Reply All Storm Protection in Exchange Online
25 years ago, I was working for Microsoft. And one morning we received a message with the subject...
Since the dawn of email, organizations have struggled with the way that users reply to emails. Confusion (or worse) occurs when emails include groups, CC, BCC, internal, and external recipients. Choosing to use "Reply All" may release confidential information to the wrong people or cause mail storms between senders and recipients – sometimes bringing email servers to their knees.
When is it appropriate to use "Reply" or "Reply All"? In this article, I’ll explain what can be done to control this for both Exchange Server on-premises and Exchange Online, and what you can do to help end-users. Most of these controls actually fall upon the end-users, so training and leading them to do the right thing using MailTips is sometimes the only answer. As my fellow MVP, Ed Crowley, is famous for saying, “There are seldom good technological solutions to behavioral problems.”
There are several technical controls you can do, including changing the reply behavior in Exchange and Exchange Online.
Exchange 2013+ uses Reply All as the default in Outlook on the web for all users. Use Exchange Cmdlet Extension Agents to change this to a simple Reply. This method instructs Exchange Server to run the Set-MailboxMessageConfiguration -IsReplyAllTheDefaultResponse $false cmdlet on the mailbox whenever the Create-Mailbox or Enable-Mailbox cmdlets are run.
First, create a new text file named ScriptingAgentConfig.xml with the following data:
<?xml version="1.0" encoding="utf-8" ?>
<Configuration version="1.0">
<Feature Name="MailboxProvisioning" Cmdlets="New-Mailbox, Enable-Mailbox">
<ApiCall Name="OnComplete">
if($succeeded) {
$Name= $ProvisioningHandler.UserSpecifiedParameters["Name"]
Set-MailboxMessageConfiguration $Name -IsReplyAllTheDefaultResponse $false
}
</ApiCall>
</Feature>
</Configuration>
Since this is an organization-wide setting you will need to copy this file to the %ExchangeInstallPath%\Bin\CmdletExtensionAgents folder on all Exchange servers in the organization.
Finally, enable the scripting agent so it will process the code whenever the New-Mailbox or Enable-Mailbox cmdlets are run:
Enable-CmdletExtensionAgent “Scripting Agent”
Unfortunately, Cmdlet Extension Agents are not available in Exchange Online. The best we can do here is to run a remote PowerShell script to change the behavior of OWA for all EXO users.
First, run the following PowerShell one-liner to create an encoded file containing the admin credential information for Exchange Online:
New-Object System.Management.Automation.PSCredential(Get-Credential) | Export-Clixml "EXOCreds.xml"
Now you can run a PowerShell script to update all mailboxes in Exchange Online. Create a file called ReplyForAll.ps1 in the same folder where you created the EXOCreds.XML file above and run it from there:
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Import-Clixml -Path "EXOCreds.xml") -Authentication "Basic" –AllowRedirection
Import-PSSession $s
Get-Mailbox | Set-MailboxMessageConfiguration -IsReplyAllTheDefaultResponse $false
Remove-PSSession $s
You may wish to configure groups to restrict the users or groups who are allowed to use them. This is especially important for large or important groups, such as “All Employees”. Edit the group in the Exchange Admin Center (EAC) and select the users or groups who can use this group in the Delivery Management section.
When moderation is configured, all incoming messages will be reviewed by moderators before delivery to group members. This is useful for important groups like “Executive Committee”. Moderators can approve or reject incoming messages. Configure this using the EAC in the Message Approval section of the group.
MailTips are informative messages displayed to users while they compose a message in either Outlook 2010+ or OWA. It’s important to note that MailTips do not work with mobile devices or other clients. If a potential issue is detected (like replying to a large group or external users), MailTips will notify users prior to sending the message. With the help of the information provided by MailTips, senders can adjust the message they are composing to avoid undesirable situations or non-delivery reports (NDRs).
There are several best practice recommendations around MailTips:
First, review Configure Organizational Settings for MailTips to understand how you can configure various settings that define how you use MailTips in your organization. Almost all MailTips configuration is done using PowerShell cmdlets. I recommend the following:
Group Metrics generation is a dark art. Exchange 2010 generates Group Metrics every Sunday +/- 2hours of midnight. Exchange 2013+ and Office 365 generate group metrics daily at a random time when the Exchange workload is light. There is no way to force generation. Group metrics are generated by the server hosting the arbitration mailbox with the GMGen attribute set to $true.
If you want to share your MailTips with a remote organization with whom you have an Organizational Relationship configured, run these two cmdlets:
Finally, you should instruct users how and when to use the proper reply techniques. Here are my best practices.
I hope this article helps you and your users make the best use of email communications and keeps those email storms at bay.
Jeff Guillet is the founder and CEO of EXPTA Consulting, and is a Microsoft Certified Solutions Master and Office Servers and Services MVP. He is the author of The EXPTA Blog, as well as a published author, contributing writer, and technical editor for more than a dozen technical books and other publications.
25 years ago, I was working for Microsoft. And one morning we received a message with the subject...
Only a statistician loves statistics and I am no statistician. However, it’s interesting to try to...