blog_listing_hero_img.jpg

Enabling Exchange Online Organization Customization

Customizing and configuring an Exchange organization has been a daily task for Exchange administrators for years. In a local Exchange organization, you can customize mostly anything you like. There is no requirement for enabling the organization for customization. But in Exchange Online, the situation is different.

Microsoft uses consolidated configurations for selected settings to ensure an optimal and efficient Exchange Online service. Additionally, the consolidation configuration saves storage space within the service. Microsoft assumes that these settings do not necessarily require individual tenant configuration. Conversely, this does not mean that you cannot configure these settings, only that you must enable these objects so that they are available for customization. Without enabling organizational customizations, you will receive an error message when you try to configure them:

Error message screenshot

Unfortunately, at this time there is no complete list of configuration objects that require you to enable organizational customizations. Microsoft itself cites a few examples:

- Creating new RBAC role groups and new RBAC role group assignments
- Creating new RBAC role assignment policies or customizing an internal role group assignment policy
- Creating new OWA mailbox policies or customizing the default OWA mailbox policy
- Creating new sharing policies or customizing the standard sharing policy (see above)
- Creating new Exchange Online retention policies or customizing the default retention policy

However, the organization customization requirement affects the activation of uniform audit logging or anti-spam filtering as well. If you plan to configure your Exchange Online configuration you must ensure that organization customization is enabled.

Enabling your Exchange Online tenant's organization customization is simple, but you cannot revert it.

Use the Exchange Online Management Shell v2 to log on to your Exchange Online tenant using an account that is a member of the Global Administrator or Exchange Service Administrator role.

The next step is to run the following command:

Enable-OrganizationCustomization

Powershell Admin Window

When you enable organizational customizations, you can see which objects the cmdlet enables in your Exchange Online organization for customization. We can assume that over time, other standard objects will be affected by this requirement. Rerunning the cmdlet will result in an error message and only tells you that organization customization has already been enabled. It is impossible to use the cmdlet for resetting any of the then customizable settings to a default value.

You can check how to enable organizational customization for your tenant in the organization settings. To do this, run the following command in the Exchange Online Management Shell v2:

Get-OrganizationConfig | FL isDehydrated

Powershell screen shot

Read the IsDehydrated status as follows

True: Your Exchange Online organization is "dehydrated" and uses the consolidated Exchange Online settings for selected configurations.

False: Your Exchange Online organization is no longer "dehydrated" and uses individually configured organization settings

After you enable organization customizations, you have the option to configure your Exchange Online tenant to your liking. However, this is not necessarily a better or even more secure configuration.

The "dehydrated configuration" feature is primarily active for Microsoft 365 Business tenants and ensures a simplified but still secure mode of operation for Exchange Online. Apply changes to Exchange Online configurations only if you know what you're doing. After customization, your Exchange Online tenant no longer benefits from the centrally managed settings.

Links


Exchange Hybrid and Office 365 Monitoring and Reporting

On-premises components, such as AD FS, PTA, and Exchange Hybrid are critical for Office 365 end user experience. In addition, something as trivial as expiring Exchange or AD FS certificates can certainly lead to unexpected outages. By proactively monitoring hybrid components, ENow gives you early warnings where hybrid components are reaching a critical state, or even for an upcoming expiring certificate. Knowing immediately when a problem happens, where the fault lies, and why the issue has occurred, ensures that any outages are detected and solved as quickly as possible.

Access your free 14-day trial of ENow’s Exchange Hybrid and Office 365 Monitoring and Reporting today!