Exchange Online

Latest Articles

Microsoft Launches Group Ownership Governance Policy

The Microsoft 365 Groups Ownership Governance policy is now generally available. Also known as the ownerless group policy, this capability allows organizations to make sure that all groups have owners by detecting ownerless groups and extending invitations to active group members to become owners. It's a useful capability, especially in large tenants with many groups.

May 16, 2022

Protecting Administrator Mailboxes from Phishing and Other Threats

One way to protect administrator mailboxes is not to use them. And if you want administrators to use separate mailboxes for their permissioned and non-permissioned activities, that's what you might do. However, we can be smarter and use transport rules to selectively block email sent to administrator mailboxes to dissuade internal people from sending email and blocking all but the most essential email coming in from external domains.

March 7, 2022

Threat Explorer and Investigations: Useful Microsoft Defender for Office 365 Features

Microsoft Defender for Office 365 (plan 2) contains the Threat Explorer feature. It's a useful way to investigate problematic messages which arrive in a tenant. The automated investigations feature can highlight messages containing malware by assembling evidence about warning signs in the message or its contents, and administrators can then action the recommendations up to and including the removal of messages already delivered to user mailboxes. Automating investigations is a good thing, if you afford Defender for Office 365 Plan 2.

February 21, 2022

Why Using App Secrets in Production is a Bad Idea

As many organizations adapt legacy scripts to use app authentication instead of traditional service account credentials, security can be compromised if certain risks are overlooked. While app secrets can be great for testing code, there’s a reason they have an enforced expiry date - the longer a secret exists in production, the higher the risk it will become compromised. The methods described in this article will help build a good foundation for app authentication while keeping security top of mind when creating or updating automation scripts.

February 16, 2022