I am joined with guest Chris Hamm as we discuss Office 365 Best Practices.
Host: Paul Joyner
Email: paul@sysadmintoday.com
Facebook: https://www.facebook.com/sysadmintoday
Twitter: https://twitter.com/SysadminToday
Show Sponsor
Kaseya: IT Management Software and Monitoring Solutions
Request a demo today at www.kaseya.com/sysadmintoday
Special Guest
Chris Hamm
Premier One
www.premier-one.com
Show Links
Office 365 Best Practice Guide
https://sysadmintoday.com/wp-content/uploads/2019/05/Office-365-Security-Guide.pdf
Overview of data loss prevention
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
DLP (Data Loss Prevention) in Office 365
https://tech.paayi.com/data-loss-prevention
Top 10 ways to secure Office 365 and Microsoft 365 Business plans
https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide
Enable modern authentication for Skype for Business Online
https://www.ronnipedersen.com/2017/07/11/enable-modern-authentication-for-skype-for-business-online/
Enable or disable modern authentication in Exchange Online
https://support.office.com/en-gb/article/enable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662
Alert policies in the security and compliance center
https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies
SharePoint Permissions
https://www.youtube.com/watch?v=S46aFRBsS4U&t=337s
How to protect your data with Information Rights Management in Office 365
https://gcits.com/knowledge-base/how-to-protect-your-data-with-information-rights-management-in-office-365/
Helping users to protect files by using the Azure Rights Management service
https://docs.microsoft.com/en-us/azure/information-protection/help-users
6 thoughts on “Sysadmin Today #61: Office 365 Best Practices”
Fantastic show! Nice to know I’m doing some things right in my Office 365 instance. Like anything, though, revisiting fundamentals can be pretty important, and stuff like disabling IMAP and POP is a lot more relevant now in the current environment and something to implement for nearly all of our mailboxes. (I think there are two where I need them up due to the requirements of some legacy systems.)
Thanks, Eric.
Good show -ITProMentor also just came out with a guide a few days ago at https://www.itpromentor.com/email-security-checklist/
He also has scripts and a pdf to go through – very helpful.
I’m working on getting one to work across delegated tenants too but it takes a fair amount of work.
With all the BEC’s I’ve seen,most of them are now saving the emails to the RSS feeds folder. However, a recent method of attack is to use Flow rules as these are not going to be in a place most people look at and can work just as well to move and forward emails around.
Andy, thanks for the feedback.
Thanks for the episode – you mentioned there was a way to use Powershell to cycle through your CSP tenants to adjust settings. Can you point me in the right direction as to how to do this? thanks
Matt,
See below. My guest Chris Hamm wrote this and should give some insight on how to use scripting to pull information and make changes.
########################################
# Subscription Info Across All Tenants #
########################################
# Setup credentials
Connect-MsolService
# Pull All Tenants Tied to Partner Account
$AllTenants = Get-MsolPartnerContract | ForEach-Object {
$TenantID = $_.TenantId
$TenantName = (Get-MsolPartnerInformation -TenantId $_.TenantId).PartnerCompanyName
New-Object -TypeName PSObject -Property @{
TenantName = $TenantName
TenantID = $TenantId
}
}
# All Tenant Licenses
$AllTenantLicenses = $AllTenants | ForEach-Object {
$TenantName = $_.TenantName
# Pull List of License SKUs
$TenantSKUs = Get-MsolAccountSku -TenantId $_.TenantID
# Pull SKU Information
$TenantSKUs | ForEach-Object {
New-Object -TypeName PSObject -Property @{
TenantName = $TenantName
SkuPartNumber = $_.SkuPartNumber
AccountSkuId = $_.AccountSkuId
ActiveUnits = $_.ActiveUnits
WarningUnits = $_.WarningUnits
ConsumedUnits = $_.ConsumedUnits
}
}
}
# Output to File
$AllTenantLicenses | Select-Object TenantName, SkuPartNumber, AccountSkuId, ActiveUnits, WarningUnits, ConsumedUnits | Export-CSV AllTenantLicenses.csv -NoTypeInformation
# All Tenant Subscriptions
$AllTenantSubscriptions = $AllTenants | ForEach-Object {
$TenantName = $_.TenantName
# Pull List of License SKUs
$TenantSubscriptions = Get-MsolSubscription -TenantId $_.TenantID
# Pull SKU Information
$TenantSubscriptions | ForEach-Object {
New-Object -TypeName PSObject -Property @{
TenantName = $TenantName
Sku = $_.SkuPartNumber
StartDate = $_.DateCreated
RenewalDate = $_.NextLifecycleDate
TotalLicenses = $_.TotalLicenses
Status = $_.Status
IsTrial = $_.IsTrial
}
}
}
# Output to File
$AllTenantSubscriptions | Select-Object TenantName, Sku, IsTrial, TotalLicenses, StartDate, RenewalDate, Status | Export-CSV AllTenantSubscriptions.csv -NoTypeInformation