Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 Office 365 admin settings you must get right

J. Peter Bruzzese and Dustin Cook | Sept. 15, 2015
Ensure a solid foundation for your Office 365 deployment with these essential setup tips

Office 365 Role Based Access Control
Administrator accounts should be set with the bare minimum number of permissions required to do the job through RBAC. Click on image to enlarge.

The security of your mail is equally important. The built-in Exchange Online Protection offers basic forms of protection against spam and malware but doesn't prevent address spoofing. You should spend some time evaluating third-party products to provide a solid email security foundation for your Office 365 environment.

You should also consider creating transport rules to match against common financial and personal data types. You can do this using Data Loss Prevention (DLP) templates that create transport rules you can tweak, or you can create transport rules directly using sensitive information types. To create a transport rule to block the sending of unencrypted credit card numbers and Social Security numbers, open the Exchange admin center and navigate to Mail Flow > Rules. Click on the + sign and choose "Generate an incident report when sensitive information is detected ..." Choose the type of sensitive information you want to detect, select a recipient to notify and the information included in the notification, and (optionally) add an extra action to block the message with or without a Non-Delivery Receipt (NDR).

Mobile device settings

Most of your users will probably want to use their own mobile devices to access company email. This benefits the user in that they will only need to carry one device, and it benefits the company in that it doesn't have to purchase and manage devices and contracts for its users. Those mobile devices, however, are now portable access points into your mail system or, if you use line-of-business applications or have a mobile VPN, your entire network.

Office 365 Mobile Devices
If your users will be accessing Office 365 or email from their own devices, setting up Office 365 MDM is essential. Click on image to enlarge.

Office 365 now offers mobile device management (MDM) as part of your subscription, and you should take full advantage of this. To activate your MDM subscription, click on Mobile Devices and accept the licensing agreement and privacy policy.

Once you have completed MDM setup, click on "Manage device security policies and access rules." Click on the + sign to create a new policy, providing it with a name and optional description. There are a number of options available to you here. You can enforce PIN locking (or more complex passwords), sign-in failure counts, inactivity locks, device encryption, and preventing "rooted" or "jailbroken" devices from connecting.

You should at least configure a six-digit PIN, wipe after 10 tries, force data encryption, and disallow hacked devices. This should prevent the largest number of basic attacks against your devices without greatly inconveniencing your users.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.