Office 365 Tenant Hacks The Ultimate Guide to
- Slides: 13
Office 365 Tenant Hacks . The Ultimate Guide to Post Migration Setup
Mike Crowley • 17 years IT leadership experience • Deployed Office 365 and other Microsoft technologies for millions of users • 7 -time Microsoft MVP award recipient • Principal Consultant, Baseline Technologies
* Congratulations * You are now an Office 365 administrator!
…but let’s not forget about those loose ends: • Exchange – Data such as Public Folders and PST files – Auto. Discover and MX DNS records – SPF, DKIM, DMARC – Inbound firewall rules (client & migration traffic, SMTP. . . ) • Share. Point – Decommissioning on-premises file servers – Set Sites to Read Only
Do you have reliable identity management? • Azure AD Connect – Identifying and resolving synchronization errors – AAD Connect Health – Fault “tolerance” – 10 GB SQL Express limit • Hybrid Exchange Server – Still required for ongoing recipient management – Upgrade to Exchange 2016, decommission everything else
Outgrowing Password Hash Sync? • Password Hash Sync – Can be used in addition to other authentication options • Pass-through Authentication – Deploy multiple agents • Federation (e. g. ADFS) – TLS Certificate Lifecycle Management – Use Enhanced Smart Lockout • 3 rd party
• Group Naming Conventions – Requires AAD P 1 – Influences Office 365 Groups and Teams Find these configurations before your users do! • Restrict creation of new Groups and Teams? • External Sharing • App approval – Microsoft’s new and enabled by default apps – 3 rd party apps
Curating Alerts and Reporting – Reports vs Alerts • Report = review stuff that happened over time • Alert = something specific just happened – Alerts don’t always “alert” you, depending on license level – Delegate and/or encourage your whole team to get involved – Some practical tips • Regular team meetings to discuss upcoming changes • Dedicated admin accounts are a good idea, but you need a plan to capture emails that are sent there. – Email forwarding, transport rules, etc. • Power. BI • Graph Reporting API – Learn to interact with Graph from Power. Shell
Reporting is everywhere! • Company Profile: Technical Contact – https: //admin. microsoft. com/Adminportal/Home? source=applauncher#/companyprofile • AAD Notification Settings (e. g. – https: //aad. portal. azure. com/#blade/Microsoft_AAD_IAM/Active. Directory. Menu. Blade/Notifications • Message Center (e. g. roadmap) – https: //portal. office. com/adminportal/home#/Message. Center • Global Admins get various notifications • Usage Reports – https: //admin. microsoft. com/Adminportal/Home? source=applauncher#/reports. Usage • More – – – AAD Connect Health AAD Identity protection Microsoft Cloud App Security Outbound spam notifications Protection Reports Automated incident response (AIR) in Office 365
Develop Runbooks • Runbooks take guesswork out of stressful situations – Office 365 Service Outage – Ransomware response – Account Compromise – Data Leakage – Time sensitive account terminations – The “a VIP sent an email they didn’t mean to” scenario • A more amusing cousin to the “remove that phishing email from everyone’s mailbox” scenario
Self-Service – MFA • Use Conditional Access – Requires: AAD P 1+ or M 365 Business+ – Consider exempting Hybrid AAD Joined workstations • IT should already be using this. Begin your org-wide MFA deployment, if you haven’t already • If it supports SAML, your other application/appliance can hitch a ride • MFA is free. You’re doing your organization a disservice if you’re not using it. – SSPR • Enable combined registration page – Groups/team creation • A naming convention policy is a good idea • Lockdown creation if necessary, but not forever
Monitor the Office 365 Service Health • SHD: Service Health Dashboard (aka Captain Obvious) – https: //status. office 365. com – https: //portal. office. com/adminportal/home#/servicehealth • Azure Status (because sometimes the SHD is what died!) – https: //azure. microsoft. com/en-us/status • Twitter – https: //twitter. com/MSFT 365 Status • Reddit (sigh, yes, I know) – https: //www. reddit. com/r/office 365/new – https: //www. reddit. com/r/sysadmin/hot
Over to Ian Gillespie
