Sysadmin Today #61: Office 365 Best Practices


I am joined with guest Chris Hamm as we discuss Office 365 Best Practices.

Host: Paul Joyner
Email: paul@sysadmintoday.com
Facebook: https://www.facebook.com/sysadmintoday
Twitter: https://twitter.com/SysadminToday


Show Sponsor
Kaseya: IT Management Software and Monitoring Solutions

Request a demo today at www.kaseya.com/sysadmintoday


Special Guest
Chris Hamm

Premier One
www.premier-one.com 


Show Links

Office 365 Best Practice Guide
https://sysadmintoday.com/wp-content/uploads/2019/05/Office-365-Security-Guide.pdf

Overview of data loss prevention
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

DLP (Data Loss Prevention) in Office 365
https://tech.paayi.com/data-loss-prevention

Top 10 ways to secure Office 365 and Microsoft 365 Business plans
https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide

Enable modern authentication for Skype for Business Online
https://www.ronnipedersen.com/2017/07/11/enable-modern-authentication-for-skype-for-business-online/

Enable or disable modern authentication in Exchange Online
https://support.office.com/en-gb/article/enable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662

Alert policies in the security and compliance center
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

SharePoint Permissions
https://www.youtube.com/watch?v=S46aFRBsS4U&t=337s

How to protect your data with Information Rights Management in Office 365
https://gcits.com/knowledge-base/how-to-protect-your-data-with-information-rights-management-in-office-365/

Helping users to protect files by using the Azure Rights Management service
https://docs.microsoft.com/en-us/azure/information-protection/help-users

6 thoughts on “Sysadmin Today #61: Office 365 Best Practices

  1. Fantastic show! Nice to know I’m doing some things right in my Office 365 instance. Like anything, though, revisiting fundamentals can be pretty important, and stuff like disabling IMAP and POP is a lot more relevant now in the current environment and something to implement for nearly all of our mailboxes. (I think there are two where I need them up due to the requirements of some legacy systems.)

  2. Good show -ITProMentor also just came out with a guide a few days ago at https://www.itpromentor.com/email-security-checklist/
    He also has scripts and a pdf to go through – very helpful.
    I’m working on getting one to work across delegated tenants too but it takes a fair amount of work.

    With all the BEC’s I’ve seen,most of them are now saving the emails to the RSS feeds folder. However, a recent method of attack is to use Flow rules as these are not going to be in a place most people look at and can work just as well to move and forward emails around.

  3. Thanks for the episode – you mentioned there was a way to use Powershell to cycle through your CSP tenants to adjust settings. Can you point me in the right direction as to how to do this? thanks

    1. Matt,

      See below. My guest Chris Hamm wrote this and should give some insight on how to use scripting to pull information and make changes.

      ########################################
      # Subscription Info Across All Tenants #
      ########################################

      # Setup credentials
      Connect-MsolService

      # Pull All Tenants Tied to Partner Account
      $AllTenants = Get-MsolPartnerContract | ForEach-Object {
      $TenantID = $_.TenantId
      $TenantName = (Get-MsolPartnerInformation -TenantId $_.TenantId).PartnerCompanyName

      New-Object -TypeName PSObject -Property @{
      TenantName = $TenantName
      TenantID = $TenantId
      }
      }

      # All Tenant Licenses
      $AllTenantLicenses = $AllTenants | ForEach-Object {
      $TenantName = $_.TenantName

      # Pull List of License SKUs
      $TenantSKUs = Get-MsolAccountSku -TenantId $_.TenantID

      # Pull SKU Information
      $TenantSKUs | ForEach-Object {
      New-Object -TypeName PSObject -Property @{
      TenantName = $TenantName
      SkuPartNumber = $_.SkuPartNumber
      AccountSkuId = $_.AccountSkuId
      ActiveUnits = $_.ActiveUnits
      WarningUnits = $_.WarningUnits
      ConsumedUnits = $_.ConsumedUnits
      }
      }
      }

      # Output to File
      $AllTenantLicenses | Select-Object TenantName, SkuPartNumber, AccountSkuId, ActiveUnits, WarningUnits, ConsumedUnits | Export-CSV AllTenantLicenses.csv -NoTypeInformation

      # All Tenant Subscriptions
      $AllTenantSubscriptions = $AllTenants | ForEach-Object {
      $TenantName = $_.TenantName

      # Pull List of License SKUs
      $TenantSubscriptions = Get-MsolSubscription -TenantId $_.TenantID

      # Pull SKU Information
      $TenantSubscriptions | ForEach-Object {
      New-Object -TypeName PSObject -Property @{
      TenantName = $TenantName
      Sku = $_.SkuPartNumber
      StartDate = $_.DateCreated
      RenewalDate = $_.NextLifecycleDate
      TotalLicenses = $_.TotalLicenses
      Status = $_.Status
      IsTrial = $_.IsTrial
      }
      }
      }

      # Output to File
      $AllTenantSubscriptions | Select-Object TenantName, Sku, IsTrial, TotalLicenses, StartDate, RenewalDate, Status | Export-CSV AllTenantSubscriptions.csv -NoTypeInformation

Leave a Reply

Your email address will not be published. Required fields are marked *