Kerio Calendar Data Weirdness

 One of those things we always worry about is data integrity.

We've seen weird stuff.

And now it's Kerio's turn to provide us with weird.

Take a look at this raw ICS file from some recent field data:

I'll cut to the chase.  The END date (line 14) of this recurring appointment is later than the UNTIL date in the RRULE (line 15).  So trying to insert this Microsoft Exchange Web Services called us very bad do-bees.   

Not hard to generate odd situations with a variety of clients on a technologically moribund server.

Block Mail to Recipients Outside of your Organization

We recently announced that we've started work on a  Kerio Server Migration to Office 365.  One of our clients gave us test data from a few departed/terminated users to test our code.  It's easy to test in our Exchange on-prem sandbox to ensure no "external" email gets sent to their users -- we unplug the Ethernet connection to the Router. It's a little more complicated in Office 365, but not all that difficult.  Here are the steps:

In the Exchange Admin Center, under Mail Flow, Rules, click the "+" sign to create a new rule.

• Name the rule.  We called it "Block Mail sent to External Email"
• Select the option from Apply this rule pulldown: "The Recipient is Located...."
• Select the option "Outside The Organization" from the subsequent pulldown that the recipient is located 
• Select "Reject the message with the explanation" from the pulldown "Do the Following..."
• Enter a message (optional):  We entered "The message was not sent. The Recipient is located outside the company."
• We chose to Enforce the rule, and finally
• Saved it

  Here is a screen shot:

So now let's say a user tries to send email outside your domain.  They will be informed that is an unsanctioned action with this message:

Kerio Connect Migration to Office 365

So we got a request for a Kerio Connect to Office 365 calendar migration from someone who we discovered was an old pal from the early days of group scheduling.

How could we say no?

So we've got that under development now -- anyone else interested in testing it out please drop us a line.

We've got full-state calendar migrations going, as well as contacts and tasks.  

Notes become tasks (because Microsoft's EWS API does not allow us to create Notes). 

A few of the recurrence patterns do not transfer to Office 365 so we insert them and flag them as problem children.  Biggest example: Last weekday or weekend day of the month is supported on Kerio but not in Office 365.  

Of course we include our UNDO functionality for testing and remediation. 

Sender-recipient pair receiving limits in Microsoft Office 365

 Got this in the mail today from our friends in Redmond, Washington:

We are updating our receiving limits in Exchange to help prevent attacks on your mail flow experience. Earlier this year in (February MC239262) we announced a stricter enforcement of our mailbox receiving limits. Taking your feedback into consideration, we are releasing an additional limit to block single-sender mail storms and deter DoS attacks. Our mailbox receiving limits, as previously stated, apply to the messages received by a Microsoft Office 365 mailbox. If volume exceeds 3,600 messages in a given 60-minute window, the mailbox will no longer accept messages from the Internet, from other tenants, or from on-premises senders. Starting in September 2021, we are adding a limit on sender-recipient pairs (SRP). This feature will apply to the messages received by a Microsoft Office 365 mailbox from each specific sender. If a single sender sends over 33% of the threshold (3,600 per rolling hour) to a specific recipient, the SRP limit will kick in, and the mailbox will no longer accept messages from that sender. The mailbox will continue accepting messages from other senders. Note: If the identified sender is from a Microsoft Office 365 mailbox in the same tenant, messages will be allowed even after the limit is exceeded. If the identified sender is from an on-premises mailbox, a Microsoft Office 365 in a separate tenant, or outside of Microsoft Office 365, messages will be blocked. This change helps prevent a malicious user from blocking mail flow to a Microsoft Office 365 mailbox, as part of our continuing efforts to improve your Exchange Online experience. Key Points: Timing: September 2021 Action: review and assess How this will affect your organization: Rollout of the mailbox receiving limit as detailed in (February MC239262) is ongoing. We are continuing to lower the threshold over the next few months until we reach 3,600. Rollout of the SRP limit will begin in September 2021. This limit is set to 33% of the mailbox receiving limit. Note: Most users are not likely to be impacted by this, as only a small percentage of mailboxes are currently hitting SRP limits. If a mailbox exceeds the SRP limit, messages to that mailbox from the identified sender will be throttled. Affected mailboxes will receive an email informing them of the throttling, while the identified sender will receive a non-delivery report under response code 5.2.121. Emails from that sender will be throttled until the limit resets one hour from when the threshold was exceeded. Administrators will be able to view users that exceed their SRP limit through the “Mailbox exceeding receiving limits” report in the Exchange Admin Center. Please contact affected users to understand why they are receiving so many messages from particular senders. What you need to do to prepare: No direct action is required on your part, though it is recommended that you review the new limits and update training and documentation as appropriate. Review the published receiving limits at Exchange Online limits - Service Descriptions | Microsoft Docs Review our NDR documentation at Email non-delivery reports in Exchange Online for 5.2.121, sender-recipient pair throttling View this message in the Microsoft 365 admin center

This is not going to have an effect on any of our calendar migrations unless you are a multi-domain tenant (we had one of those in the last year) or we've managed to so optimize the batch operations we've exceeded Microsoft's limits AND you have massive current meetings.

Travel Time for Outlook / OWA

OK folks, we have an updated version of our Travel Time add-in for you.

Documentation

• Uses Outlook API (destined for decomissioning in November 2022 but who are we kidding?  It'll go way beyond that!) and Office JavaScript.
• Will work with OWA or Outlook 2016/2019 on Windows 10 and needs an Office 365 account .  Need other platforms, please let us know.
• It’s not (yet) in the Microsoft Store, so you’ll need to side-load the application.  This link tells you how if you do not know.

Privacy and Permissions

We hate spyware. Sumatra’s Travel Time Outlook addin does do not collect ANY of your calendar information, passwords, usernames, etc.   Only you know what you’re using this for.  We will rely on you to let us know what you think.  

This applications runs only on your machine, and only if you are logged into Office 365. You do not need your administrator to modify your company’s server permissions.  BUT, this add-in requires read-write access to your mailbox (otherwise we can’t create new appointments).

You will need to side-load with this address:

 https: // sumatra.com/tt/ SumatraTravelTimeManifest.xml

Migrating to Office 365? Hint: Disable Throttling

Throttling is a wonderful feature to get rid of during a migration.  You have the need -- the need for speed.  Throttling can sometimes be the annoying speed bump or rumble strip that at best slows you down and at worst halts your migration.

Fortunately there's a good guide to how to disable using the user interface on Office 365:  Disable EWS throttling in Office 365 – Exchange Online

We don't re-do work that's already been done -- this is a good, straight-forward guide.

If your interface does not have this option, open "Help" and type in "Increase EWS Throttling Policy."  Should bring up this page and you're good to go.

Contact Migration now Supported Apple Calendar to Office 365

Migrating from Apple iCalendar to Office 365? Use GUIDs.

If you're migrating from Apple's calendar offering, you need to map the user GUIDs to target email address in Office 365 / Microsoft Exchange. 

Your mapping text file should look like:

------------------------------------------------------

DB9F0913-DC4A-41CA-8017-6EF5814F01CD, jimi.hendrix@xxx.onmicrosoft.com

FB5CA163-99B8-4436-A906-CC72000E931D, janis.joplin@xxx.onmicrosoft.com

....

------------------------------------------------------

How do you GET the GUIDs?

Via an LDAP Query is most convenient.

https://krypted.com/mac-os-x/export-data-open-directory-migrating-users-groups/

and

https://github.com/krypted/swift-ldif-csv/blob/master/ldif_to_csv.swift

Go to it!

Travel Time for Outlook / OWA

What can we say?  We're market-driven.

We didn't get much response the first time we did a travel time add-in for Outlook / OWA, but in the last few months our volume on this has improved so we re-wrote the code.

Our thinking is that we'll keep the version we currently have available for free (it's based on version 1.4 of the Outlook JavaScript API) while we work on a more full-featured version for the enterprise..

Want to try it out -- contact us.

 

Sumatra Calendar Insight prototype available online

Calendar-minded folks,

We've been working on something we call Sumatra Calendar Insight -- and we'd like you to try it out.

Where are we going with this?

Frankly, we’re looking for direction.  Over years of migrating legacy calendar servers into Exchange we’ve often done analysis on the data and approached mining it in several different ways (usually for resource availability and effectiveness).  

Microsoft MyAnalytics does a good, simple job of helping you get focus time every week or so, and Microsoft Productivity Score promises to give your admin some insight on your global productivity on some schedule with a single score, but missing in all of this is on-demand access to the kinds of detailed statistics power managers and enterprise watchdogs need.  And of course, everything Microsoft does has ignored resources – maybe not an issue now but the pandemic will not last forever.  

Sumatra Calendar Insight is a proof of concept demo – we can get at this data and deliver it to you on demand.  

So we’re asking: what kinds of data do you want to get at?  And why?

Let us know.

Looking for test sites for a new calendar app for Office 365

 Folks,

Having been locked in our houses / apartments / cells / space ships for a few months we started working on a new application that analyzes calendar data for users on Office 365.

We think that calendar analysis should be more detailed than asking "do you think you have enough time set aside for doing real work?"

We're thinking more like "Wonder how your team is spending their time?” and “Too much video and not enough work?” and "We've got a Zoom contract, what're these Teams video meetings doing here?"

Of course we can also do this server-side in Exchange and look at group aggregate statistics,which we think is a lot more interesting in a corporate environment.

A few screenshots follow.

Anybody want to try it out in a beta version please let us know -- we like listening to people.

Work from Home’s Impact on Calendaring/Email and IT’s budget

A consulting company with 100 employees was running a legacy version of Exchange using a VPN to their work from home users.  Their VPN expense average cost was $200/mo/user.  They tested the “free” Microsoft migration tools.  Moving email would take a month.  They considered migrating PSTs in bulk, but the bulk upload turn-around was ten days.  Losing ten days was unacceptable. HYBRID deployment?  Too complicated and arduous for them to even get through the manual.

Free was not an acceptable solution.

What did Sumatra do? 

• We completed the cut-over from Exchange 2010 to Office 365 during a twelve-hour outage window.  
• For email, we used imapsync to migrate about 500GB of email. Two weeks before cut-over, we synchronized email between the legacy and Office 365 and then managed a continuous sync to keep their email up-to-date. This reduced server loads, and ensured all email migrated during the cut-over window.   
• For Calendars, tasks, contacts, we used a Sumatra’s eCalReader to migrate calendars, contacts, and tasks.  All was accomplished during the Friday-night cut-over.

The bottom line:  Sumatra migrated 100 users in eight hours -- with little involvement from IT.  The customer said Sumatra saved them $100,000/year in expense.

The uncertainty around Covid changed the Sumatra’s customers support their end users. It was a nightmare when IT reconfigured everything so end users could work from home (WFH).  For non Office365 customers, costs included VPN connections at $50-$200/month/user.  Their CFOs realized a Microsoft Office365 license ($12.50-$20.00/month) would save thousands!

There are five themes that run through the inquiries we’ve received and what we've l;earned from our customers in the last few months. 

1. Cost: The VPN expense is killing IT budgets.  CFOs want to migrate to Office 365 ASAP.
2. WFH Timeframe: Customers expect employees will WFH for the next six to 12 months.  
3. Legacy servers and VPN are an expensive way to support WFH.  They both have to go.
4. Microsoft Office 365’s “Free” migration tools take weeks to complete.  They leave current email/calendar data behind!  
5. Third party solutions are expensive and don’t move calendars!!

What are customers asking for? Everyone who calls us for help wants:

• Migration done over a weekend not a month;
• Migrate ALL CURRENT DATA.  And not just email.  Calendars, contacts, and tasks from legacy(*) on-premises Exchange 2Kxx calendaring and collaboration solutions to Office 365.   
• The migration cut-over outage limited to overnight or at most during a weekend.:

* Legacy products are pretty much anything except Microsoft Office 365 at this point.  Google calendar is a dark horse, but our experience is anyone who's already gone for Google doesn't want to actually pay to move out.

The other thing we've learned is that imapsync is excellent at the sort of last minute touch-up work that invariably needs to get done: synchronizing a few folders or mailboxes.

 

DAVical to Office 365 calendar migration in beta stage

You guys might remember our earlier posting on DAVical migration to Exchange / Office 365.

Well, we went ahead and started it based on a request from Europe.  

If there's anyone else out there who's looking for this please drop us a line.

Corporate Meeting Resources in Office 365 in the Age of Social Distancing

So in the soda straw view of the world we see in calendaring, it was only a while before COVID-19 reared its protein-based heads in our direction.  (and yours, we assume!)

Specifically: how can we make sure we promulgate COVID-19 safety rules to personnel if we (when we) are allowed to authorize them to return to work in our physical locations?

Simplest way we came up with that does not involve any coding or need to involve your Office 365 Administrator is to create a Rule for your Resources, as shown in this screen capture.

The meeting organizer (and ONLY the meeting organizer) will then get an email directly from the resource in your standardized corporate language reminding them to observe safe meeting practices, as the following details show: 

This is the detail from Conference Room 222:

Easy-peasy.  And as you see it works whether you have your conference rooms as auto-accept or managed.

Do you have a zillion rooms?  This is script-able through Exchange Shell.  If you create a solution, please post it here and share it to benefit others!  

How much time is your group / department / division / enterprise spending in Zoom working at home?

After reading How My Boss Monitors Me While I Work From Home in the New York Times I sort of shuddered at the degree of surveillance you can put on someone's machine.

Putting on my calendar geek hat I could see how you could extract this kind of "how I spend my time" information from on Office 365 / Microsoft Exchange server without having to load possibly vulnerable code on a laptop or desktop.

Drop us a line if there's interest in this.

SOGo calendar and contact migration into Office 365

We have migration from SOGo calendar and contacts to Office 365 working in  our lab.

As usual, drop us a line if you're interested.

MIT Media Lab investigation uses calendar info

I read MIT Will Investigate Media Lab's Ties to Jeffrey Epstein Following Director's Resignation as just another "yeah, people will do just about anything for money" article until I came to this part:

On Ito’s calendar, which typically listed the full names of participants in meetings, Epstein was identified only by his initials. Epstein’s direct contributions to the lab were recorded as anonymous.

(underlining mine)

THIS is really interesting!

If you want to know how to do stuff like this forensically (or even proactively) in Exchange or Office 365 let us know -- our wheels are already turning on this and a few other things.  

Google Calendar Outages

Because this is a calendaring blog and we should be keeping track of stuff like this:

Google Calendar Dies One Hour After Google Tweets About How Great It Is [Update]

The most interesting thing in this article was the  link to the G Suite status dashboard which, frankly, I have difficulty finding off the main G Suite "Give us your money NOW" site.

Office 365 and Your Work-Life Calendar Dichotomy

One of our spouses took a job that requires a lot of travel.  This exacerbated the already delicate? Tenuous? Intricate? Complicated? Spouse work-life schedule negotiation. Ironically, this is the same poorly-addressed issue that we’ve seen in enterprise calendaring since the 1990s.

Our real-world scenario: We use Exchange / Office 365 at work and need to coordinate home life / spouse / children / significant others in on various events.  You know what we’re talking about: airport drop-off/pick-ups, dentist appointments, visits, children performances, mother-in-law prescriptions, that kind of thing.

To date, we’ve found two options:

• Sharing calendars.  This can be an entire calendar, or a partial calendar.
• Forwarding / copying individual events or create a meeting and invite the spouse

Each option has pros and cons.   But none feel exactly right for the majority of situations we’ve encountered without a lot of pain on someone’s side.  

It’s too darned complicated and doesn’t work well in real life.

Roh-Roh George

The two options are, at best, half-baked partial solutions.  This is our efforts to work through our thinking, in the troll-defying pages of our calendar nerd blog, in hopes of soliciting your feedback, comment, diatribes, or even constructive ideas.  We have our own ideas as you’ll see near the conclusion.  We’re going to walk through the various ways we’ve tried to synchronize with the spouse:

• Shared Calendars (Shared vs exports)
• Meetings
• Create a separate “Google Calendar” and share it
• Forward/Copy

For example: We have a corporate person (let’s call her Judy) and her work-at-home husband (let’s call him Zyg) trying to navigate the work-life problem.

Share your entire calendar
Sharing / publishing one calendar is well-documented and akin to making someone a delegate. 

Although sharing/publishing one’s calendar is well documented, it depends upon if you are connected to Office 365 (or not).  Here are the choices: If you are an Office 365 user, right-click on the calendar and select share: 

If you the at-home outlook user, pick share from the “Home” tab in Outlook calendar:

But in a corporate environment sharing your calendar with someone Judy of the organization is never going to fly.  Security concerns alone keep knowledge workers like Judy from putting their work calendar on-line.  (We agree!) 

Zyg may be able to put his life online, and Judy can (usually? Sometimes?) subscribe to it.  But the downside is that she views that calendar as a separate entity.  She may need to copy events to her calendar.  Well and good, except then these events are copies which are NOT updated if Zyg makes changes.  

Still it’s better than nothing.

Where this works well is for public events that are informational with schedules published well in advance (rather than mission-critical or last-minute), e.g.:  sports schedules, concert tour dates, corporate training.  Note also that these events WANT to be widely-known as opposed to the security attached to corporate or private calendars.

When Zyg got an email announcing a videogame stream, he had the option of putting it into his calendar.  Rather than a single event, Gearbox Software subscribed him to an entire calendar.  

Marketing over-kill if ever there was, but it solved one of the key problems of this in the Outlook interface: the multi-step process of clicking on a link for an ICS and then having to save and import the ICS.

Share a part of your calendar

There is another option to publishing your entire calendar, sending a partial calendar.  Outlook makes this easy, visually pleasing, and security-conscious.  Who’d have thunk it?

Zyg gets something that looks like this from Judy as he tries to work out what’s available for date-night options or in-law visits.

  

But again, this is a one-off as opposed to a real-time shared “calendar” solution.  It also doesn’t say if she’s in town, or in Charlotte, Chattanooga, Charleston, or Columbus

Make it a meeting

Yes, if Judy needs coverage during a dental procedure, she can simply propose a meeting to Zyg.  It shows up in his calendar (regardless of the client or back-end he’s viewing it on) and it’s updated when Judy updates it.  But is this can be informational.  So why does it show up as Busy, blocking Zyg's availability? Or does Judy really need Zyg to pick her up from the dentist?  Still, a viable solution as long as it’s between small numbers of people for a specific purpose. (And Zyg can always change that meeting on his calendar to free…..)

  

But sometimes Judy’s workday extends into the evening.  It would be nice to let Zyg know she’s going to be late so the kids don’t die of hunger or dinner burned beyond recognition. For example, the quarterly shareholders call runs from 4 PM to 7 PM. Judy wants Zyg to know.  She cannot add him to the Attendee List.  Let’s face it, that’s weird and nobody on either end wants that.

Separate “Google Calendar” and shared Between Zyg and Judy

Yes, Judy can copy her key items to a Google calendar, and share it with Zyg.  But keeping that current is never going to happen, particularly if Judy doesn’t manage her schedule. Although it’s conceptually a good idea, it falls apart in reality.

Copying an event

Judy has three choices:

1. She could forward Zyg a copy of the meeting (but again, he gets a guest list, which is weird and dangerous).
2. She could create a new event to let Zyg know / email it.  Which is never going to happen unless her admin does it and that’s now straining the system. 
3. She could text Zyg at 7:30 from the parking garage saying she’s going to be late for dinner. (This, of course, is the one typically does.)

Getting creative with Resource Designations

One of our teammates suggested Judy get really clever and add Zyg to the meeting as a resource.  This effectively bcc:'s Zyg to the calendar event .  This works only if: Judy is the organizer, and Judy’s Admin remembers to do it.   This had several benefits:

• Zyg did NOT show up on the meeting list of attendees (!)
• Zyg DID get updates to the meeting status

However,

• Zyg really doesn’t need (or want!) to see the details
• This breaks if there is no location (and Zyg shows up in the location!)  This could be an abuse of the system and would get Judy in trouble with corporate Security.

Then of course we discovered this is mentioned in a Microsoft article.

Consider this last situation

When you think about it this last situation solves a lot of the work-life calendar cross-over issue from the security-conscious enterprise and the starving spouse perspectives.  Judy gets to clue Zyg in where and when they need it, but it does not mess up the enterprise.

And, as though by magic, this situation was solved starting in the 1990s by some legacy calendar systems.  Dare we say it?  We dare.  Meeting Maker was one of them.

The solution is simple:  

bcc: and cc: for calendar items.

These have the advantage of allowing a corporate user to keep family members in the loops they need to be in, just as it does corporate users internally, without disrupting corporate security or adding new layers of security.

Note that these features are also incredibly useful internally.

What do you think?

As we said before, we're looking for feedback and comments.  

We'll tell you what we're thinking of doing to solve this in our next post.

Zimbra to Office 365 Calendar Migrator trial download

We went ahead and made the trial for our $499/server 30-day activation Zimbra to Office 365 calendar and contacts migration software available on line and via online download syndication.

You can download the trial software here.

You can see the PAD file here.

And on this very blog there are a variety of other posts about the product as well as the current state of Microsoft Graph (spoiler alert: functional but incomplete) upon which we built this.