Office 365: Get These Five Admin Settings Right

Microsoft Office 365 is pretty easy to install – Microsoft provides assistance through set-up wizards, help videos and live support over the phone. Yet, as with any new software, you might nonetheless experience some challenges. It is important to remember that the default settings are built for the lowest common denominator and while these settings might easily get your average Joe End-User up and running in no time, they might not be right for your business.

To get the most out of Office 365, we suggest you look at five key admin settings, as identified by US eMag InfoWorld.

Mobile device settings

Thanks to modern technology, most people prefer using their own devices as they can work at any time, from anywhere. This includes email access, which turns these devices into portable access points into your mail system and ultimately, if you use line-of-business applications or have a mobile VPN, your entire network.

Mobile device management (MDM) forms part of your subscription. To activate your MDM subscription, click on “Mobile Devices” and accept the licensing agreement and privacy policy.

Once MDM setup is completed, do the following:

  • Click on “Manage device security policies and access rules”.
  • Click on the + (plus) sign to create a new policy and provide it with a name and optional description. There are various options available to you at this point:
    • PIN locking
    • Sign-in failure locks
    • Inactivity locks
    • Device encryption
    • Disallow hacked devices
    • Prevent “rooted” or “jailbroken” devices
    • At the least, configure a six-digit PIN, wipe after 10 tries, force data encryption, and disallow hacked devices.

Security settings

The minimum safeguard against phishing attacks is to establish and use a separate account from your main mailbox as an administrator account. Configure your other administrators in the same fashion and ensure each of these accounts:

  • Has an enforced minimum password length and expiration period (Service Settings > Passwords).
  • Uses multifactor authentication (Users > Active Users > Set multi-factor authentication requirements > Set up).
  • Uses only the minimum set of permissions required to do the job through Role Based Access Control (RBAC) settings (Exchange Admin Centre > Permissions > Admin roles).

You should also tighten the security of your email, as the built-in protection offers only basic forms of protection when it comes to spam and malware; address spoofing isn’t covered. You should spend some time evaluating third-party products to provide solid email security.

Other measures to implement include creating transport rules to match against common financial and personal data types. Use Data Loss Prevention (DLP) templates that create transport rules, you can tweak or create transport rules directly using sensitive information types.

Create a transport rule to block the sending of sensitive numbers such as unencrypted credit card numbers by doing the following:

  • Open the Exchange Admin Centre.
  • Navigate to Mail Flow > Rules.
  • Click on the + (plus) sign.
  • Choose “Generate an incident report when sensitive information is detected”.
  • Choose the type of sensitive information you want to detect.
  • Select a recipient to notify and the information included in the notification; adding an extra action to block the message with or without a Non-Delivery Receipt (NDR) is optional.

Do-it-yourself Business Intelligence with Office 365
You don’t need to be an expert in big data analytics to make data-driven decisions every day. Empower your employees with easy-to-use Business Intelligence with Office 365 to create custom reports, track key performance metrics or visualize your data to generate more insights.

Mail flow

The first time you set up Office 365, you have to configure your domain’s DNS to work with Office 365. Records are provided for the following:

  • Mail routing (MX)
  • Autodiscover (CNAME)
  • Sender Protection Framework (SPF)

If you don’t apply the right settings at this point, it can leading to complete loss of mail flow or lack of client connectivity. Once you have full access to the Exchange Admin Centre, it is important to verify that all your domain names are both listed and confirmed as authoritative or of the appropriate relay type, as necessary, under Mail Flow > Accepted Domains.

Secure mail flow

Companies that deal with people’s confidential information are often required by law to have TLS encryption as an extra layer of protection for their email systems. For this, you will need to create a connector for sending mail and one for receiving mail.

To create the connector for sending mail:

  • Open the Exchange Admin Centre.
  • Navigate to Mail Flow > Connectors.
  • Click on the + (plus) sign.
  • Select “Sending from Office 365 to a partner organisation”.
  • Give the new connector a name; type an optional description.
  • Enter your partner organisation’s domain name(s).
  • Save the connector.

To create the connector for receiving mail:

  • Open the Exchange Admin Centre.
  • Navigate to Mail Flow > Connectors.
  • Click on the + (plus) sign.
  • Select “Sending from your partner organisation to Office 365”.
  • Choose to set this connector either to apply to specific domain names or to IP addresses and enter the information on the next screen.
  • Choose to reject any messages not sent using TLS encryption; verifying the TLS certificate is optional.
  • Note: If you want to scope this domain to a specific IP range, this is where you can do this.
  • Save the connector.

Remember to also ensure that line-of-business applications, multifunction copiers, ticketing systems and other applications and devices will be able to send through your new Office 365 account. There are step-by-step details on the Microsoft website.

Data and disaster recovery

Remember: Office 365 does not back up your email. Microsoft offers native data protection, but this option has limitations and should be considered with care. It’s recommended that you put all your mailboxes on hold, which is only available on the more expensive E3 Office 365 plan. This option also has its limitations and isn’t a backup system in the traditional or modern sense of the word, so make sure you are aware of what you can and cannot do before purchase. Looking at the Office 365 partner ecosystem might provide you with a third option for a third-party backup/recovery solution or a solid online archive solution.

contact-us-man MICROSOFT OFFICE 365 HAS REVOLUTIONISED THE WAY WE USE SOFTWARE IN THE WORKPLACE. IT IS AN ESSENTIAL BUSINESS TOOL, SO MAKE SURE THAT YOU HAVE THE RIGHT SETTINGS TO SUIT YOUR BUSINESS THE BEST. STRATEGIX HAS A TEAM OF EXPERTS STANDING BY TO HELP YOU GET THE BEST OUT OF YOUR OFFICE 365 SOLUTION. CONTACT US TODAY!