Microsoft Office 365 is pretty easy to install – Microsoft provides assistance through set-up wizards, help videos and live support over the phone. Yet, as with any new software, you might nonetheless experience some challenges. It is important to remember that the default settings are built for the lowest common denominator and while these settings might easily get your average Joe End-User up and running in no time, they might not be right for your business.
To get the most out of Office 365, we suggest you look at five key admin settings, as identified by US eMag InfoWorld.
Mobile device settings
Thanks to modern technology, most people prefer using their own devices as they can work at any time, from anywhere. This includes email access, which turns these devices into portable access points into your mail system and ultimately, if you use line-of-business applications or have a mobile VPN, your entire network.
Once MDM setup is completed, do the following:
- Click on “Manage device security policies and access rules”.
- Click on the + (plus) sign to create a new policy and provide it with a name and optional description. There are various options available to you at this point:
- PIN locking
- Sign-in failure locks
- Inactivity locks
- Device encryption
- Disallow hacked devices
- Prevent “rooted” or “jailbroken” devices
- At the least, configure a six-digit PIN, wipe after 10 tries, force data encryption, and disallow hacked devices.
The minimum safeguard against phishing attacks is to establish and use a separate account from your main mailbox as an administrator account. Configure your other administrators in the same fashion and ensure each of these accounts:
- Has an enforced minimum password length and expiration period (Service Settings > Passwords).
- Uses multifactor authentication (Users > Active Users > Set multi-factor authentication requirements > Set up).
- Uses only the minimum set of permissions required to do the job through Role Based Access Control (RBAC) settings (Exchange Admin Centre > Permissions > Admin roles).
You should also tighten the security of your email, as the built-in protection offers only basic forms of protection when it comes to spam and malware; address spoofing isn’t covered. You should spend some time evaluating third-party products to provide solid email security.
Other measures to implement include creating transport rules to match against common financial and personal data types. Use Data Loss Prevention (DLP) templates that create transport rules, you can tweak or create transport rules directly using sensitive information types.
Create a transport rule to block the sending of sensitive numbers such as unencrypted credit card numbers by doing the following:
- Open the Exchange Admin Centre.
- Navigate to Mail Flow > Rules.
- Click on the + (plus) sign.
- Choose “Generate an incident report when sensitive information is detected”.
- Choose the type of sensitive information you want to detect.
- Select a recipient to notify and the information included in the notification; adding an extra action to block the message with or without a Non-Delivery Receipt (NDR) is optional.