5 Office 365 admin settings you must get right

Ensure a solid foundation for your Office 365 deployment with these essential setup tips

1 2 3 4 5 6 Page 4
Page 4 of 6
hacker person using laptop Thinkstock

Security settings

Now that all of your email and service settings are stored in the cloud, you must pay very close attention to your security settings. It takes only one lucky phishing attempt or social engineering call to give up the keys to the kingdom.

At a minimum, you should establish and use a separate account from your main mailbox as an administrator account and configure your other administrators in the same fashion. In addition, each administrator account should have an enforced minimum password length and expiration period (Service Settings > Passwords), and use multifactor authentication (Users > Active Users > Set multi-factor authentication requirements > Set up), and only the minimum set of permissions required to do the job through Role Based Access Control (RBAC) settings (Exchange admin center > Permissions > Admin roles).

Office 365 Role Based Access Control

Administrator accounts should be set with the bare minimum number of permissions required to do the job through RBAC.

The security of your mail is equally important. The built-in Exchange Online Protection offers basic forms of protection against spam and malware but doesn't prevent address spoofing. You should spend some time evaluating third-party products to provide a solid email security foundation for your Office 365 environment.

You should also consider creating transport rules to match against common financial and personal data types. You can do this using Data Loss Prevention (DLP) templates that create transport rules you can tweak, or you can create transport rules directly using sensitive information types. To create a transport rule to block the sending of unencrypted credit card numbers and Social Security numbers, open the Exchange admin center and navigate to Mail Flow > Rules. Click on the + sign and choose "Generate an incident report when sensitive information is detected ..." Choose the type of sensitive information you want to detect, select a recipient to notify and the information included in the notification, and (optionally) add an extra action to block the message with or without a Non-Delivery Receipt (NDR).

1 2 3 4 5 6 Page 4
Page 4 of 6