The number of guest accounts in Azure AD keeps growing, largely due to usage in Microsoft Teams. In this article, we describe five basic management steps to control where guests come how, how they connect, what they can do and access, and removing inactive guests. It's the kind of thing all Microsoft 365 tenants should do.
33 Comments
Azure Automation runbooks can run Exchange Online PowerShell code on sandbox machines. Is this a good way of getting work done? In this article, we examine how to create an Azure automation account, a RunAs account, and some runbooks for PowerShell code to run against Exchange Online and other Microsoft 365 data.
Exchange Online now supports SMTP Strict Transport Security (MTA-STS), a mechanism to help defend SMTP communications between mail servers. Microsoft 365 tenants can decide if they want to enable MTA-STS for their domain by publishing a DNS record and an MTA-STS policy. You don't have to use MTA-STS, but it's a good idea to consider the option.
Over time, Microsoft 365 tenants tend to accumulate large numbers of guest accounts in Entra ID. And over time, some of those accounts become obsolete and inactive. In this article, we explore how to use PowerShell to analyze the activity of guest accounts to figure out what accounts are inactive and which are candidates for removal. It's something you should do annually.
Trainable classifiers are generated from a set of sample documents through a learning process and can then be used in many Microsoft 365 compliance scenarios like auto-labeling, communications compliance, and DLP. In this article, we review how to create a custom trainable classifier and how to give feedback for the matches generated by the classifier.
Teams is mostly an internal communications platform while email connects billions of people around the world. Inside Microsoft 365 tenants, you might need to connect Teams and email together. In this article, we discuss the out-of-the-box features available to link the two and describe some of the positive and negative points of each. You can certainly bridge the gap between Teams and email, but maybe Microsoft could grease the connection just a little more...
Exchange Online has mailbox retention policies. Microsoft 365 has retention policies and retention labels. In this article, we explore how to move away from Exchange Online retention to use Microsoft 365 retention. The transition makes it possible to use the advanced retention capabilities Microsoft is developing that will never show up in Exchange Online, so it's a good long-term goal to have even if it's not on your immediate work list.
In a December 24 announcement, Microsoft says that the roll-out of DNSSEC and DANE support in Exchange Online will start in mid-January 2022. Because this is a big change for the Exchange Online infrastructure, Microsoft is using a phased deployment which won't complete until mid-May. Support for DNSSEC and DANE has been coming for a long time, but it's good that the extra security which these standards bring will be available to Exchange Online tenants.
Microsoft Sentinel is Microsoft's log aggregator. Along with other data, Sentinel can ingest events from the Office 365 audit log. Once ingested, we can visualize the data through workbooks. If you have an Azure subscription, it's surprisingly easy to take advantage of the 31-day trial to see if Sentinel can do a job for your organization. Follow our steps and you'll be visualizing quickly.
The Microsoft 365 ecosystem is a big place and it's hard to keep on top of everything. But to start 2022 off with a bang, here are five areas for tenant administrators to consider when they plan how they'll spend their time in the new year. As always, feel free to disagree and add comments describing what you plan to do in 2022.
Microsoft launched the preview of Azure AD custom security attributes on December 1. Custom attributes are well known to Exchange administrators. In this article, we look at how to create and add Azure AD custom security attributes, how to transfer data from Exchange to Azure AD, and how to retrieve information from the attributes. Azure AD custom security attributes have some advantages, but they also have some downsides.
A version checking problem for malware engine signature files caused on-premises Exchange servers to fail to process inbound email. The issue appears to be due to a date validation problem caused when the checking routine couldn't deal with 2022 when the new year rolled around. Microsoft fixed the problem, but the issue poses questions about Microsoft's commitment to on-premises Exchange Server.
