There are various ways of security in office 365, this time I walk you thru the security possibilities for Email. As we start with the basics, we have the option to use an SPF record to protect us from spam on a very basic level. This is so basic and a requirement when you add the domain to Office 365.
As we go deeper into the security of the mail flow we see DKIM and DMARC.
Last two weekends I went to SharePoint Saturday in Paris and Belgium. It is always great to meet other SharePoint and Office 365 consultants, customers and suppliers.
SPS Paris The first weekend I went to Paris where I did not read my emails to carefully, so I was at the wrong venue. I was not the only one. It took some extra time to get to the new location. Arrived there I was just in time for the first session; this was a session about the secure score site from Microsoft.
The first thing that might come to your mind might be that modern authentication is enabled for Office 365. Well that is partly true. It is enabled for SharePoint online, not for Exchange and Skype for Business if your tenant is created before august 1st 2017. While writing this about 95% of the tenants are older then 1 month so modern authentication is not enabled for Exchange and Skype for Business.
Connecting to Exchange Online was only possible with an account that did not have MFA enabled because it only can handle basic authentication. This is an issue because Microsoft advises us to have accounts that can do administrative tasks to have MFA enabled. Now we must choose between an account that has no MFA and a possible security breach and an account that cannot connect to Exchange Online.
To solve this, we had an account that was disabled by default and when we had to do Exchange tasks we enabled it.
Last week I had the privilege to attent Microsoft Ignite in Atlanta. This week was full of news, sessions and a lot of walking. Besides the sessions, this year the expo hall was large, I have spend a lot of time at the expo talking to venders, partners and Microsoft.
I have created a PDF from all my notes. On a few notes I have references to slides, the slides should be come available on https://myignite.
This week I had a customer that has some data in their on-premises Active directory that we needed to use for a custom application in SharePoint Online. This data was placed in the ExtensionAttribute field of the user. With the latest version of Azure AD Connect we have the option to select attributes to sync to Azure Active Directory and that is what the customer did. https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-feature-directory-extensions/
This screenshot has selected division and employeeID, but in the complete list of available attributes there are also the ExtensionAttributes.
Last week I was getting complaints by users in our Office 365 environment that the address book in Exchange was not up to date. The issues was that users where getting email addresses with the .onmicrosoft.com as the default email address. The users with these onmicrosoft.com mail addresses where users that are in our on-premises Exchange environment.
The situation At this customer we have a select group of users in Office 365 and all other users are in an on-premises Exchange environment.