will require you to delete and recreate the remote mailbox – an object on-premise will need to represent the object on exchange for remote routing.
Accidentally deleted a on-premise mailbox?
- Identify where the disconnected or soft deleted mailbox is.
- $dbs = Get-MailboxDatabase $dbs | foreach {Get-MailboxStatistics -Database $_.DistinguishedName} | where {$_.DisconnectReason -eq “Disabled”} | Format-Table DisplayName,Database,DisconnectDate
- Reconnect the mailbox
- Connect-Mailbox -Identity “<identity>” -Database <database> -User “<user>” -Alias <alias>
Accidentally deleted the on-premise user, but need to restore the data to cloud mailbox?
- Create a new temporary mailbox on-premise to restore the data to.
- Identify where the disconnected or soft deleted mailbox is.
- $dbs = Get-MailboxDatabase $dbs | foreach {Get-MailboxStatistics -Database $_.DistinguishedName} | where {$_.DisconnectReason -eq “Disabled”} | Format-Table DisplayName,Database,DisconnectDate,*guid*
- Restore the primary and archive data to the temporary mailbox
- New-MailboxRestoreRequest -SourceStoreMailbox <mailbox guid> -SourceDatabase <database> -TargetMailbox <mailbox> -AllowLegacyDNMismatch
- New-MailboxRestoreRequest -SourceStoreMailbox<mailbox guid> -SourceDatabase <database> -TargetMailbox <mailbox> -TargetIsArchive
- Export the data to PST (requires rights)
- New–ManagementRoleAssignment –Role “Mailbox Import Export” –User Administrator
- New-MailboxExportRequest -Mailbox <mailbox> -FilePath <path>
- New-MailboxExportRequest -Mailbox <mailbox> -FilePath <path> -isarchive
- Ensure the Exchange Trust Subsystem group has read/write permissions to path
- Check status:
- Get–MailboxExportRequest | where {$_.status –eq “Completed”}
- Remove job:
- Get-MailboxRestoreRequest -Status Completed | Remove-MailboxRestoreRequest
- Get-MailboxRestoreRequest -Status Failed | Remove-MailboxRestoreRequest
- Import to mailbox:
- In Outlook with Exchange Online Mailbox, you can import directly – ensure you do not copy duplicates.
[EX2010][EXO] Forwarding Address Export and Import
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
#Load Exchange 2010 Module Add-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 -ErrorAction SilentlyContinue #Setup Variables $Filename = "C:\temp\tasks\fowarding_address\export.csv" $header = "UPN,ForwardingSmtpAddress,DeliverToMailboxAndForward" $header | Out-File $Filename #Grab Data $Users = Get-Mailbox -ResultSize Unlimited -Filter { (ForwardingAddress -ne $null) -or (ForwardingSmtpAddress -ne $null) } ForEach ($User in $Users) { if ($user.ForwardingSmtpAddress -ne $null) { $forwardingSmtpAddress = $user.ForwardingSmtpAddress $DeliverToMailboxAndForward = $User.DeliverToMailboxAndForward.ToString() $logstring = "$($user.PrimarySmtpAddress),$($forwardingSmtpAddress),$($DeliverToMailboxAndForward)" $logstring | Out-File $Filename -Append } else { if ($user.ForwardingAddress -ne $null) { $forwardingContact = $user.ForwardingAddress $forwardingContactAddress = (Get-Recipient $forwardingContact).PrimarySmtpAddress $DeliverToMailboxAndForward = $User.DeliverToMailboxAndForward.ToString() $logString = "$($user.PrimarySmtpAddress),$($forwardingContactAddress),$($DeliverToMailboxAndForward)" $logString | Out-File $Filename -Append } } } #Remove Exchange 2010 Module Remove-PSSnapin Microsoft.Exchange.Management.Powershell.E2010 #Connect to Exchange Online $username = "<user name>" $targetdir = (dir $env:LOCALAPPDATA”\Apps\2.0\” -Include CreateExoPSSession.ps1,Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse | Group Directory | ? {$_.Count -eq 2}).Values | sort LastWriteTime -Descending | select -First 1 | select -ExpandProperty FullName import-Module $targetdir\CreateExoPSSession.ps1 $PasswordFile = "Password.txt" $KeyFile = "AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) connect-exopssession -credential $MyCredential #Reapply forwarding to migrated EXO mailboxes $Users = Import-Csv $Filename ForEach ($user in $users) { $DeliverToMailboxAndForward = [System.Convert]::ToBoolean($User.DeliverToMailboxAndForward) Set-Mailbox -Identity $($user.UPN) -DeliverToMailboxAndForward $DeliverTomailboxAndForward -ForwardingSmtpAddress $($user.ForwardingSmtpAddress) -whatif } #Kill Session and Remove Module Get-PSSession | Remove-PSSession Get-Module | Remove-Module |
Single mailbox export to PST file
Add member of a role group which has the Mailbox Import Export role
|
1 |
New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "<user name or alias>" |
Export primary mailbox:
|
1 |
New-MailboxExportRequest -Mailbox <user> -FilePath \\<server FQDN>\<shared folder name>\<PST name>.pst |
Export archive mailbox:
|
1 |
New-MailboxExportRequest -Mailbox <user> -FilePath \\<server FQDN>\<shared folder name>\<PST name>.pst -isarchive |
More details