Archive April 2020

Enhance Security : Enforce Mobile Devices to Use Encryption and Password Policy connecting to Exchange Online (O365)

Features available to improve security with mobile devices by using encryption and a password policy when connecting to Exchange Online (O365). Anyone who has been a Active Directory Admin will by default expect to configure additional security, the same logic should apply for the Office 365 admin / Exchange Online Admin.

How to configure, start in Exchange Admin Center

Browse “Mobile” and edit the “Default”

To apply additional security settings to mobile services by default. I’ve highlighted some more restrictive settings to configure from the default.

  • Require Password
  • Require an Alphanumeric Password
  • Require Encryption
  • Min Password Length
  • Wipe Device on Sign-In Failures
  • Sign In time
  • Password Lifetime and Recycle Count

Office 365 Additional Security, Require MFA to Domain Join Devices in Azure Active Directory

How to enable the feature to prompt for Multi Factor Authentication when joining a device to an Azure Active Directory domain. We would also like to limit the number of devices a user can have to 5.

Start in Azure Active Directory Admin Center

Select Azure Active Directory > Devices

Under Devices click “Device Settings”

Now you can set the max number of devices per user and enforce MFA to join devices

Office 365 – Configure Users To Reset Non-Administrators Passwords

The support desk will require the function to reset users passwords in your environment. Their is a pre-configured role already available in Office 365. Follow these basic steps to assign the “Password Administrator” role to a user.

Open Azure Active Directory Admin Center > Select “Users”> Select a user> Click “Assigned Roles”>”Add Assignment” and Select “Password Administrator” role.

Office 365 How To Configure External Collaboration Settings with Domain Restrictions

In Office 365, how do you configure external collaboration settings but restrict certain domains from collaboration.

This is all configured under Azure Active Directory Admin Center.

A few clicks and your configured

User settings> External Collaboration Settings > Set the level of restrictions and Save. This example is restricting collaboration with *.outlook.com and *.hotmail.com domains

or if security if a higher priority over flexibility, Disable Members and Guests invite and set “Allow invitations only to the specified domains” Example :

How To Configure Office 365 Email Supervision

To allow another user to supervise a users outbound email, you will need to create a new policy under “Supervision”

Start by opening the “Security” center from the Microsoft Admin Center

Click “Supervision” and “Create”

Name your policy and click next

Add the users or groups. You have the option to select teams chats also. Untick if not required and click next

Select Inbound / Outbound / Internal to review

Select the % to review

Add the reviewers (Supervisors)

Review and Click Finish

How To Enable Admins/Users to Import Their Own PST files in Office 365

To enable the admins/users to import their own PST files, the users must be given the “Mailbox Import Export” role.

This it how you configure / assign the users the role.

Login to the Microsoft 365 Admin Center and Open “Exchange” admin center.

Click “Permissions” > “Admin Roles” and “+” Add a new role

Enter details (example info), Add “Mailbox Import Export” role. Click Save

Office 365 Exchange Online Enable Calendar Sharing with External Office 365 Exchange

To setup calendar sharing in Office 365 with another External Office 365 Exchange go to the Exchange Admin Center.

You have the option to add an individual or an organisation. See example below

For further information visit: https://docs.microsoft.com/en-us/exchange/sharing/organization-relationships/create-an-organization-relationship

Office 365 Password Protection – Custom Banned Passwords – Greyed Out

So you have decided to increase security by adding a banned password list but the option in Azure Active Directory admin center is greyed out. Problem is licensing. This feature is only available in Azure AD P1 Licenses as part of the Enterprise Mobility and Security E3.

The problem greyed out Password Protect

The issue, licenses, and no Enterprise Mobility and Security E3.

Solution

Upgrade to Enterprise Mobility and Security E3 License (please confirm further before purchasing)

https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing

https://docs.microsoft.com/en-us/microsoft-365/commerce/licenses/subscriptions-and-licenses?view=o365-worldwide