This chapter covers Exchange Online administration, a critical component of the Microsoft 365 ecosystem. For the MS-102 exam, approximately 15-20% of questions touch on Exchange Online topics, including mailbox management, transport rules, anti-spam, and compliance features. You will learn how to configure and manage Exchange Online recipients, policies, and security settings, as well as how to troubleshoot common issues. Mastery of these concepts is essential for any Microsoft 365 administrator.
Jump to a section
Exchange Online is like a large post office serving a city. Each mailbox is a personal PO box. The post office has a central sorting facility (the Exchange Online service) that receives all incoming mail from external senders. When a letter arrives, the sorting facility checks the address against a directory (Azure AD) to find the correct PO box. But before delivering, it applies rules: if the sender is on a blocked list (spam filter), the letter is thrown away. If the recipient has a rule to forward all mail to another address, the letter is redirected. If the recipient is out of the office, an automatic reply is sent back. The post office also has a fleet of delivery trucks (transport service) that move mail between different post office branches (Exchange servers in different datacenters). Administrators manage the post office by setting policies: mailbox size limits, retention policies (how long to keep letters before shredding), and permissions (who can open which PO box). Users can access their PO box via a web portal (Outlook on the web) or a mobile app (Outlook mobile). The postmaster (Exchange admin) can also place a legal hold on a mailbox, preventing deletion of any letters for compliance purposes. This entire system is highly available — if one sorting machine fails, another takes over automatically (DAG). The post office also encrypts letters in transit (TLS) and at rest (encryption at rest).
What is Exchange Online?
Exchange Online is the cloud-hosted messaging platform within Microsoft 365. It provides email, calendaring, contacts, and tasks, with a focus on high availability, security, and compliance. It is built on the same core technology as Exchange Server 2019 but is managed by Microsoft. Administrators manage Exchange Online through the Exchange admin center (EAC) or Exchange Online PowerShell (EXO V2 module).
Mailbox Types and Recipients
Exchange Online supports several recipient types: - User Mailbox: Assigned to a user with a Microsoft 365 license. It contains email, calendar, contacts, and tasks. - Shared Mailbox: Used by multiple users for a common purpose (e.g., info@contoso.com). Requires no license but needs at least one licensed user to access it. Maximum size is 50 GB (shared mailboxes can be increased to 100 GB with an appropriate license). - Resource Mailbox: For rooms or equipment. Can be Room Mailbox (for meeting rooms) or Equipment Mailbox (for projectors, etc.). They can accept or decline meeting requests automatically based on policies. - Mail-Enabled User: A user who has an external email address and is represented in the GAL (Global Address List). No mailbox in Exchange Online. - Mail-Enabled Contact: Similar to mail-enabled user but typically for external contacts. - Mail-Enabled Public Folder: A public folder that can receive email. Public folders are hierarchical and used for shared access. - Distribution Group: A mail-enabled group used to send email to multiple recipients. Can be security groups or distribution groups. - Microsoft 365 Group: Modern group with a shared mailbox, calendar, and other collaboration features. - Dynamic Distribution Group: A distribution group whose membership is calculated based on recipient filters and conditions.
Mailbox Creation and Licensing
Every mailbox requires a license (except shared mailboxes when accessed by licensed users). The license determines the mailbox size: - Exchange Online Plan 1: 50 GB mailbox, 50 MB message size limit. - Exchange Online Plan 2: 100 GB mailbox, 150 MB message size limit. - Exchange Online Kiosk: 2 GB mailbox, 30 MB message size limit. - Exchange Online Archiving: Additional 100 GB archive mailbox (auto-expanding up to 1.5 TB). Mailboxes are created automatically when a user is assigned an Exchange Online license. Administrators can also create mailboxes for users without licenses (e.g., shared mailboxes) but they must be licensed for access.
Mail Flow and Transport
Mail flow in Exchange Online involves several components: - Inbound Mail: External senders deliver mail to Exchange Online via SMTP. The message passes through the Edge Transport service for anti-spam and anti-malware scanning, then to the Mailbox Transport service for delivery. - Outbound Mail: Messages from users are submitted to the Mailbox Transport service, then to the Front End Transport service, which routes them to external recipients via SMTP. - Connectors: Customize mail flow. Inbound connectors allow receiving mail from specific IP ranges or with specific TLS requirements. Outbound connectors route mail to on-premises servers or third-party services. - Accepted Domains: Domains for which Exchange Online accepts email. Must be verified in Microsoft 365. - Remote Domains: Settings for mail sent to specific external domains (e.g., out-of-office replies, message format). - Transport Rules: Also known as mail flow rules. Apply conditions and actions to messages in transit. For example, block messages with specific keywords, add disclaimers, or encrypt messages. Evaluate messages after anti-spam but before delivery. - Message Trace: Tool to track the path of a message as it flows through Exchange Online. Useful for troubleshooting.
Anti-Spam and Anti-Malware
Exchange Online Protection (EOP) provides built-in anti-spam and anti-malware. Key components: - Connection Filtering: Blocks IP addresses from known spam sources (IP Allow List, IP Block List). - Spam Filtering: Uses machine learning to classify messages as spam, high-confidence spam, phishing, or bulk email. Actions: move to Junk Email folder, quarantine, reject, or delete. - Outbound Spam Filtering: Monitors outgoing mail for spam patterns. If a user sends too many spam messages, they may be blocked from sending. - Anti-Malware: Scans attachments and links. Malware is removed or the entire message is quarantined. - Quarantine: Stores messages that are flagged as spam, malware, or phishing. Admins and users can review and release messages. - Spoof Intelligence: Detects and handles spoofed senders. - Advanced Threat Protection (ATP): Available in Microsoft 365 E5 or as an add-on. Includes Safe Attachments, Safe Links, anti-phishing, and spoof settings.
Compliance and Retention
Exchange Online integrates with Microsoft Purview compliance portal: - Retention Policies: Assign retention tags to folders or entire mailboxes to automatically delete or archive messages after a specified period. - Litigation Hold: Place an entire mailbox on hold, preserving all content including deleted items. - In-Place Hold: Preserve items that match a query (e.g., all messages from a specific sender). - eDiscovery: Search and export mailbox content for legal or compliance purposes. - Journaling: Record all email communications (including Bcc and replies) and send copies to a journaling mailbox. - Message Encryption: Azure Information Protection (AIP) allows encrypting emails with rights management. - Data Loss Prevention (DLP): Policies that detect sensitive information (e.g., credit card numbers) and take action (block, notify, etc.).
Client Access and Mobility
Users can access Exchange Online via: - Outlook on the web (OWA): Web-based client. - Outlook desktop: MAPI over HTTP. - Outlook mobile: Exchange ActiveSync (EAS). - POP3/IMAP4: Legacy protocols, can be enabled or disabled per user. - SMTP AUTH: For sending email from devices or applications. Administrators control client access via: - Outlook on the web mailbox policies: Settings for OWA features (e.g., calendar, contacts). - Mobile device mailbox policies: Security settings for mobile devices (e.g., require PIN, encryption). - CAS (Client Access Service) settings: Enable/disable protocols.
High Availability and Disaster Recovery
Exchange Online is built on a multi-tenant architecture with built-in redundancy: - Database Availability Groups (DAGs): Up to 16 copies of a mailbox database across multiple datacenters. Automatic failover within seconds. - Data Redundancy: Each mailbox database has three copies (primary, secondary, and lagged copy). - Backup: Microsoft performs regular backups. Administrators can recover deleted items (up to 30 days) and deleted mailboxes (up to 30 days). - Service Health: Monitor via Microsoft 365 admin center or Service Health API.
Exchange Management Tools
- Exchange admin center (EAC): Web-based GUI for most administrative tasks. - Exchange Online PowerShell: Use the EXO V2 module for advanced automation. Example commands:
Connect-ExchangeOnline
Get-Mailbox -Identity user@contoso.com
Set-Mailbox -Identity user@contoso.com -ProhibitSendQuota 49GB
New-TransportRule -Name "BlockCreditCard" -SubjectContainsWords "credit card" -RejectMessageReason "Credit card info not allowed"Microsoft 365 admin center: Basic user and license management.
Microsoft Purview compliance portal: For compliance features.
Common Configuration Tasks
Set mailbox quotas: Use Set-Mailbox -Identity user -ProhibitSendQuota 49GB -ProhibitSendReceiveQuota 50GB -IssueWarningQuota 48GB.
Create a shared mailbox: Use New-Mailbox -Shared -Name "Support" -DisplayName "Support" -PrimarySmtpAddress support@contoso.com.
Enable litigation hold: Set-Mailbox -Identity user -LitigationHoldEnabled $true.
Configure a transport rule: In EAC, go to mail flow > rules.
Manage anti-spam policies: In EAC, go to protection > spam filter.
Run a message trace: In EAC, go to mail flow > message trace.
Interaction with Other Services
Exchange Online integrates with: - Azure AD: User identities, groups, and authentication. - Teams: Calendar integration, channel email. - SharePoint: Email to SharePoint libraries. - OneDrive: Attachments can be stored as links. - Power Platform: Use connectors for workflows. - Microsoft 365 Groups: Each group has a mailbox.
Exam-Relevant Details
Default message size limit: 25 MB for Exchange Online Plan 1, 35 MB for Plan 2 (can be increased up to 150 MB with custom settings).
Default mailbox size: 50 GB Plan 1, 100 GB Plan 2.
Archive mailbox: 100 GB initially, auto-expanding up to 1.5 TB.
Retention period for deleted items: 14 days by default, can be extended to 30 days.
Litigation hold: Preserves all content, including deleted items and versions.
Transport rules: Up to 300 rules per tenant.
Distribution group: Maximum 100,000 members per group.
Dynamic distribution group: Membership recalculated every 24 hours.
Shared mailbox: Maximum 50 GB (can be increased to 100 GB with license).
Create a Shared Mailbox
Open the Exchange admin center (EAC) at https://admin.exchange.microsoft.com. Navigate to Recipients > Mailboxes. Click 'Add a shared mailbox'. Fill in the required fields: Display name, Email address (e.g., info@contoso.com). Optionally, assign a license if the mailbox exceeds 50 GB. After creation, assign permissions by clicking the mailbox, then 'Mailbox delegation'. Grant Full Access and Send As permissions to users who need them. Finally, add the mailbox to Outlook using 'Add account' in Outlook desktop. The shared mailbox will appear automatically for users with Full Access.
Configure a Mail Flow Rule
In EAC, go to Mail flow > Rules. Click 'Add a rule'. Choose a template or create a custom rule. For example, to block messages with 'credit card' in the subject, set condition: 'The subject contains' and value 'credit card'. Set action: 'Reject the message and include an explanation'. Provide a rejection reason. Optionally, set exceptions and priority. The rule is applied after anti-spam scanning. Test the rule using the 'Test' button before enabling. Rules can be ordered; the highest priority rule applies first.
Place a Mailbox on Litigation Hold
In EAC, go to Recipients > Mailboxes. Select the user mailbox. Click 'Manage mailbox litigation hold'. Toggle 'Litigation hold' to On. Optionally, set a hold duration (e.g., 365 days). If no duration is set, items are held indefinitely. Click Save. Alternatively, use PowerShell: `Set-Mailbox -Identity user -LitigationHoldEnabled $true -LitigationHoldDuration 365`. This preserves all mailbox content, including deleted items and previous versions. To release the hold, toggle off or use `$false`.
Run a Message Trace
In EAC, go to Mail flow > Message trace. Click 'Start a trace'. Enter the sender and/or recipient email addresses. Set a date range (default last 48 hours). Optionally, refine by delivery status (e.g., Delivered, Failed). Click 'Search'. Results show the message path, including events like 'Received by', 'Filtered', 'Delivered'. Click a message to see details such as the original IP, spam score, and transport rule matches. This helps diagnose delivery failures or delays.
Enable Archive Mailbox
In EAC, go to Recipients > Mailboxes. Select the user mailbox. Click 'Manage mailbox archive'. Toggle 'Archive' to On. Click Save. The archive mailbox appears in Outlook as an additional mailbox. By default, the archive is 100 GB and auto-expands up to 1.5 TB if needed. To enable archiving via PowerShell: `Enable-Mailbox -Identity user -Archive`. Users can move items manually or use retention policies to auto-archive items older than a specified period.
In a typical enterprise deployment, Exchange Online serves as the primary email system for thousands of users. For example, a company with 5,000 employees uses Exchange Online Plan 2 mailboxes with 100 GB each. They enable litigation hold for all executives to preserve emails for compliance. They create shared mailboxes for departments like HR (hr@company.com) and IT (support@company.com), each assigned to 10 users with Full Access permissions. To secure sensitive data, they configure DLP policies that block credit card numbers in emails and encrypt messages with sensitive content. They also set up transport rules to add a legal disclaimer to all external emails.
Another scenario involves a merger. The company needs to migrate on-premises Exchange mailboxes to Exchange Online. They use a hybrid deployment with the Hybrid Configuration Wizard. They set up a shared namespace (contoso.com) and configure connectors for secure mail flow between on-premises and cloud. They use the Migration Exchange admin center to move mailboxes in batches. During migration, they monitor message traces to ensure no mail is lost.
A third scenario: a university uses Exchange Online for 20,000 students and faculty. They create room mailboxes for all meeting rooms and equipment mailboxes for projectors. They use dynamic distribution groups for departments (e.g., all faculty in the Engineering department). They enable anti-spam policies with aggressive filtering to protect students from phishing. They also configure mobile device mailbox policies to require a PIN and encryption on all mobile devices accessing email.
Common problems include: users exceeding mailbox quotas (solved by increasing quota or enabling archive), mail flow issues due to incorrect connectors (solved by testing connectors and using message trace), and spam false positives (solved by allowing specific senders in the spam filter). Administrators must regularly monitor service health and review audit logs for security incidents.
The MS-102 exam tests Exchange Online administration under objective 1.4 (Tenant Management). Key areas: - Mailbox types and creation: Know the differences between user, shared, resource, and mail-enabled users. Understand licensing requirements. - Mail flow: Understand connectors, accepted domains, transport rules, and message trace. Be able to troubleshoot undelivered messages. - Anti-spam and anti-malware: Know default settings (e.g., spam threshold, quarantine retention). Understand the difference between EOP and ATP. - Compliance: Litigation hold, retention policies, eDiscovery, and DLP. Know how to place a hold and how long deleted items are retained (14 days default, up to 30). - Client access: OWA policies, mobile device policies, and protocol settings.
Common wrong answers: 1. 'Shared mailboxes require a license' — WRONG. Shared mailboxes do not require a license, but each user accessing them must have a license. 2. 'Transport rules are applied before anti-spam' — WRONG. Transport rules are applied after anti-spam filtering. 3. 'Litigation hold preserves only items that match a query' — WRONG. Litigation hold preserves all mailbox content, not a subset. 4. 'The default message size limit is 150 MB' — WRONG. Default is 25 MB for Plan 1, 35 MB for Plan 2. The maximum configurable is 150 MB.
Edge cases:
A user with an Exchange Online Kiosk license has a 2 GB mailbox. Archiving is not available for Kiosk.
Dynamic distribution groups recalculate membership every 24 hours; changes to filters take up to 24 hours to reflect.
When a mailbox is on litigation hold, the recoverable items folder has a quota of 30 GB by default.
Eliminating wrong answers: Focus on the underlying mechanism. For example, if a question asks about preserving all email for a legal case, the answer is litigation hold, not retention policy (which can delete items after a period). If a question asks about blocking emails with sensitive data, the answer is DLP, not transport rule (though transport rules can also block, DLP is specifically for sensitive data).
Exchange Online supports user, shared, resource, mail-enabled user, and distribution group recipient types.
Shared mailboxes do not require a license; accessing users must be licensed.
Default mailbox size: 50 GB (Plan 1) or 100 GB (Plan 2).
Default message size limit: 25 MB (Plan 1) or 35 MB (Plan 2); max configurable 150 MB.
Transport rules are evaluated after anti-spam filtering.
Litigation hold preserves all mailbox content indefinitely.
Deleted items retention: 14 days default, extendable to 30 days.
Anti-spam uses connection filtering, spam filtering, and outbound spam filtering.
Dynamic distribution groups recalculate membership every 24 hours.
Use Exchange admin center or Exchange Online PowerShell for management.
These come up on the exam all the time. Here's how to tell them apart.
User Mailbox
Assigned to a single user with a license.
Contains personal email, calendar, contacts, tasks.
Default size 50 GB (Plan 1) or 100 GB (Plan 2).
User can send and receive as themselves.
Cannot be accessed by multiple users simultaneously without delegation.
Shared Mailbox
No license required, but each accessing user needs a license.
Used for shared access (e.g., info@contoso.com).
Default size 50 GB (can be increased to 100 GB with license).
Users must be granted Full Access and Send As permissions.
Designed for multiple users to access the same mailbox.
Mistake
A shared mailbox requires its own license.
Correct
Shared mailboxes do not require a license. However, each user who needs to access the shared mailbox must have an Exchange Online license (or be an on-premises user in a hybrid scenario). The shared mailbox is free but limited to 50 GB (or 100 GB with an appropriate license).
Mistake
Transport rules are evaluated before anti-spam filtering.
Correct
Transport rules are evaluated after anti-spam filtering. The order is: connection filtering, spam filtering, malware filtering, then transport rules. This means transport rules cannot override a spam verdict (e.g., a message marked as spam will not be processed by a transport rule that would otherwise allow it).
Mistake
Litigation hold preserves only emails that match a specific query.
Correct
Litigation hold preserves all mailbox content, including all email items, calendar items, contacts, tasks, and deleted items. It is an 'all-or-nothing' hold. If you need to preserve only specific items, use In-Place Hold or retention policies with conditions.
Mistake
The default message size limit is 150 MB.
Correct
The default maximum message size for sending and receiving in Exchange Online is 25 MB for Exchange Online Plan 1 and 35 MB for Plan 2. The maximum configurable limit is 150 MB, but this must be set via PowerShell or EAC. Most tenants leave it at default.
Mistake
Dynamic distribution groups update membership instantly when the filter changes.
Correct
Dynamic distribution groups recalculate membership every 24 hours. Changes to the filter or underlying user attributes take up to 24 hours to reflect in the group. To force an immediate update, you can run `Set-DynamicDistributionGroup -Identity <Group> -ForceRecipientFilterUpdate` in PowerShell.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
In the Exchange admin center, go to Recipients > Mailboxes and click 'Add a shared mailbox'. Enter the display name and email address. After creation, assign Full Access and Send As permissions to users. No license is required for the shared mailbox itself, but each user accessing it must have an Exchange Online license.
Litigation hold preserves all mailbox content indefinitely (or for a specified duration) and cannot be bypassed by users. Retention policies can automatically delete or archive items after a specified period based on tags. Litigation hold is used for legal preservation; retention policies are for lifecycle management. Both can be applied simultaneously.
You can enable an archive mailbox, which provides an additional 100 GB (auto-expanding up to 1.5 TB). For the primary mailbox, the maximum size is 100 GB (Plan 2). You cannot increase the primary mailbox beyond 100 GB. Alternatively, consider using shared mailboxes for shared storage.
A 5.7.1 error typically indicates that the message was rejected by a transport rule or anti-spam policy. Use message trace to see the specific reason. Check if a transport rule is blocking the message, or if the sender is on a block list. Also verify that the recipient's mailbox is not full or that the message size does not exceed limits.
Yes, you can use the Exchange Online PowerShell V2 module (EXO V2). Install the module and run `Connect-ExchangeOnline` with a global admin account. Then use commands like `Get-Mailbox`, `Set-Mailbox`, `New-TransportRule`, etc. Note that some commands require specific permissions.
The default retention period for deleted items (including items in the Deleted Items folder and recoverable items) is 14 days. This can be extended to up to 30 days using `Set-Mailbox -RetainDeletedItemsFor 30`. After that, items are permanently deleted and cannot be recovered by the user or admin.
In the Exchange admin center, go to Recipients > Mailboxes, select the user, and click 'Manage mailbox archive'. Toggle archive on. Alternatively, use PowerShell: `Enable-Mailbox -Identity user -Archive`. The archive appears in Outlook as an additional mailbox. Default archive size is 100 GB, auto-expanding up to 1.5 TB.
You've just covered Exchange Online Administration — now see how well it sticks with free MS-102 practice questions. Full explanations included, no account needed.
Done with this chapter?