Microsoft Exchange Online Cheat Sheet

A cloud-based messaging and collaboration service in Microsoft 365 that provides email, calendar, contacts, and tasks through hosted Exchange Server technology. It enables organizations to deliver enterprise-grade communication without managing on-premises infrastructure.

• Part of Microsoft 365 (formerly Office 365) — available as a standalone plan or bundled with Microsoft 365 subscriptions.
• Integrates with Outlook (desktop, web, mobile), Microsoft Teams, Microsoft Purview, and Microsoft Entra ID.
• Managed through the Exchange Admin Center (EAC) and Microsoft 365 Admin Center.
• Backed by Microsoft’s globally distributed datacenters with 99.9% SLA uptime guarantee.

CORE COMPONENTS

1. Mailbox Types

• User Mailbox

• • Primary mailbox assigned to a licensed user in Microsoft 365.
  • Includes email, calendar, contacts, tasks, and notes.
  • Storage: 50 GB (Exchange Online Plan 1) or 100 GB (Exchange Online Plan 2 / M365 E3/E5).

• Shared Mailbox

• • A mailbox accessible by multiple users without individual licensing.
  • No direct sign-in; users access it through their own licensed mailbox.
  • Free up to 50 GB; requires Exchange Online Plan 2 license for up to 100 GB.
  • Supports Send As and Send on Behalf permissions.

• Resource Mailbox

• • Room Mailbox — represents a meeting room; accepts/declines calendar invitations.
  • Equipment Mailbox — represents a shared resource (e.g., projector, company car).

• Archive Mailbox (In-Place Archive)

• • Secondary mailbox for storing older emails and freeing primary mailbox space.
  • Requires Exchange Online Plan 2 or Microsoft 365 E3/E5.
  • Accessible via Outlook or Outlook on the Web (OWA).

• Discovery Mailbox

• • Used by eDiscovery managers to hold the results of In-Place eDiscovery searches.

• Public Folder Mailbox

• • Stores public folder content in a hierarchical structure.
  • Accessible to authorized users across the organization.

2. Mail Flow & Transport

• Mail flow in Exchange Online is managed through connectors and transport rules.
• Inbound Connector — controls how email is received from external or on-premises sources.
• Outbound Connector — controls how Exchange Online routes email to external servers.
• Mail Flow Rules (Transport Rules) — apply policies on email in transit (e.g., add disclaimers, redirect messages, block keywords, enforce encryption).
• Mail flow rules are made up of Conditions, Exceptions, and Actions.
• SMTP relay is supported through Microsoft 365 using connectors.
• High Volume Email (HVE) — Public Preview feature for sending large-volume emails to internal recipients without recipient rate limits (designed for line-of-business apps).
• Supports SMTP AUTH for legacy application relay scenarios.

3. Calendar & Scheduling

• Provides full calendar functionality, including meeting scheduling, free/busy lookup, and recurring appointments.
• Shared Calendars allow teams to view and manage group availability.
• Calendar delegation allows users to grant others access to manage their calendars.
• Resource scheduling through Room and Equipment Mailboxes supports auto-accept/decline booking policies.
• Integrates with Microsoft Teams for meeting creation and join links.
• Calendar sharing supports cross-organization and external sharing configurations.

4. Contacts & Address Lists

• Global Address List (GAL) — automatically generated directory of all recipients in the organization.
• Address Book Policies (ABP) — segment address lists by department, region, or business unit.
• Offline Address Book (OAB) — downloaded copy of address lists for use in cached Exchange mode.
• Mail Contacts — external recipients listed in the GAL without a mailbox.
• Mail Users — external users with credentials who can sign in but whose primary mailbox is outside the organization.
• Distribution Groups — email-enabled groups for sending to multiple recipients.
• Mail-Enabled Security Groups — function like distribution groups but are also used for access control.
• Dynamic Distribution Groups — membership auto-populated based on recipient filter rules.
• Microsoft 365 Groups — modern groups integrating email, calendar, Teams, and SharePoint.

EXCHANGE ADMIN CENTER (EAC)

• The Exchange Admin Center (EAC) is the web-based management portal for Exchange Online.
• Accessible at: https://admin.exchange.microsoft.com
• Key management areas in the EAC:

• • Recipients — Manage mailboxes, groups, resources, contacts, and migration.
  • Mail Flow — Configure rules, remote domains, connectors, and message trace.
  • Migration — Manage migration batches from on-premises, IMAP, or other Exchange environments.
  • Public Folders — Manage public folder mailboxes and folder hierarchy.
  • Reports — View mail flow summaries, inbound/outbound reports, and top senders/recipients.
  • Insights — Proactive recommendations for mail flow configuration improvements.
  • Classic EAC — Legacy Exchange admin interface, being phased out in favor of the modern EAC.

• Exchange Admin Center requires an Exchange Administrator or Global Administrator role in Microsoft Entra ID.
• Admins can manage Exchange Online using Exchange Online PowerShell with the ExchangeOnlineManagement module

SECURITY & PROTECTION

1. Built-in Security — Exchange Online Protection (EOP)

• Automatically applied to all Exchange Online cloud mailboxes — no setup required.
• Anti-spam filtering — messages are scanned and assigned a Spam Confidence Level (SCL 0–9).
• Anti-malware — messages and attachments are scanned for known malware; infected messages are quarantined.
• Connection filtering — blocks messages from known malicious IP addresses.
• Anti-spoofing — detects forged sender addresses in inbound messages.
• Zero-hour Auto Purge (ZAP) — retroactively moves already-delivered spam or malware to Junk or Quarantine.

• Outbound spam filtering — restricts outbound mail to protect tenant IPs from blacklisting.
• Spam filtering cannot be fully disabled, but it can be bypassed with mail flow rules.

2. Microsoft Defender for Office 365 (Advanced Threat Protection)

• Plan 1 — included in Microsoft 365 Business Premium:

• • Safe Attachments — detonates attachments in a virtual sandbox to detect zero-day malware.
  • Safe Links — real-time URL scanning and rewriting to block malicious links.
  • Anti-phishing with impersonation protection.

• Plan 2 — included in Microsoft 365 E5:

• • Threat Explorer and real-time detections.
  • Attack Simulator for phishing simulation campaigns.
  • Automated Investigation and Response (AIR).
  • Advanced threat hunting and SOC tools.

COMPLIANCE & GOVERNANCE

1. Retention & Archiving

• Messaging Records Management (MRM) — controls email lifecycle using retention tags and retention policies.

• • Retention Tag — defines an action (delete or archive) and duration for a folder or message type.
  • Retention Policy — a collection of retention tags applied to a mailbox.
  • Managed Folder Assistant — a background service that processes MRM policies on mailboxes.
• Microsoft 365 Retention Policies (via Microsoft Purview) — tenant-wide or scoped policies for retaining or deleting content.
• Auto-Expanding Archive — automatically provisions additional archive storage beyond 100 GB (Plan 2 / M365 E3/E5).

2. Litigation Hold & eDiscovery

• Litigation Hold — preserves all mailbox content indefinitely; prevents deletion or modification for legal proceedings.
• In-Place Hold — preserves specific content matching a query or date range.
• eDiscovery (Content Search) — searches mailboxes, Teams, SharePoint, and OneDrive for specific content.
• eDiscovery Cases — organize searches, holds, and exports for legal investigations.
• Requires the Discovery Management role group to run eDiscovery searches.
• Export results in PST or EDRM XML format for legal review tools.

3. Data Loss Prevention (DLP)

• DLP policies detect and prevent the sharing of sensitive data (credit card numbers, SSNs, health records, etc.).
• Configured in the Microsoft Purview compliance portal.
• Actions: block, encrypt, notify user, or apply policy tips.
• Supports custom sensitive information types using regex and keyword dictionaries.
• Requires Exchange Online Plan 2 or Microsoft 365 E3/E5.

4. Auditing

• Mailbox Audit Logging — tracks actions by owners, delegates, and admins on mailboxes; enabled by default.
• Admin Audit Logging — records configuration changes made via EAC or PowerShell.
• Unified Audit Log (Microsoft Purview) — combines Exchange, SharePoint, Teams, and Entra ID activity.

Microsoft Exchange Online Cheat Sheet References:

https://learn.microsoft.com/en-us/exchange/exchange-online
https://learn.microsoft.com/en-us/exchange/exchange-admin-center
https://learn.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-service-description
https://learn.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits
https://learn.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
https://learn.microsoft.com/en-us/exchange/security-and-compliance/security-and-compliance