Exchange Online & Splunk – Automating the solution


I have recently been consulting on, what I think is a pretty cool engagement to integrate some Office365 mailbox data into the Splunk reporting platform.
I initially thought about using a .csv export methodology however through trial & error (more error than trial if I’m being honest), and realising that this method still required some manual interaction, I decided to embark on finding a fully automated solution.
The final solution comprises the below components:

  • Splunk HTTP event collector
    • Splunk hostname
    • Token from HTTP event collector config page
  • Azure automation account
    • Azure Run As Account
    • Azure Runbook
    • Exchange Online credentials (registered to Azure automation account

I’m not going to run through the creation of the automation account, or required credentials as these had already been created, however there is a great guide to configuring the solution I have used for this customer at[Keep reading] “Exchange Online & Splunk – Automating the solution”

AAD Connect – Using Directory Extensions to add attributes to Azure AD

I was recently asked to consult on a project that was looking at the integration of Workday with Azure AD for Single Sign On. One of the requirements for the project, is that staff number be used as the NameID value for authentication.
This got me thinking as the staff number wasn’t represented in Azure AD at all at this point, and in order to use it, we will need to get it to Azure AD.… [Keep reading] “AAD Connect – Using Directory Extensions to add attributes to Azure AD”

AAD Connect – Updating OU Sync Configuration Error: stopped-deletion-threshold-exceeded

I was recently working with a customer on cleaning up their Azure AD Connect synchronisation configuration.
Initially, the customer had enabled sync for all OU’s in the Forest (As a lot of companies do),  and had now come to a point in maturity where they could look at optimising the solution.
We identified an OU with approximately 7000 objects which did not need to be synced.
I logged onto the AAD Connect server and launched the configuration utility.… [Keep reading] “AAD Connect – Updating OU Sync Configuration Error: stopped-deletion-threshold-exceeded”

Complex Mail Routing in Exchange Online Staged Migration Scenario

Notes From the Field:

I was recently asked to assist an ongoing project with understanding some complex mail routing and identity scenario’s which had been identified during planning for an upcoming mail migration from an external system into Exchange Online.
New User accounts were created in Active Directory for the external staff who are about to be migrated. If we were to assign the target state, production email attributes now, and create the exchange online mailboxes, we would have a problem nearing migration.… [Keep reading] “Complex Mail Routing in Exchange Online Staged Migration Scenario”

Fixing the Windows 10 Insider 14946 Bitdefender Update Issue

I have been part of the Windows 10 Insider program for some time now, and as usual the time had come around again to install the latest fast ring update 14946.
However, when I went to download the update via the usual windows update channel, I found I could not download the update at all. (Or the bar showed zero progress).
I started to go looking for an explanation and came across the following post on the Microsoft Forum site.… [Keep reading] “Fixing the Windows 10 Insider 14946 Bitdefender Update Issue”

Implementing Microsoft (Office365) Peering for ExpressRoute

Notes from the Field

I have recently been involved with an implementation of Microsoft Peering for Expressroute with a large Australian customer and thought I would share the experience with you.

Firstly, and secondly, make sure that you read the specific guidance from Microsoft regarding prerequisites for Microsoft Peering. (See below)

Configure Microsoft peering for the circuit

Make sure that you have the following information before you proceed.

  • A /30 subnet for the primary link. This must be a valid public IPv4 prefix owned by you and registered in an RIR / IRR.
[Keep reading] “Implementing Microsoft (Office365) Peering for ExpressRoute”

Autodiscover Troubleshooting

Notes from the Field

I have been onsite working on remediating a partially completed Exchange 2007 to Exchange 2010 migration. This environment was then configured for Exchange Online Hybrid using ADFS 2.0 and Dirsync.

After reviewing the Autodiscover configuration, I discovered that something wasn’t right. In addition to this, I had received the following issues list from the customer.


  1. Outlook for Office 365 mailboxes is not able to be configured using Autodiscover. This occurred on both domain and non-domain joined machines.
[Keep reading] “Autodiscover Troubleshooting”

Wave 15 Shared Mailboxes in a Hybrid Configuration

Notes from the Field

I have been working on a customer site for some time now and have recently been migrated to Wave 15 of Exchange Online.

It was brought to my attention during the week, that since the migration, Shared Mailboxes which were created via the Exchange Online EAC could not receive external email. Shared mailboxes which were created in the on-premise environment and then migrated to Exchange Online are working as expected.

Note: The support staff have already created the Shared mailboxes using the Exchange online EAC and these mailboxes already have significant amounts of mail contained within.[Keep reading] “Wave 15 Shared Mailboxes in a Hybrid Configuration”