JFK gave a speech on the space program saying “we do these things, not because they are easy but because they are hard!” And I like that approach. That’s how you learn things. I’m going to throw myself into the madness that is Kubernetes again soon, having made Nomad and Consul do dependably what K8s thus far has failed to do. So, with that mountain climbed, let’s go back to the steeper one!
But these past two days I’ve moved four emails accounts from Microsoft 365 to an unaffiliated hosting provider. I got the customer’s admin password for Microsofts control panel. That didn’t help much because apparently adding some Microsoft App Validator-thing is now part of the onboarding process. I thought that would be that hard part…
I spent two hours trying to figure out how to get an IMAP client to connect to the accounts… Answer: you have to choose OAuth2 as an authentication method which – surprise, surprise – isn’t exactly default. Tools like IMAPsync for instance do not have them(yet). So why not generate an app password? Because you can only do that if you enable multi-factor authentication. But, the OAuth2-implemention that Microsoft uses is virtually MFA already, since the email client needs to connect to Microsofts webpage and do a little extra login-dance.
I got most of the emails over using the Microsoft Outlook email client. It took a long time but at least I didn’t have to supervise it by jumping around between Microsoft 365, Office 365, Exchange, Exchange Online Policy or Azure Directory during the process. I thought, after an hour and a half that Azure Directory was the answer to why IMAP with username and password wouldn’t work. Silly me…
I saw some interesting stuff in there while I was losing my mind one illogical jump from one control panel to another that is now decprecated so please visit this new one but oh-no we haven’t actually implemented all functionality in that one. No, wait… That’s cPanel API documentation I’m thinking of now.
Anyway, interesting stuff. Like some function called litigation hold. What a wonderfully American idea, to have a button to set your email account to “I’m being sued”. Also there are lots of policy things that you can tweak. If I haven’t made this clear yet: I wouldn’t want to use Microsoft 365 for my own applications. And the reason I wouldn’t want to do that isn’t that it’s expensive or unnecessary. I run a three physical server Ceph-cluster with redundant network switches in STP-mode for my own NAS – unnecessary is my middle name. No, I don’t want to use Microsoft 365 because it is too complex.
That’s why I brought up the whole Nomad-Consul-Ceph-Proxmox-STP-cluster-redundancy thing, because I can handle that! But Microsoft 365? It’s like staring into the abyss. You can spend hours just to figure out that the control panel you’ve been fiddling with doesn’t even do anything because a single switch in a completely different control panel is set to “Off”.
Now, if I for some reason had to manage a large corporation’s computer operations: I think I would choose Microsoft 365. I’m not actually sure it would be that secure or dependable. But I would have lots of buttons to easily indicate who should be able to do what. If someone asked “Can people send work-documents to their own personal gmail accounts?” I could pull up the Azure Directory-EOP-Mail Flow-Connector-rule thing that says “Nope, no work documents to outside domains” and everyone would be happy. It wouldn’t surprise me one bit if sending a zip-file containing work documents attached with a changed file-extension so that it didn’t look like a zip-file would circumvent that kind of stuff but no one would ask about that…
Anyway, we’re now going to tell customers who want to move from Microsoft 365 to our hosting that they are free to do so but that there is no practical way of getting their data over to us. Interesting how Microsoft have such great tools for moving data into their systems from IMAP-servers but won’t provide their customers with the same functionality if they should want to move data out. Where I work we have wacky systems that work the same whether customers are moving in or out. Silly.