This week I got the question from my client that they wanted an autoresponder on one mailbox. This autoresponder should only send an email when certain criteria where met. After searching on the internet, they could not find a solution in Exchange, so they came to me if I could help them.
My first response was that it should be possible, but the options in Exchange online are limited and responding was not an option.
There are various ways of security in office 365, this time I walk you thru the security possibilities for Email. As we start with the basics, we have the option to use an SPF record to protect us from spam on a very basic level. This is so basic and a requirement when you add the domain to Office 365.
As we go deeper into the security of the mail flow we see DKIM and DMARC. These two are not often used, but useful and easy to set up. So easy that it should be a requirement like SPF in my opinion.
Last two weekends I went to SharePoint Saturday in Paris and Belgium. It is always great to meet other SharePoint and Office 365 consultants, customers and suppliers.
The first weekend I went to Paris where I did not read my emails to carefully, so I was at the wrong venue. I was not the only one. It took some extra time to get to the new location. Arrived there I was just in time for the first session; this was a session about the secure score site from Microsoft. The URL of the Secure Score is http://securescore.office.com. Here you can log in with an administrator account and see what security settings you can do to make your tenant more secure. You need to be a Global Administrator, SharePoint Administrator, Exchange Administrator or Compliance Administrator to access it.
The first thing that might come to your mind might be that modern authentication is enabled for Office 365. Well that is partly true. It is enabled for SharePoint online, not for Exchange and Skype for Business if your tenant is created before august 1st 2017. While writing this about 95% of the tenants are older then 1 month so modern authentication is not enabled for Exchange and Skype for Business.
Connecting to Exchange Online was only possible with an account that did not have MFA enabled because it only can handle basic authentication. This is an issue because Microsoft advises us to have accounts that can do administrative tasks to have MFA enabled. Now we must choose between an account that has no MFA and a possible security breach and an account that cannot connect to Exchange Online.
To solve this, we had an account that was disabled by default and when we had to do Exchange tasks we enabled it. This is a solution but not a great one.
Last week I had the privilege to attent Microsoft Ignite in Atlanta. This week was full of news, sessions and a lot of walking. Besides the sessions, this year the expo hall was large, I have spend a lot of time at the expo talking to venders, partners and Microsoft.
I have created a PDF from all my notes. On a few notes I have references to slides, the slides should be come available on https://myignite.microsoft.com/videos. On this site are also all the videos.
This week I had a customer that has some data in their on-premises Active directory that we needed to use for a custom application in SharePoint Online. This data was placed in the ExtensionAttribute field of the user. With the latest version of Azure AD Connect we have the option to select attributes to sync to Azure Active Directory and that is what the customer did. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-feature-directory-extensions
This screenshot has selected division and employeeID, but in the complete list of available attributes there are also the ExtensionAttributes. When you do not select them here, the extension attributes will be in the synchronization.
Last week I was getting complaints by users in our Office 365 environment that the address book in Exchange was not up to date. The issues was that users where getting email addresses with the ‘domain’.onmicrosoft.com as the default email address. The users with these onmicrosoft.com mail addresses where users that are in our on-premises Exchange environment.
At this customer we have a select group of users in Office 365 and all other users are in an on-premises Exchange environment. A few weeks ago I have updated the AADConnect client to the latest version and everything went well with the update and all users where still in sync with Office 365.