130 likes | 161 Views
Mike Crowley. 17 years IT leadership experience Deployed Office 365 and other Microsoft technologies for millions of users 7-time Microsoft MVP award recipient Principal Consultant, Baseline Technologies. * Congratulations * You are now an Office 365 administrator!.
E N D
Mike Crowley • 17 years IT leadership experience • Deployed Office 365 and other Microsoft technologies for millions of users • 7-time Microsoft MVP award recipient • Principal Consultant, Baseline Technologies
…but let’s not forget about those loose ends: • Exchange • Data such as Public Folders and PST files • AutoDiscover and MX DNS records • SPF, DKIM, DMARC • Inbound firewall rules (client & migration traffic, SMTP...) • SharePoint • Decommissioning on-premises file servers • Set Sites to Read Only
Do you have reliable identity management? • Azure AD Connect • Identifying and resolving synchronization errors • AAD Connect Health • Fault “tolerance” • 10GB SQL Express limit • Hybrid Exchange Server • Still required for ongoing recipient management • Upgrade to Exchange 2016, decommission everything else
Outgrowing Password Hash Sync? • Password Hash Sync • Can be used in addition to other authentication options • Pass-through Authentication • Deploy multiple agents • Federation (e.g. ADFS) • TLS Certificate Lifecycle Management • Use Enhanced Smart Lockout • 3rd party
Find these configurations before your users do! • Group Naming Conventions • Requires AAD P1 • Influences Office 365 Groups and Teams • Restrict creation of new Groups and Teams? • External Sharing • App approval • Microsoft’s new and enabled by default apps • 3rd party apps
Curating Alerts and Reporting • Reports vs Alerts • Report = review stuff that happened over time • Alert = something specific just happened • Alerts don’t always “alert” you, depending on license level • Delegate and/or encourage your whole team to get involved • Some practical tips • Regular team meetings to discuss upcoming changes • Dedicated admin accounts are a good idea, but you need a plan to capture emails that are sent there. • Email forwarding, transport rules, etc. • PowerBI • Graph Reporting API • Learn to interact with Graph from PowerShell
Reporting is everywhere! • Company Profile: Technical Contact • https://admin.microsoft.com/Adminportal/Home?source=applauncher#/companyprofile • AAD Notification Settings (e.g. • https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Notifications • Message Center (e.g. roadmap) • https://portal.office.com/adminportal/home#/MessageCenter • Global Admins get various notifications • Usage Reports • https://admin.microsoft.com/Adminportal/Home?source=applauncher#/reportsUsage • More • AAD Connect Health • AAD Identity protection • Microsoft Cloud App Security • Outbound spam notifications • Protection Reports • Automated incident response (AIR) in Office 365
Develop Runbooks • Runbooks take guesswork out of stressful situations • Office 365 Service Outage • Ransomware response • Account Compromise • Data Leakage • Time sensitive account terminations • The “a VIP sent an email they didn’t mean to” scenario • A more amusing cousin to the “remove that phishing email from everyone’s mailbox” scenario
Self-Service • MFA • Use Conditional Access • Requires: AAD P1+ or M365 Business+ • Consider exempting Hybrid AAD Joined workstations • IT should already be using this. Begin your org-wide MFA deployment, if you haven’t already • If it supports SAML, your other application/appliance can hitch a ride • MFA is free. You’re doing your organization a disservice if you’re not using it. • SSPR • Enable combined registration page • Groups/team creation • A naming convention policy is a good idea • Lockdown creation if necessary, but not forever
Monitor the Office 365 Service Health • SHD: Service Health Dashboard (aka Captain Obvious) • https://status.office365.com • https://portal.office.com/adminportal/home#/servicehealth • Azure Status (because sometimes the SHD is what died!) • https://azure.microsoft.com/en-us/status • Twitter • https://twitter.com/MSFT365Status • Reddit (sigh, yes, I know) • https://www.reddit.com/r/office365/new • https://www.reddit.com/r/sysadmin/hot